Edit tour

Windows Analysis Report
https://pcapp.store/pixel.gif

Overview

General Information

Sample URL:	https://pcapp.store/pixel.gif
Analysis ID:	1546627
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for dropped file

Blob-based file download detected

Creates multiple autostart registry keys

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Drops PE files

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

OS version to string mapping found (often used in BOTs)

PE file contains an invalid checksum

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries keyboard layouts

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: CurrentVersion Autorun Keys Modification

Stores files to the Windows start menu directory

Tries to disable installed Antivirus / HIPS / PFW

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 2848 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7000 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2008,i,7092667227049171613,2672400075963886792,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7568 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3228 --field-trial-handle=2008,i,7092667227049171613,2672400075963886792,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7580 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4020 --field-trial-handle=2008,i,7092667227049171613,2672400075963886792,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7964 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4208 --field-trial-handle=2008,i,7092667227049171613,2672400075963886792,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

Setup.exe (PID: 4204 cmdline: "C:\Users\user\Downloads\Setup.exe" MD5: CE1DA93BC7DF56983CE05CBC5E83C4B1)

chrome.exe (PID: 1436 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" https://pcapp.store/installing.php?guid=0CC82742-52E4-CC1D-A08F-D3A4823E8F04&winver=19045&version=fa.1092c&nocache=20241101044703.142&_fcid=1730450804060690 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

nsrDE1D.tmp (PID: 4060 cmdline: "C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp" /internal 1730450804060690 /force MD5: 84EE733F8014D22DAD2DFEF725489980)

PcAppStore.exe (PID: 5960 cmdline: "C:\Users\user\PCAppStore\PcAppStore.exe" /init default MD5: 4B88D8ADA8D22622C30D581FC38EAA52)

explorer.exe (PID: 4380 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

PcAppStore.exe (PID: 7984 cmdline: "C:\Users\user\PCAppStore\PcAppStore.exe" /init default showM MD5: 4B88D8ADA8D22622C30D581FC38EAA52)

PcAppStore.exe (PID: 3788 cmdline: "C:\Users\user\PCAppStore\PcAppStore.exe" /init default showM MD5: 4B88D8ADA8D22622C30D581FC38EAA52)

NW_store.exe (PID: 7584 cmdline: .\nwjs\NW_store.exe .\ui\. MD5: E472E46BDFD736351D4B086B4C4CA134)

NW_store.exe (PID: 8000 cmdline: C:\Users\user\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x240,0x244,0x248,0x23c,0x24c,0x7fff32eda960,0x7fff32eda970,0x7fff32eda980 MD5: E472E46BDFD736351D4B086B4C4CA134)

NW_store.exe (PID: 4048 cmdline: C:\Users\user\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\pc_app_store\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x1b4,0x1b8,0x1bc,0x194,0x1c0,0x7ff76bd58a60,0x7ff76bd58a70,0x7ff76bd58a80 MD5: E472E46BDFD736351D4B086B4C4CA134)

NW_store.exe (PID: 4736 cmdline: "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2036 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:2 MD5: E472E46BDFD736351D4B086B4C4CA134)

NW_store.exe (PID: 8064 cmdline: "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=2268 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:3 MD5: E472E46BDFD736351D4B086B4C4CA134)

NW_store.exe (PID: 7380 cmdline: "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=2504 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:8 MD5: E472E46BDFD736351D4B086B4C4CA134)

NW_store.exe (PID: 7320 cmdline: "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --no-appcompat-clear --no-sandbox --file-url-path-alias="/gen=C:\Users\user\PCAppStore\nwjs\gen" --no-zygote --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1730444082539097 --launch-time-ticks=6808286653 --mojo-platform-channel-handle=2604 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:2 MD5: E472E46BDFD736351D4B086B4C4CA134)

NW_store.exe (PID: 1608 cmdline: "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=3980 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:8 MD5: E472E46BDFD736351D4B086B4C4CA134)

Watchdog.exe (PID: 716 cmdline: "C:\Users\user\PCAppStore\Watchdog.exe" /guid=0CC82742-52E4-CC1D-A08F-D3A4823E8F04 /rid=20241101044756.2806793562 /ver=fa.1092c MD5: 11F3801CB9FF046D6075F681971C4EB8)

chrome.exe (PID: 6640 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pcapp.store/pixel.gif" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Sigma Signatures

System Summary

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\PCAppStore\PCAppStore.exe" /init default, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp, ProcessId: 4060, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCAppStore

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	ReversingLabs: Detection: 37%
Source: C:\Users\user\PCAppStore\Uninstaller.exe	ReversingLabs: Detection: 29%

Source: https://pcapp.store/pixel.gif	HTTP Parser: No favicon
Source: https://pcapp.store/	HTTP Parser: No favicon
Source: https://pcapp.store/	HTTP Parser: No favicon
Source: https://pcapp.store/	HTTP Parser: No favicon
Source: https://pcapp.store/	HTTP Parser: No favicon
Source: https://pcapp.store/	HTTP Parser: No favicon
Source: https://pcapp.store/	HTTP Parser: No favicon
Source: https://pcapp.store/	HTTP Parser: No favicon
Source: https://pcapp.store/	HTTP Parser: No favicon
Source: https://pcapp.store/	HTTP Parser: No favicon
Source: https://pcapp.store/	HTTP Parser: No favicon
Source: https://pcapp.store/	HTTP Parser: No favicon
Source: https://pcapp.store/	HTTP Parser: No favicon
Source: https://pcapp.store/?p=lpd_installing_r2&guid=0CC82742-52E4-CC1D-A08F-D3A4823E8F04&_fcid=1730450804060690&_winver=19045&version=fa.1092c	HTTP Parser: No favicon
Source: https://pcapp.store/?p=lpd_installing_r2&guid=0CC82742-52E4-CC1D-A08F-D3A4823E8F04&_fcid=1730450804060690&_winver=19045&version=fa.1092c	HTTP Parser: No favicon
Source: https://pcapp.store/?p=lpd_installing_r2&guid=0CC82742-52E4-CC1D-A08F-D3A4823E8F04&_fcid=1730450804060690&_winver=19045&version=fa.1092c	HTTP Parser: No favicon

Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCAppStore

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	File created: C:\Users\user\PCAppStore\ui\static\js\2.801b9d83.chunk.js.LICENSE.txt			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	File created: C:\Users\user\PCAppStore\ReadMe.txt			Jump to behavior

Source:	Binary string: cryptbase.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: crypt32.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dnsapi.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ProviderInfottp.pdb source: NW_store.exe, 0000001B.00000003.2197859895.000001FD1ADC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: core.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdb source: NW_store.exe, 0000001B.00000003.2192648110.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189516417.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190215188.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192492342.000001FD1AAE2000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolForegroundWorkerspool.pdb. source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: (bcryptprimitives.pdbJ- source: NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System32\SHELL32.dllimitives.pdb source: NW_store.exe, 0000001B.00000003.2218391443.000001FD1AAEE000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: n.pdb) source: NW_store.exe, 0000001B.00000003.2197859895.000001FD1ADC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winspool.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: secur32.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcrt.pdb source: NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190412847.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189953314.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192648110.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192492342.000001FD1AAE2000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolForegroundWorkerrenv.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\nw85_win64\node-webkit\src\outst\nw\nw_elf.dll.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dows.UI.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rClient.pdb source: NW_store.exe, 0000001B.00000003.2218391443.000001FD1AAEE000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: twinapi.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shcore.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: advapi32.pdb source: NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190412847.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189953314.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192648110.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192492342.000001FD1AAE2000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: upapi.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System32\bcrypt.dllomponents.pdbj, source: NW_store.exe, 0000001B.00000003.2218391443.000001FD1AAEE000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: &Windows.Storage.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcrt.pdbP source: NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190412847.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189953314.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192648110.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gpapi.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolBackgroundWorkerupapi.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System32\cfgmgr32.dllging.pdb source: NW_store.exe, 0000001B.00000003.2218391443.000001FD1AAEE000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msctf.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wkscli.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dhcpcsvc.pdb7 source: NW_store.exe, 0000001B.00000003.2197859895.000001FD1ADC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ws2_32.pdb source: NW_store.exe, 0000001B.00000003.2192648110.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189516417.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190215188.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winspool.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2212242751.000001FD1AAE6000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: w.nitialexe\nw.exe.pdb@ source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\nw85_win64\node-webkit\src\outst\nw\ffmpeg.dll.pdbdllH source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WLDP.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nsi.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D22000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sspicli.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ole32.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: "CoreMessaging.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D22000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winmm.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gpapi.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: powrprof.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rt4.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ole32.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\nw85_win64\node-webkit\src\outst\nw\initialexe\nw.exe.pdbnents.dll source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: &twinapi.appcore.pdbI source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shlwapi.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Windows.UI.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D22000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Build\Build_1092c_D20241025T171023\fa_rss\Watchdog\x64\Release\Watchdog.pdb source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000016.00000000.2062781959.00007FF7AD95A000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: msasn1.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System32\SETUPAPI.dllging.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\nw85_win64\node-webkit\src\outst\nw\nw_elf.dll.pdbjs\NW_store.exe source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cfgmgr32.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: combase.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2212242751.000001FD1AAE6000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: lient.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gdi32full.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dpapi.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: w.w_elf.dll.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: omponents.pdb source: NW_store.exe, 0000001B.00000003.2218391443.000001FD1AAEE000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: usermgrcli.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: kernelbase.pdb source: NW_store.exe, 0000001A.00000003.2199227440.000001BAEB5C1000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2205116638.000001BAEB5E0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203377060.000001FD1ADDD000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192648110.000001FD18D63000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\SYSTEM32\netutils.dlltorage.pdb source: NW_store.exe, 0000001B.00000003.2218391443.000001FD1AAEE000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: UMPDC.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wtsapi32.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolForegroundWorkerr32.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dhcpcsvc.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2197859895.000001FD1ADC5000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: netutils.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wkscli.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dpapi.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: &twinapi.appcore.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D22000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: combase.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\nw85_win64\node-webkit\src\outst\nw\nw.dll.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: iphlpapi.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winsta.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shell32.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winhttp.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sspicli.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: kernelbase.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192648110.000001FD18D63000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp_win.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: XmlLite.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System32\PROPSYS.dllllamework.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2212242751.000001FD1AAE6000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: fmpeg.dll.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gdi32.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rpcrt4.pdbP source: NW_store.exe, 0000001B.00000003.2192648110.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189516417.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190215188.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\nw85_win64\node-webkit\src\outst\nw\initialexe\nw.exe.pdb source: NW_store.exe, 0000001A.00000000.2149139566.00007FF76BD10000.00000002.00000001.01000000.0000001A.sdmp, NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolForegroundWorkermgr32.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bcrypt.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sechost.pdb source: NW_store.exe, 0000001B.00000003.2193211390.000001FD1AAE6000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190412847.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2212242751.000001FD1AAE6000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189953314.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192648110.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192492342.000001FD1AAE2000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: agementAPI.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Windows.UI.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\zak\Downloads\Inetc\Unicode\Plugins\inetc.pdb source: Setup.exe, 0000000E.00000002.1769492942.000000000040A000.00000004.00000001.01000000.00000006.sdmp, inetc.dll.16.dr
Source:	Binary string: propsys.pdb source: NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: $Kernel.Appcore.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Build\Build_1092c_D20241025T171023\fa_rss\AppStoreUpdater\Release\auto_updater.pdb source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002F62000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dhcpcsvc.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msctf.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolForegroundWorkerapps.pdbdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: (bcryptprimitives.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscms.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: renv.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: user32.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: w.dll.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\nw85_win64\node-webkit\src\outst\nw\nw.dll.pdbnwjs\NW_store.exe source: NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winmm.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msasn1.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: devobj.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: UMPDC.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WindowManagementAPI.pdbnlaapi.pdbdbp source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nw.exe.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: win32u.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: RmClient.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: UxTheme.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: 000000000006er32.pdbE source: NW_store.exe, 0000001B.00000003.2197859895.000001FD1ADC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: base.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: &Windows.Storage.pdbE source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winsta.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolForegroundWorkerdows.UI.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bcrypt.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: spool.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: InputHost.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: utHost.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: pcsvc6.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: pterClient.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\SYSTEM32\WTSAPI32.dllagementAPI.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wintrust.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192648110.000001FD18D63000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nitialexe\nw.exe.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\nw85_win64\node-webkit\src\outst\nw\ffmpeg.dll.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000022.00000002.2366756696.00007FFF0C64C000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: ntmarta.pdb source: NW_store.exe, 0000001B.00000003.2192648110.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189516417.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190215188.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192492342.000001FD1AAE2000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: CLBCatQ.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D22000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ,ColorAdapterClient.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Build\Build_1092c_D20241025T171023\fa_rss\AppStoreUpdater\Release\auto_updater.pdb1 source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002F62000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: CLBCatQ.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shlwapi.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntmarta.pdbP source: NW_store.exe, 0000001B.00000003.2192648110.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189516417.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190215188.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: kernel32.pdb source: NW_store.exe, 0000001A.00000003.2199227440.000001BAEB5C1000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2205116638.000001BAEB5E0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203377060.000001FD1ADDD000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192648110.000001FD18D63000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ionsSee.pdb source: NW_store.exe, 0000001B.00000003.2197859895.000001FD1ADC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gdi32.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolForegroundWorkerutHost.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WinTypes.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: imm32.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: InputHost.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D22000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: UxTheme.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp_win.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: "CoreMessaging.pdbw. source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wpnapps.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: iphlpapi.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: n.pdb source: NW_store.exe, 0000001B.00000003.2197859895.000001FD1ADC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: propsys.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscms.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: version.pdbP source: NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190412847.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\nw85_win64\node-webkit\src\outst\nw\nw.dll.pdbV source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shell32.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: kernel32.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192648110.000001FD18D63000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wpnapps.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: $Kernel.Appcore.pdb. source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: MMDevAPI.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System32\ADVAPI32.dllelf.dll.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: XmlLite.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolForegroundWorkerrt4.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: imm32.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: DWrite.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: advapi32.pdbP source: NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190412847.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189953314.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192648110.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System32\Windows.UI.dllcore.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: profapi.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolForegroundWorkerpcsvc6.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: comctl32.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\SYSTEM32\usermgrcli.dllrClient.pdb source: NW_store.exe, 0000001B.00000003.2218391443.000001FD1AAEE000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: userenv.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ,TextInputFramework.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D22000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdbP source: NW_store.exe, 0000001B.00000003.2192648110.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189516417.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190215188.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ttp.pdb source: NW_store.exe, 0000001B.00000003.2197859895.000001FD1ADC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: secur32.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\nw85_win64\node-webkit\src\outst\nw\ffmpeg.dll.pdb( source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: 000000000004ionsSee.pdb source: NW_store.exe, 0000001B.00000003.2197859895.000001FD1ADC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: netutils.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WinTypes.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D22000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ,ColorAdapterClient.pdb] source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rpcrt4.pdb source: NW_store.exe, 0000001B.00000003.2192648110.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193211390.000001FD1AAE6000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189516417.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2212242751.000001FD1AAE6000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190215188.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192492342.000001FD1AAE2000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WindowManagementAPI.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218391443.000001FD1AAEE000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2191134084.000001FD1AAEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sechost.pdbP source: NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190412847.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189953314.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192648110.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: powrprof.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: user32.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dhcpcsvc6.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Build\Build_1092c_D20241025T171023\fa_rss\engine\Release\PCAppStore.pdb source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062217764.00007FF7D13EB000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: ThreadPoolForegroundWorkerlient.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shcore.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: torage.pdb source: NW_store.exe, 0000001B.00000003.2218391443.000001FD1AAEE000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ost.pdb source: NW_store.exe, 0000001B.00000003.2197859895.000001FD1ADC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nsi.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: MMDevAPI.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolBackgroundWorkerbase.pdb( source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: amework.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: usermgrcli.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: elf.dll.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WindowManagementAPI.pdbows.UI.dll resourceses source: NW_store.exe, 0000001B.00000003.2191134084.000001FD1AAEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nw.dll.pdb source: NW_store.exe, 0000001A.00000003.2199227440.000001BAEB5C1000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2205116638.000001BAEB5E6000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2202873976.000001FD1AB2F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dnsapi.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D22000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: userenv.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2212242751.000001FD1AAE6000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: setupapi.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nlaapi.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winhttp.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: oleaut32.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: r32.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: devobj.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gdi32full.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: (CoreUIComponents.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D22000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: RmClient.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: w.w.dll.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: &twinapi.appcore.pdbb36 source: NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dhcpcsvc6.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D22000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: profapi.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System32\XmlLite.dllpterClient.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WLDP.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: DWrite.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: AddressFamilyost.pdb source: NW_store.exe, 0000001B.00000003.2197859895.000001FD1ADC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: w_elf.dll.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ws2_32.pdbP source: NW_store.exe, 0000001B.00000003.2192648110.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189516417.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190215188.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolForegroundWorkerrmgrcli.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mgr32.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ypt.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\nw85_win64\node-webkit\src\outst\nw\nw_elf.dll.pdb- source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: version.pdb source: NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190412847.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192492342.000001FD1AAE2000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: (CoreUIComponents.pdb)* source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wintrust.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: twinapi.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D22000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\nw85_win64\node-webkit\src\outst\nw\ffmpeg.dll.pdbfile specified. source: NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ging.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218391443.000001FD1AAEE000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rmgrcli.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: apps.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cryptbase.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolForegroundWorkerypt.pdbdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cfgmgr32.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: NW_store.exe, 0000001A.00000003.2199227440.000001BAEB5C1000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2205116638.000001BAEB5E6000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192648110.000001FD18D63000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18D9B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: w.fmpeg.dll.pdb' source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wtsapi32.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: oleaut32.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\SYSTEM32\dhcpcsvc6.DLLcore.pdb$ source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: imitives.pdb source: NW_store.exe, 0000001B.00000003.2218391443.000001FD1AAEE000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: er32.pdb source: NW_store.exe, 0000001B.00000003.2197859895.000001FD1ADC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: comctl32.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: setupapi.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nlaapi.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: crypt32.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp

Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)

Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1423136
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: NW_store.exe, 0000001A.00000003.2201049652.000001BAEC53A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3577
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/357700
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC514000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC514000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC54B000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5901
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6248
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6651
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6692
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6755
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6860
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6876
Source: NW_store.exe, 0000001A.00000003.2201049652.000001BAEC53A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6878
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6929
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6953
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC528000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7047
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7172
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7406
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8162
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8215
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8229
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8280
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC528000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8297
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC528000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8417
Source: chrome.exe, 00000000.00000003.2388900720.0000700C06B10000.00000004.00000001.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2161740535.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002FF3000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002F62000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: explorer.exe, 00000017.00000000.2073568677.000000000724F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.2083502571.00000000088E3000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: chrome.exe, 00000000.00000003.2388900720.0000700C06B10000.00000004.00000001.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2161740535.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002FF3000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002F62000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: chrome.exe, 00000000.00000003.2388900720.0000700C06B10000.00000004.00000001.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2161740535.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002FF3000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002F62000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: chrome.exe, 00000000.00000003.2388900720.0000700C06B10000.00000004.00000001.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2161740535.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002FF3000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002F62000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: NW_store.exe, 0000001A.00000003.2199227440.000001BAEB5C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000000.00000003.2388900720.0000700C06B10000.00000004.00000001.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2161740535.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002FF3000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002F62000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: explorer.exe, 00000017.00000000.2073568677.000000000724F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.2083502571.00000000088E3000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: chrome.exe, 00000000.00000003.2388900720.0000700C06B10000.00000004.00000001.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2161740535.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002FF3000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002F62000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: chrome.exe, 00000000.00000003.2388900720.0000700C06B10000.00000004.00000001.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2161740535.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002FF3000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002F62000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: explorer.exe, 00000017.00000000.2073568677.000000000724F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.2083502571.00000000088E3000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: chrome.exe, 00000000.00000003.2388900720.0000700C06B10000.00000004.00000001.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2161740535.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002FF3000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002F62000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000020.00000003.2317599096.0000014C0FE06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000000.00000003.2388900720.0000700C06B10000.00000004.00000001.00020000.00000000.sdmp, Setup.exe, 0000000E.00000000.1456004950.000000000040A000.00000008.00000001.01000000.00000006.sdmp, Setup.exe, 0000000E.00000002.1769492942.000000000040A000.00000004.00000001.01000000.00000006.sdmp, nsrDE1D.tmp, 00000010.00000002.2161740535.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, nsrDE1D.tmp, 00000010.00000000.1759197064.000000000040A000.00000008.00000001.01000000.0000000F.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: chrome.exe, 00000000.00000003.2388900720.0000700C06B10000.00000004.00000001.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2161740535.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002FF3000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002F62000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.2073568677.000000000724F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.2083502571.00000000088E3000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: chrome.exe, 00000000.00000003.2388900720.0000700C06B10000.00000004.00000001.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2161740535.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002FF3000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002F62000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: chrome.exe, 00000000.00000003.2388900720.0000700C06B10000.00000004.00000001.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2161740535.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002FF3000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002F62000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: chrome.exe, 00000000.00000003.2388900720.0000700C06B10000.00000004.00000001.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2161740535.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002FF3000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002F62000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: explorer.exe, 00000017.00000000.2073568677.00000000071CD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: chrome.exe, 00000000.00000003.2414274538.0000700C04CCD000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2381656519.0000700C04CB4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://pixel.gif/
Source: explorer.exe, 00000017.00000000.2068466797.00000000025F0000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC528000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://unisolated.invalid/
Source: chrome.exe, 00000000.00000003.2388900720.0000700C06B10000.00000004.00000001.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2161740535.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002FF3000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002F62000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: chrome.exe, 00000000.00000003.2352355911.0000700C04F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000000.00000003.2404237685.0000700C0466C000.00000004.00000001.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000020.00000003.2317599096.0000014C0FE06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000020.00000003.2317599096.0000014C0FE06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/AccountChooser
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/AccountChoosern=opensearch
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000020.00000003.2317599096.0000014C0FE06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/AddSession
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/AddSession?i%
Source: chrome.exe, 00000000.00000003.2404237685.0000700C0466C000.00000004.00000001.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000020.00000003.2317599096.0000014C0FE06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfoRw
Source: chrome.exe, 00000000.00000003.2404237685.0000700C0466C000.00000004.00000001.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000020.00000003.2317599096.0000014C0FE06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000020.00000003.2317599096.0000014C0FE06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000000.00000003.2404237685.0000700C0466C000.00000004.00000001.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000020.00000003.2317599096.0000014C0FE06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/RotateBoundCookiesKw
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/Xh
Source: chrome.exe, 00000000.00000003.2404237685.0000700C0466C000.00000004.00000001.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000020.00000003.2317599096.0000014C0FE06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.html-w
Source: chrome.exe, 00000000.00000003.2404237685.0000700C0466C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000000.00000003.2404237685.0000700C0466C000.00000004.00000001.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000020.00000003.2317599096.0000014C0FE06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000000.00000003.2404237685.0000700C0466C000.00000004.00000001.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000020.00000003.2317599096.0000014C0FE06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000000.00000003.2404237685.0000700C0466C000.00000004.00000001.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000020.00000003.2317599096.0000014C0FE06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/windows2
Source: chrome.exe, 00000000.00000003.2404237685.0000700C0466C000.00000004.00000001.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000020.00000003.2317599096.0000014C0FE06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/xreauth/chromeWw
Source: chrome.exe, 00000000.00000003.2404237685.0000700C0466C000.00000004.00000001.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000020.00000003.2317599096.0000014C0FE06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000000.00000003.2404237685.0000700C0466C000.00000004.00000001.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000020.00000003.2317599096.0000014C0FE06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000000.00000003.2404237685.0000700C0466C000.00000004.00000001.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000020.00000003.2317599096.0000014C0FE06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000020.00000003.2317599096.0000014C0FE06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/samlredirect
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/samlredirect;i9
Source: chrome.exe, 00000000.00000003.2404237685.0000700C0466C000.00000004.00000001.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000020.00000003.2317599096.0000014C0FE06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: explorer.exe, 00000017.00000000.2093659592.0000000008888000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppche_16.dbK
Source: chrome.exe, 00000000.00000003.2388900720.0000700C06B40000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://analytics.google.com/g/collect?v=2&tid=G-VFQWFX3X1C&gtm=45je4au0v898645365za200&_p=173045080
Source: explorer.exe, 00000017.00000003.2078931167.000000000BF18000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: explorer.exe, 00000017.00000003.2078931167.000000000BF18000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS0
Source: explorer.exe, 00000017.00000003.2078931167.000000000BF18000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS2F
Source: explorer.exe, 00000017.00000003.2078931167.000000000BF18000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOSdf
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4830
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4966
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7161
Source: NW_store.exe, 0000001A.00000003.2201049652.000001BAEC53A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7162
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC528000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7308
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7319
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320
Source: NW_store.exe, 0000001A.00000003.2201049652.000001BAEC53A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7369
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7382
Source: NW_store.exe, 0000001A.00000003.2201049652.000001BAEC53A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7489
Source: NW_store.exe, 0000001A.00000003.2201049652.000001BAEC53A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/8300
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/841X
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/841X:
Source: explorer.exe, 00000017.00000000.2093659592.0000000008710000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000017.00000000.2069271781.0000000002F60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.2067327465.0000000000B14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000017.00000000.2093659592.00000000087E2000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=BD3E37D8C4964A928E655AAA177D65C1&timeOut=5000&oc
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.2069271781.0000000002F60000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 00000017.00000000.2093659592.00000000087E2000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.com
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/WindyV2.svg
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://becausemomsays.com/she-wanted-to-keep-her-deceased-husbands-ring-so-she-selfishly-denied-her
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cart.ebay.com/
Source: chrome.exe, 00000000.00000003.2352355911.0000700C04F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13g0vJ
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13g0vJ-dark
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb-dark
Source: chrome.exe, 00000000.00000003.2352355911.0000700C04F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000000.00000003.2352355911.0000700C04F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore/category/extensions
Source: chrome.exe, 00000000.00000003.2377556460.0000700C05746000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC491000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en-GB
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=tr&category=theme81https://myactivity.google.com/myactivity/?u
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=trCtrl$1
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=uk&category=theme81https://myactivity.google.com/myactivity/?u
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=ukCtrl$1
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=ur&category=theme81https://myactivity.google.com/myactivity/?u
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=urCtrl$2
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=vi&category=theme81https://myactivity.google.com/myactivity/?u
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=viCtrl$1
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=zh-CN&category=theme81https://myactivity.google.com/myactivity
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=zh-CNCtrl$1
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=zh-TW&category=theme81https://myactivity.google.com/myactivity
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=zh-TWCtrl$1
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
Source: chrome.exe, 00000000.00000003.2404237685.0000700C0466C000.00000004.00000001.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2199227440.000001BAEB5C1000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2202873976.000001FD1AB2F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000000.00000003.2404237685.0000700C0466C000.00000004.00000001.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2199227440.000001BAEB5C1000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2205116638.000001BAEB5F3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2202873976.000001FD1AB2F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: NW_store.exe, 0000001A.00000003.2199227440.000001BAEB5C1000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2205116638.000001BAEB5F3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2202873976.000001FD1AB2F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/recordle_hashdQ
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000000.00000003.2352355911.0000700C04F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2421886379.0000700C04B1D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cookpolitical.com/2020-national-popular-vote-tracker
Source: chrome.exe, 00000000.00000003.2424249739.0000700C05348000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/analytics-container-tag-serving
Source: chrome.exe, 00000000.00000003.2422284912.0000700C04E10000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2388900720.0000700C06B40000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/analytics-container-tag-servingCross-Origin-Resource-Policy:
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1Content-Security-Policy:
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1Content-Type:
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1d
Source: chrome.exe, 00000000.00000003.2388900720.0000700C06B40000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving
Source: chrome.exe, 00000000.00000003.2395320133.0000700C0717C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0
Source: chrome.exe, 00000000.00000003.2395320133.0000700C0717C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
Source: chrome.exe, 00000000.00000003.2395320133.0000700C0717C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0Cross-Origin-Opener-Policy-Report-Only:
Source: Watchdog.exe, 00000016.00000003.2151515505.000001D2CAD04000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000016.00000003.2121658597.000001D2CACF9000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000016.00000003.2166617606.000001D2CAD04000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000016.00000003.2121658597.000001D2CACD3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d74queuslupub.cloudfront.net/
Source: Watchdog.exe, 00000016.00000003.2121658597.000001D2CACF9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d74queuslupub.cloudfront.net/A
Source: Watchdog.exe, 00000016.00000003.2265907721.000001D2CCA79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d74queuslupub.cloudfront.net/p.g
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000016.00000000.2062781959.00007FF7AD95A000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://d74queuslupub.cloudfront.net/p.gif?guid=%ws&version=%ws&evt_src=watch_dog&evt_action=signal_
Source: Watchdog.exe, 00000016.00000003.2151515505.000001D2CACE7000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000016.00000003.2166617606.000001D2CACF7000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000016.00000003.2091784830.000001D2CAD11000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000016.00000003.2204756074.000001D2CCA83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d74queuslupub.cloudfront.net/p.gif?guid=0CC82742-52E4-CC1D-A08F-D3A4823E8F04&version=fa.1092
Source: Watchdog.exe, 00000016.00000003.2121658597.000001D2CACD3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d74queuslupub.cloudfront.net/q
Source: Watchdog.exe, 00000016.00000003.2151515505.000001D2CAD04000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000016.00000003.2166617606.000001D2CAD04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d74queuslupub.cloudfront.net/ta
Source: explorer.exe, 00000017.00000000.2093659592.0000000008888000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: Setup.exe, 0000000E.00000002.1770923281.0000000002AD6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000E.00000003.1768880635.0000000002AD2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://delivery.pcapp.store/
Source: Setup.exe, 0000000E.00000002.1769947363.00000000005EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=&evt_src=fa_mini_insta
Source: Setup.exe, 0000000E.00000003.1768809076.0000000002B04000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000E.00000002.1769492942.0000000000436000.00000004.00000001.01000000.00000006.sdmp	String found in binary or memory: https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=ersion=fa.1092c&src=pc
Source: Setup.exe, 0000000E.00000002.1769947363.00000000005BA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000E.00000002.1770691866.0000000002A60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=fa.1092c
Source: Setup.exe, 0000000E.00000002.1769947363.00000000005BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=fa.1092c;Z~
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000000.00000003.2404237685.0000700C0466C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000000.00000003.2352355911.0000700C04F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000000.00000003.2352355911.0000700C04F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 00000000.00000003.2352355911.0000700C04F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: chrome.exe, 00000000.00000003.2352355911.0000700C04F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icot_version
Source: explorer.exe, 00000017.00000003.2266932706.000000000BFDF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.2109377461.000000000BFDE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.2078931167.000000000BF65000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.comA
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://financebuzz.com/top-signs-of-financial-fitness?utm_source=msn&utm_medium=feed&synd_slide=1&s
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC5E2000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2201960437.000001FD1AA8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/7i=
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002F62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.comlast_v=%ws&dl_lnk=%wsempty_instructionsno_internet_connectionend
Source: chrome.exe, 00000000.00000003.2377001774.0000700C05424000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml
Source: chrome.exe, 00000000.00000003.2377001774.0000700C05424000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858128210/?random=1730450805546&cv=
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA10WNpO.img
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1bAqmF.img
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hMa61.img
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1e6XdQ.img
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/155487768
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/184850002
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC528000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/184850002TLR
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/187425444
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC528000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/187425444LMJ
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/229267970
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC528000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/229267970S
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/250706693
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/253522366
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC528000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/253522366XLV
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC528000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/255411748
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/258207403
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC528000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104PLn
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC528000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/284462263
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/288119108
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC528000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/292282210
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC528000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/2922822108Lv
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC528000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/292285899
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/309028728
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/315836169
Source: Watchdog.exe, 00000016.00000003.2121658597.000001D2CACD3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352355911.0000700C04F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000000.00000003.2392711594.0000700C04B64000.00000004.00000001.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2200761130.000001BAEBA80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000000.00000003.2392711594.0000700C04B64000.00000004.00000001.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2200761130.000001BAEBA80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000000.00000003.2392711594.0000700C04B64000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://myactivity.google.com/
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://myshop.amplify.com/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://myshop.amplify.com/cartive
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://news.gallup.com/poll/247016/conservatives-greatly-outnumber-liberals-states.aspx
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000000.00000003.2404237685.0000700C0466C000.00000004.00000001.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000020.00000003.2317599096.0000014C0FE06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetokendw
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: explorer.exe, 00000017.00000003.2266932706.000000000BFDF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.2109377461.000000000BFDE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.2078931167.000000000BF65000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.comsoft.A
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://passwords.google.com
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://passwords.google.comGoogle
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://passwords.google.comT
Source: Setup.exe, 0000000E.00000003.1768880635.0000000002ADE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.st_be
Source: chrome.exe, 00000000.00000003.2431002352.0000700C0529C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2392711594.0000700C04B64000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2428924626.0000700C04C9C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2395320133.0000700C0717C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2417200343.0000700C04B74000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352355911.0000700C04F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2424249739.0000700C05348000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2432402694.0000700C05AF8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2397708924.0000700C06F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2418527778.0000700C0713C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2374326622.0000700C05674000.00000004.00000001.00020000.00000000.sdmp, NW_store.exe, 00000020.00000003.2249401907.00001A8000A0C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store
Source: chrome.exe, 00000000.00000003.2374326622.0000700C05674000.00000004.00000001.00020000.00000000.sdmp, Setup.exe, 0000000E.00000003.1768880635.0000000002ADE000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000E.00000002.1770691866.0000000002A60000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2160408634.00000000005F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/
Source: Setup.exe, 0000000E.00000003.1768880635.0000000002ADE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/&
Source: chrome.exe, 00000000.00000003.2377556460.0000700C05746000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store//
Source: Setup.exe, 0000000E.00000002.1770691866.0000000002A60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/5
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/?p=lpd_appstore-faq
Source: chrome.exe, 00000000.00000003.2423245960.0000700C06DA8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2418527778.0000700C0713C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2373502458.0000700C06190000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2383109953.0000700C04CFC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/?p=lpd_installing_r2&guid=0CC82742-52E4-CC1D-A08F-D3A4823E8F04&_fcid=17304508040
Source: Setup.exe, 0000000E.00000002.1770691866.0000000002A60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/LMEMH
Source: chrome.exe, 00000000.00000003.2424036011.0000700C056F1000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2416598935.0000700C049E8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/PC
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062217764.00007FF7D13EB000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: https://pcapp.store/account/login
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062217764.00007FF7D13EB000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: https://pcapp.store/account/logintray_exitinvalid
Source: chrome.exe, 00000000.00000003.2431705505.0000700C054B8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2413191184.0000700C06BD0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/api/api.php
Source: chrome.exe, 00000000.00000003.2413191184.0000700C06BD0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/api/api.phpp
Source: chrome.exe, 00000000.00000003.2388900720.0000700C06B40000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/c=
Source: chrome.exe, 00000000.00000003.2352355911.0000700C04F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/cccebcb6-4f19-4708-a7be-3ea33745d4fc
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062217764.00007FF7D13EB000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: https://pcapp.store/cpg_fa.php?guid=An
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062217764.00007FF7D13EB000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: https://pcapp.store/dl_cta_open.php?guid=%ws&oid=%lu&entryApp=%ws
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002F62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/fa_version.php?guid=%ws&end_v=%ws&nocache=%d
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002F62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/fa_version.php?guid=%ws&res=link&nocache=%d
Source: Setup.exe, 0000000E.00000002.1770691866.0000000002A60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/indows.storage.dlll
Source: nsrDE1D.tmp, 00000010.00000002.2162572486.00000000005BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/inst_cpg.php?guid=&src=pcapp_full.
Source: Setup.exe, 0000000E.00000002.1770194211.0000000000642000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000E.00000003.1769321991.0000000000639000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/inst_cpg.php?guid=0CC82742-52E4-CC1D-A08F-D3A4823E8F04&_fcid=1730450804060690&ve
Source: nsrDE1D.tmp, 00000010.00000003.2160818890.00000000039BB000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2160818890.000000000398E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/inst_cpg.php?guid=0CC82742-52E4-CC1D-A08F-D3A4823E8F04&version=fa.1092c&src=pcap
Source: Setup.exe, 0000000E.00000002.1769947363.00000000005EA000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2162572486.00000000005BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/installing.php?guid=&winver=
Source: chrome.exe, 00000000.00000003.2383109953.0000700C04CFC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/lp/appstore/img/favicon.ico
Source: chrome.exe, 00000000.00000003.2377001774.0000700C05424000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/nkedrevalid
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062217764.00007FF7D13EB000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: https://pcapp.store/notify_app_v2.php?guid=&lastid=&lasttime=&nocache=&end_v=%ws%ws%ws%d%ws%d%ws%ws%
Source: Setup.exe, 0000000E.00000003.1768880635.0000000002ADE000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000E.00000002.1771058462.0000000002AF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/pixe
Source: PcAppStore.exe, 00000015.00000000.2062217764.00007FF7D13EB000.00000002.00000001.01000000.00000016.sdmp, NW_store.exe, 00000020.00000003.2328169168.0000014B8F46A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/pixel.gif
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062217764.00007FF7D13EB000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: https://pcapp.store/pixel.gif?guid=&version=&evt_src=fa_&evt_action=&nocache=%s%s%s%s%s%s%s%s&%s%s%I
Source: nsrDE1D.tmp, 00000010.00000002.2162572486.00000000005BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/pixel.gif?guid=&version=&evt_src=fa_installer&evt_action=localmac
Source: nsrDE1D.tmp, 00000010.00000003.2159551577.0000000000625000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2041291767.000000000398E000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2042942776.000000000398D000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2041106057.000000000398C000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2042760465.000000000398D000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2042140026.000000000398C000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2042545328.000000000398C000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2038239230.000000000398C000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2160818890.000000000398E000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2043521399.000000000398D000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2038127190.00000000039BA000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000003.2248389877.000002D2D6732000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/pixel.gif?guid=0CC82742-52E4-CC1D-A08F-D3A4823E8F04&version=fa.1092c&evt_src=fa_
Source: nsrDE1D.tmp, 00000010.00000003.2159551577.0000000000625000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2160818890.00000000039C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/pixel.gif?guid=0CC82742-52E4-CC1D-A08F-D3A4823E8F04&version=fa.1092c&inst_parent
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062217764.00007FF7D13EB000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: https://pcapp.store/pixel.gifcurrent_path()
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062217764.00007FF7D13EB000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: https://pcapp.store/pixel.gifinvalid
Source: chrome.exe, 00000000.00000003.2374722417.0000700C05DD4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/pixel.gifp
Source: nsrDE1D.tmp, 00000010.00000003.2160818890.000000000399B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/ppStore
Source: nsrDE1D.tmp, 00000010.00000002.2162572486.00000000005BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/privacy.html?guid=By
Source: Setup.exe, 0000000E.00000002.1769947363.00000000005EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/privacy.html?guid=welhttps://pcapp.store/pixel.gif?guid=&version=&evt_src=fa_min
Source: Setup.exe, 0000000E.00000002.1769947363.00000000005EA000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2162572486.00000000005BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/tos.html?guid=
Source: nsrDE1D.tmp, 00000010.00000003.2160672385.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store/y
Source: chrome.exe, 00000000.00000003.2431002352.0000700C0529C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store1
Source: chrome.exe, 00000000.00000003.2395320133.0000700C0717C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.storeDate:
Source: chrome.exe, 00000000.00000003.2431002352.0000700C0529C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.storehttps://pcapp.storehttps://pcapp.store/https://pcapp.store0
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062217764.00007FF7D13EB000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: https://pcapp.storenamepathmicrosoftIdregpathkeydisplaycountblinkingnotificationIconrunParampathalt_
Source: chrome.exe, 00000000.00000003.2392711594.0000700C04B64000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2417200343.0000700C04B74000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.storep
Source: chrome.exe, 00000000.00000003.2431002352.0000700C0529C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.storewww.googletagmanager.com_default
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002F62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pcappstore.s3.amazonaws.com/versionrinstruction_failed%ws?guid=%ws&nocache=%dauto_updater.ex
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://policies.google.com/
Source: explorer.exe, 00000017.00000000.2109377461.000000000C060000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.2332658254.000000000C06E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.2078931167.000000000BF65000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.2357314658.000000000C06F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.2285844086.000000000C06F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.com
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=dummytoken
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062217764.00007FF7D13EB000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: https://search.pcapp.store/r.html?q=%ws&br=%ws&en=%ws&guid=%ws&end_v=%wsatlTraceGeneralatlTraceCOMat
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shop.advanceautoparts.com/web/OrderItemDisplay
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://stacker.com/
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://stacker.com/politics/states-most-conservatives-0
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/cart/
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/chrome/a/answer/9122284
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/chromebook?p=app_intent
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC491000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC491000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.gstatic.com/faviconV2P
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tasks.googleapis.com/
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tasks.googleapis.com/o_deleteWi
Source: chrome.exe, 00000000.00000003.2424249739.0000700C05348000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2397708924.0000700C06F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2374326622.0000700C05674000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://td.doubleclick.net/td/ga/rul?tid=G-VFQWFX3X1C&gacid=27052987.1730450806&gtm=45je4au0v8986453
Source: chrome.exe, 00000000.00000003.2424249739.0000700C05348000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2397708924.0000700C06F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2374326622.0000700C05674000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://td.doubleclick.net/td/rul/858128210?random=1730450805519&cv=11&fst=1730450805519&fmt=3&bg=ff
Source: chrome.exe, 00000000.00000003.2424249739.0000700C05348000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2397708924.0000700C06F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2374326622.0000700C05674000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://td.doubleclick.net/td/rul/858128210?random=1730450805546&cv=11&fst=1730450805546&fmt=3&bg=ff
Source: chrome.exe, 00000000.00000003.2414078326.0000700C068E8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2424249739.0000700C05348000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2397708924.0000700C06F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2374326622.0000700C05674000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://td.doubleclick.net/td/rul/858128210?random=1730450807336&cv=11&fst=1730450807336&fmt=3&bg=ff
Source: chrome.exe, 00000000.00000003.2418527778.0000700C0713C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://td.doubleclick.net/td/rul/858128210?random=1730450826199&cv=11&fst=1730450826199&fmt=3&bg=ff
Source: chrome.exe, 00000000.00000003.2373502458.0000700C06190000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://td.doubleclick.net/td/rul/858128210?random=1730450826226&cv=11&fst=1730450826226&fmt=3&bg=ff
Source: chrome.exe, 00000000.00000003.2418527778.0000700C0713C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://td.doubleclick.net/td/rul/858128210?random=1730450827090&cv=11&fst=1730450827090&fmt=3&bg=ff
Source: chrome.exe, 00000000.00000003.2431002352.0000700C0529C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2432402694.0000700C05AF8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://td.doubleclick.net4s268670691.1730450806
Source: chrome.exe, 00000000.00000003.2431002352.0000700C0529C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://td.doubleclick.net4s268670691.1730450806/
Source: chrome.exe, 00000000.00000003.2432402694.0000700C05AF8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156786411258&cr_id=682239234212&cv_id=0&format=$
Source: chrome.exe, 00000000.00000003.2432402694.0000700C05AF8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928&cr_id=688766820411&cv_id=0&format=$
Source: chrome.exe, 00000000.00000003.2432402694.0000700C05AF8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928&cr_id=688766820414&cv_id=0&format=$
Source: chrome.exe, 00000000.00000003.2432402694.0000700C05AF8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928&cr_id=688766820429&cv_id=0&format=$
Source: chrome.exe, 00000000.00000003.2432402694.0000700C05AF8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928&cr_id=688766820432&cv_id=0&format=$
Source: chrome.exe, 00000000.00000003.2432402694.0000700C05AF8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928&cr_id=688766820444&cv_id=0&format=$
Source: chrome.exe, 00000000.00000003.2432402694.0000700C05AF8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928&cr_id=688766820450&cv_id=0&format=$
Source: chrome.exe, 00000000.00000003.2432402694.0000700C05AF8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928&cr_id=688766820453&cv_id=0&format=$
Source: chrome.exe, 00000000.00000003.2432402694.0000700C05AF8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928&cr_id=688766820456&cv_id=0&format=$
Source: chrome.exe, 00000000.00000003.2432402694.0000700C05AF8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928&cr_id=688795175019&cv_id=0&format=$
Source: chrome.exe, 00000000.00000003.2432402694.0000700C05AF8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928&cr_id=688917203998&cv_id=0&format=$
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wigreports.com/about/
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000017.00000003.2077159872.0000000008AA9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/gr.exel
Source: explorer.exe, 00000017.00000003.2266932706.000000000BFDF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.2109377461.000000000BFDE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.2078931167.000000000BF65000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.com8E
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.270towin.com/
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.academy.com/shop/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.acehardware.com/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.adorama.com/als.mvc/cartview
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ae.com/us/en/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.altardstate.com/cart/
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.co.uk/gp/cart/view.html
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/gp/cart/view.html
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.apple.com/shop/bag
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.att.com/buy/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.att.com/buy/cartF
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.basspro.com/shop/AjaxOrderItemDisplayView
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.basspro.com/shop/AjaxOrderItemDisplayViewCC
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.belk.com/shopping-bag/
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bestbuy.com/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bestbuy.com/cartR
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bhphotovideo.com/find/cart.jsp
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bloomingdales.com/my-bag
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.boostmobile.com/cart.html
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bricklink.com/v2/globalcart.page
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.brownells.com/aspx/store/cart.aspx
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.buybuybaby.com/store/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.carid.com/cart.php
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.carid.com/cart.php2
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.chegg.com/shoppingcart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.containerstore.com/cart/list.htm
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.costco.com/CheckoutCartDisplayView
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.crateandbarrel.com/Checkout/Cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.dickssportinggoods.com/OrderItemDisplay
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.dillards.com/webapp/wcs/stores/servlet/OrderItemDisplay
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.dsw.com/en/us/shopdG7
Source: chrome.exe, 00000000.00000003.2352355911.0000700C04F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000000.00000003.2352355911.0000700C04F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000000.00000003.2352355911.0000700C04F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.etsy.com/cart/
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.etsy.com/cart/T
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.financebuzz.com/clever-debt-payoff-55mp?utm_source=msn&utm_medium=feed&synd_slide=1&synd
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.forbes.com/sites/elanagross/2020/10/28/trump-administration-uses-philadelphia-protests-t
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gamestop.com/cart/
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html&
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlT&r
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlYar&d
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000000.00000003.2404237685.0000700C0466C000.00000004.00000001.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000020.00000003.2317599096.0000014C0FE06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfoiw
Source: chrome.exe, 00000000.00000003.2404237685.0000700C0466C000.00000004.00000001.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000020.00000003.2317599096.0000014C0FE06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000000.00000003.2404237685.0000700C0466C000.00000004.00000001.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000020.00000003.2317599096.0000014C0FE06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v4/tokenzw
Source: chrome.exe, 00000000.00000003.2404237685.0000700C0466C000.00000004.00000001.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000020.00000003.2317599096.0000014C0FE06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/nw
Source: chrome.exe, 00000000.00000003.2431002352.0000700C0529C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com/
Source: chrome.exe, 00000000.00000003.2353176928.0000700C06534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com/static/service_worker/4al0/sw.js?origin=https%3A%2F%2Fpcapp.store
Source: chrome.exe, 00000000.00000003.2371923883.0000700C06108000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2424249739.0000700C05348000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2397708924.0000700C06F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2418527778.0000700C0713C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2428529815.0000700C0521C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2374326622.0000700C05674000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fpcap
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.groupon.com/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.groupon.com/cartR
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.harborfreight.com/checkout/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.hmhco.com/hmhstorefront/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.homedepot.com/mycart/home
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.homesquare.com/Checkout/Cart.aspx
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.hottopic.com/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.hottopic.com/cartT
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.hsn.com/checkout/bag
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ikea.
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.jcpenney.com/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.jcpenney.com/cartFAULT
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.joann.com/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.joann.com/cartncodings
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.kohls.com/checkout/shopping_cart.jsp
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.kohls.com/checkout/shopping_cart.jspys
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.lowes.com/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.lowes.com/cart_id
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.macys.com/my-bag
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.macys.com/my-bagd
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.midwayusa.com/cart
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/autos/buying/if-your-old-car-has-any-of-these-16-problems-consider-buying-
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/health/medical/mayo-clinic-minute-who-benefits-from-taking-statins/ar-AA1h
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/health/medical/scientists-reveal-new-findings-about-older-adults-who-take-
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/15-attributes-of-truly-good-men/ss-AA1hJKQY
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/there-are-8-types-of-intelligence-which-one-is-yo
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/if-any-of-these-11-things-describes-you-you-ve-climb
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/george-santos-former-campaign-treasurer-pleads-guilty-to-fed
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/the-state-with-the-most-liberals-isn-t-userfornia-or-new-yor
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/trump-asks-for-jan-6-dismissal-because-coup-attempt-was-part
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/russian-official-proposes-invading-five-nato-countries/ar-AA1hJ
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/the-nobel-peace-prize-will-be-announced-in-oslo-the-laureate-is
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.nike.com/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.nike.com/cart_post_params
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.officedepot.com/cart/shoppingCart.do
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.officedepot.com/cart/shoppingCart.dogs
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.overstock.com/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.overstock.com/cartw_tab_url
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.petsmart.com/cart/
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.pier1.com/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.redbubble.com/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.rei.com/ShoppingCart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.revolve.com/r/ShoppingBag.jsp
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.rockauto.com/en/cart/
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.saksfifthavenue.com/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.samsclub.com/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sephora.com/basket
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sephora.com/basket8
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.shutterfly.com/cart/
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.staples.com/cc/mm$8
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sweetwater.com/store/cart.php
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.talbots.com/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.target.com/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.teacherspayteachers.com/Cart
Source: explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.theatlantic.com/politics/archive/2014/02/the-origin-of-liberalism/283780/
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.therealreal.com/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.tractorsupply.com/TSCShoppingCartView
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ulta.com/bag
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.underarmour.com/D8
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.walmart.com/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.weightwatchers.com/us/shop/checkout/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.wish.com/cart
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000000.00000003.2424688887.0000700C04A99000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.zappos.com/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.zazzle.com/co/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www2.hm.com/en_us/cart
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www2.hm.com/en_us/cartoriginati

System Summary

Blob-based file download detected

Source: C:\Users\user\Downloads\Setup.exe

File download: blob:https://pcapp.store/cccebcb6-4f19-4708-a7be-3ea33745d4fc

Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe

File created: C:\Windows\SystemTemp\nw7584_630921909

Source: vulkan-1.dll.16.dr	Static PE information: Number of sections : 11 > 10
Source: libEGL.dll.16.dr	Static PE information: Number of sections : 12 > 10
Source: vk_swiftshader.dll.16.dr	Static PE information: Number of sections : 11 > 10
Source: node.dll.16.dr	Static PE information: Number of sections : 11 > 10
Source: libGLESv2.dll.16.dr	Static PE information: Number of sections : 12 > 10
Source: notification_helper.exe.16.dr	Static PE information: Number of sections : 13 > 10
Source: nw.dll.16.dr	Static PE information: Number of sections : 15 > 10
Source: ffmpeg.dll.16.dr	Static PE information: Number of sections : 11 > 10
Source: NW_store.exe.16.dr	Static PE information: Number of sections : 13 > 10
Source: nw_elf.dll.16.dr	Static PE information: Number of sections : 14 > 10

Source: classification engine

Classification label: mal64.spyw.evad.win@58/484@0/45

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Mutant created: \Sessions\1\BaseNamedObjects\mfx_d3d_mutex
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ChromeProcessSingletonStartup!

Source: C:\Users\user\Downloads\Setup.exe

File created: C:\Users\user\AppData\Local\Temp\nsyBD06.tmp

Jump to behavior

Source: C:\Users\user\Downloads\Setup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\Downloads\Setup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\Downloads\Setup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\Downloads\Setup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor

Source: C:\Users\user\Downloads\Setup.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Downloads\Setup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062339851.00007FF7D1432000.00000008.00000001.01000000.00000016.sdmp	Binary or memory string: SELECT sql FROM%d UNION ALL SELECT shell_add_schema(sql,mainNULL,name) AS sql, type, tbl_name, name, rowid, AS snum, AS sname FROM .sqlite_schema UNION ALL SELECT shell_module_schema(name), 'table', name, name, name, 9e+99, 'main' FROM pragma_module_list) WHERE %Qlower(printf('%s.%s',sname,tbl_name))lower(tbl_name) GLOB LIKE ESCAPE '\' AND name NOT LIKE 'sqlite_%%' AND sql IS NOT NULL ORDER BY snum, rowidSQL: %s;
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062339851.00007FF7D1432000.00000008.00000001.01000000.00000016.sdmp	Binary or memory string: INSERT INTO sqlite_schema(type,name,tbl_name,rootpage,sql)VALUES('table','%q','%q',0,'%q');%s
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062339851.00007FF7D1432000.00000008.00000001.01000000.00000016.sdmp	Binary or memory string: CREATE TABLE ColNames( cpos INTEGER PRIMARY KEY, name TEXT, nlen INT, chop INT, reps INT, suff TEXT);CREATE VIEW RepeatedNames AS SELECT DISTINCT t.name FROM ColNames t WHERE t.name COLLATE NOCASE IN ( SELECT o.name FROM ColNames o WHERE o.cpos<>t.cpos);
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062339851.00007FF7D1432000.00000008.00000001.01000000.00000016.sdmp	Binary or memory string: SELECT type,name,tbl_name,sql FROM sqlite_schema ORDER BY name;
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062339851.00007FF7D1432000.00000008.00000001.01000000.00000016.sdmp	Binary or memory string: SELECT key, quote(value) FROM temp.sqlite_parameters;
Source: NW_store.exe, 0000001A.00000003.2206408972.000001BAEC491000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC491000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC487000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','stats_origin','stats',#1,'CREATE INDEX stats_origin ON stats(origin_domain)');page=#2
Source: chrome.exe, 00000000.00000003.2416598935.0000700C049E8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: NW_store.exe, 0000001A.00000003.2206408972.000001BAEC491000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','sqlite_autoindex_psl_extensions_1','psl_extensions',#4,NULL);
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062339851.00007FF7D1432000.00000008.00000001.01000000.00000016.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062339851.00007FF7D1432000.00000008.00000001.01000000.00000016.sdmp	Binary or memory string: SELECT * FROM "%w" ORDER BY rowid DESC;
Source: NW_store.exe, 0000001A.00000003.2206408972.000001BAEC491000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','sqlite_autoindex_psl_extensions_1','psl_extensions',#4,NULL);H
Source: NW_store.exe, 0000001A.00000003.2196934902.000001BAEC487000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','sqlite_autoindex_meta_1','meta',#4,NULL);
Source: NW_store.exe, 0000001A.00000003.2206408972.000001BAEC491000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC487000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','sqlite_autoindex_masked_ibans_1','masked_ibans',#4,NULL);
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062339851.00007FF7D1432000.00000008.00000001.01000000.00000016.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062339851.00007FF7D1432000.00000008.00000001.01000000.00000016.sdmp	Binary or memory string: SELECT max(length(key)) FROM temp.sqlite_parameters;
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062339851.00007FF7D1432000.00000008.00000001.01000000.00000016.sdmp	Binary or memory string: SELECT 'CREATE TEMP' \|\| substr(sql, 7) FROM sqlite_schema WHERE tbl_name = %Q AND type IN ('table', 'trigger') ORDER BY type;
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','index_on_eq_groups_set_id_index','eq_class_groups',#1,'CREATE INDEX index_on_eq_groups_set_id_index ON eq_class_groups (set_id)');
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062339851.00007FF7D1432000.00000008.00000001.01000000.00000016.sdmp	Binary or memory string: INSERT INTO selftest(tno,op,cmd,ans) SELECT rowid*10,op,cmd,ans FROM [_shell$self];
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062339851.00007FF7D1432000.00000008.00000001.01000000.00000016.sdmp	Binary or memory string: SELECT * FROM "%w" ORDER BY rowid DESC;Warning: cannot step "%s" backwardsSELECT name, sql FROM sqlite_schema WHERE %sError: (%d) %s on [%s]
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062339851.00007FF7D1432000.00000008.00000001.01000000.00000016.sdmp	Binary or memory string: INSERT INTO sqlite_schema(type,name,tbl_name,rootpage,sql)VALUES('table','%q','%q',0,'%q');
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','index_on_eq_groups_set_id_index','eq_class_groups',#1,'CREATE INDEX index_on_eq_groups_set_id_index ON eq_class_groups (set_id)');g
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062339851.00007FF7D1432000.00000008.00000001.01000000.00000016.sdmp	Binary or memory string: SELECT tbl,idx,stat FROM sqlite_stat1 ORDER BY tbl,idx;
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062339851.00007FF7D1432000.00000008.00000001.01000000.00000016.sdmp	Binary or memory string: SELECT 'EXPLAIN QUERY PLAN SELECT 1 FROM ' \|\| quote(s.name) \|\| ' WHERE ' \|\| group_concat(quote(s.name) \|\| '.' \|\| quote(f.[from]) \|\| '=?' \|\| fkey_collate_clause( f.[table], COALESCE(f.[to], p.[name]), s.name, f.[from]),' AND '), 'SEARCH ' \|\| s.name \|\| ' USING COVERING INDEX(' \|\| group_concat('=?', ' AND ') \|\| ')', s.name \|\| '(' \|\| group_concat(f.[from], ', ') \|\| ')', f.[table] \|\| '(' \|\| group_concat(COALESCE(f.[to], p.[name])) \|\| ')', 'CREATE INDEX ' \|\| quote(s.name \|\|'_'\|\| group_concat(f.[from], '_')) \|\| ' ON ' \|\| quote(s.name) \|\| '(' \|\| group_concat(quote(f.[from]) \|\| fkey_collate_clause( f.[table], COALESCE(f.[to], p.[name]), s.name, f.[from]), ', ') \|\| ');', f.[table] FROM sqlite_schema AS s, pragma_foreign_key_list(s.name) AS f LEFT JOIN pragma_table_info AS p ON (pk-1=seq AND p.arg=f.[table]) GROUP BY s.name, f.id ORDER BY (CASE WHEN ? THEN f.[table] ELSE s.name END)
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062339851.00007FF7D1432000.00000008.00000001.01000000.00000016.sdmp	Binary or memory string: SELECT 'CREATE TEMP' \|\| substr(sql, 7) FROM sqlite_schema WHERE tbl_name = %Q AND type IN ('table', 'trigger') ORDER BY type;ALTER TABLE temp.%Q RENAME TO %QINSERT INTO %Q VALUES(, %s?)UPDATE %Q SET , %s%Q=?DELETE FROM %QSELECT type, name, sql, 1 FROM sqlite_schema WHERE type IN ('table','view') AND name NOT LIKE 'sqlite_%%' UNION ALL SELECT type, name, sql, 2 FROM sqlite_schema WHERE type = 'trigger' AND tbl_name IN(SELECT name FROM sqlite_schema WHERE type = 'view') ORDER BY 4, 1CREATE TABLE x(, %s%Q COLLATE %s)CREATE VIRTUAL TABLE %Q USING expert(%Q)SELECT max(i.seqno) FROM sqlite_schema AS s, pragma_index_list(s.name) AS l, pragma_index_info(l.name) AS i WHERE s.type = 'table', %sx.%Q IS rem(%d, x.%Q) COLLATE %s%s%dSELECT %s FROM %Q x ORDER BY %sSELECT %s FROM temp.t592690916721053953805701627921227776 x ORDER BY %s%d %dDROP TABLE IF EXISTS temp.t592690916721053953805701627921227776CREATE TABLE temp.t592690916721053953805701627921227776 AS SELECT * FROM %QSELECT s.rowid, s.name, l.name FROM sqlite_schema AS s, pragma_index_list(s.name) AS l WHERE s.type = 'table'SELECT name, coll FROM pragma_index_xinfo(?) WHERE keyINSERT INTO sqlite_stat1 VALUES(?, ?, ?)ANALYZE; PRAGMA writable_schema=1remsampleDROP TABLE IF EXISTS temp.t592690916721053953805701627921227776ANALYZE sqlite_schemaDROP TABLE IF EXISTS temp.t592690916721053953805701627921227776:memory::memory:SELECT sql FROM sqlite_schema WHERE name NOT LIKE 'sqlite_%%' AND sql NOT LIKE 'CREATE VIRTUAL %%'Cannot find a unique index name to propose. -- stat1: %s;%s%s
Source: NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2195717842.000001BAEC5AA000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC557000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062339851.00007FF7D1432000.00000008.00000001.01000000.00000016.sdmp	Binary or memory string: INSERT OR IGNORE INTO "%s" VALUES(?,?);Error %d: %s on [%s]
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062339851.00007FF7D1432000.00000008.00000001.01000000.00000016.sdmp	Binary or memory string: SELECT name,seq FROM sqlite_sequence ORDER BY name;
Source: NW_store.exe, 0000001A.00000003.2196934902.000001BAEC487000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','sqlite_autoindex_meta_1','meta',#4,NULL);ked_credit_cards', rootpage=#2, sql=
Source: NW_store.exe, 0000001A.00000003.2206408972.000001BAEC491000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC491000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC487000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','stats_origin','stats',#1,'CREATE INDEX stats_origin ON stats(origin_domain)');

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2008,i,7092667227049171613,2672400075963886792,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pcapp.store/pixel.gif"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3228 --field-trial-handle=2008,i,7092667227049171613,2672400075963886792,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4020 --field-trial-handle=2008,i,7092667227049171613,2672400075963886792,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4208 --field-trial-handle=2008,i,7092667227049171613,2672400075963886792,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Users\user\Downloads\Setup.exe "C:\Users\user\Downloads\Setup.exe"
Source: C:\Users\user\Downloads\Setup.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://pcapp.store/installing.php?guid=0CC82742-52E4-CC1D-A08F-D3A4823E8F04&winver=19045&version=fa.1092c&nocache=20241101044703.142&_fcid=1730450804060690
Source: C:\Users\user\Downloads\Setup.exe	Process created: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp "C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp" /internal 1730450804060690 /force
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Process created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PcAppStore.exe" /init default
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Process created: C:\Users\user\PCAppStore\Watchdog.exe "C:\Users\user\PCAppStore\Watchdog.exe" /guid=0CC82742-52E4-CC1D-A08F-D3A4823E8F04 /rid=20241101044756.2806793562 /ver=fa.1092c
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PcAppStore.exe" /init default showM
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe .\nwjs\NW_store.exe .\ui\.
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe C:\Users\user\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x240,0x244,0x248,0x23c,0x24c,0x7fff32eda960,0x7fff32eda970,0x7fff32eda980
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe C:\Users\user\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\pc_app_store\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x1b4,0x1b8,0x1bc,0x194,0x1c0,0x7ff76bd58a60,0x7ff76bd58a70,0x7ff76bd58a80
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2036 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:2
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=2268 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:3
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=2504 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --no-appcompat-clear --no-sandbox --file-url-path-alias="/gen=C:\Users\user\PCAppStore\nwjs\gen" --no-zygote --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1730444082539097 --launch-time-ticks=6808286653 --mojo-platform-channel-handle=2604 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:2
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=3980 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:8
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PcAppStore.exe" /init default showM
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2008,i,7092667227049171613,2672400075963886792,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3228 --field-trial-handle=2008,i,7092667227049171613,2672400075963886792,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4020 --field-trial-handle=2008,i,7092667227049171613,2672400075963886792,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4208 --field-trial-handle=2008,i,7092667227049171613,2672400075963886792,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Users\user\Downloads\Setup.exe "C:\Users\user\Downloads\Setup.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://pcapp.store/installing.php?guid=0CC82742-52E4-CC1D-A08F-D3A4823E8F04&winver=19045&version=fa.1092c&nocache=20241101044703.142&_fcid=1730450804060690	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Process created: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp "C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp" /internal 1730450804060690 /force	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Process created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PcAppStore.exe" /init default	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Process created: C:\Users\user\PCAppStore\Watchdog.exe "C:\Users\user\PCAppStore\Watchdog.exe" /guid=0CC82742-52E4-CC1D-A08F-D3A4823E8F04 /rid=20241101044756.2806793562 /ver=fa.1092c	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe .\nwjs\NW_store.exe .\ui\.	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PcAppStore.exe" /init default showM	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PcAppStore.exe" /init default showM	Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe C:\Users\user\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x240,0x244,0x248,0x23c,0x24c,0x7fff32eda960,0x7fff32eda970,0x7fff32eda980
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2036 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:2
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=2268 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:3
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=2504 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --no-appcompat-clear --no-sandbox --file-url-path-alias="/gen=C:\Users\user\PCAppStore\nwjs\gen" --no-zygote --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1730444082539097 --launch-time-ticks=6808286653 --mojo-platform-channel-handle=2604 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:2
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=3980 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe C:\Users\user\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\pc_app_store\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x1b4,0x1b8,0x1bc,0x194,0x1c0,0x7ff76bd58a60,0x7ff76bd58a70,0x7ff76bd58a80

Source: C:\Users\user\Downloads\Setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: wlanapi.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: uiamanager.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: capabilityaccessmanagerclient.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: provsvc.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: urlmon.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: version.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: wlanapi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: winhttp.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: secur32.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: iertutil.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: srvcli.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: netutils.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: profapi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: sspicli.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: amsi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: userenv.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: nw_elf.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: version.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: winmm.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: userenv.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: secur32.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: winhttp.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dwrite.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: sspicli.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: msasn1.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: wldp.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: kbdus.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: gpapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: wkscli.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: netutils.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: powrprof.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: umpdc.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: mdmregistration.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: mdmregistration.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: omadmapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dmcmnutils.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: iri.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: netapi32.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dsreg.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: profapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dpapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: netapi32.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: wintypes.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: wintypes.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: wintypes.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: twinapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: windows.ui.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: windowmanagementapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: inputhost.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: propsys.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: devobj.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: mmdevapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: winsta.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: mscms.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: coloradapterclient.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: wpnapps.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: rmclient.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: xmllite.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: usermgrcli.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: windows.media.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: wlanapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: mswsock.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: firewallapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: fwbase.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: d3d11.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dcomp.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dxgi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: oleacc.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: directmanipulation.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: msacm32.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: msdmo.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: wlanapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: pdh.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: pcpksp.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: tbs.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: ncryptprov.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: cryptowinrt.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: cryptngc.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: ngcksp.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: perfos.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: nw_elf.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: version.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: powrprof.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: umpdc.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: winhttp.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: nw_elf.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: version.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: nw_elf.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: version.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: winmm.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: userenv.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: secur32.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: winhttp.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dwrite.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: sspicli.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: msasn1.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dxgi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: mf.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: mfplat.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: rtworkq.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dcomp.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: nw_elf.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: version.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: winmm.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: userenv.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: secur32.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: winhttp.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dwrite.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: sspicli.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: msasn1.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: mswsock.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: nw_elf.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: version.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: winmm.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: userenv.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: secur32.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: winhttp.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dwrite.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: sspicli.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: msasn1.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: nw_elf.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: version.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: winmm.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: userenv.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: secur32.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: winhttp.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dwrite.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: sspicli.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: msasn1.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: node.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: node.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: powrprof.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: umpdc.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: mswsock.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: nw_elf.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: version.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: winmm.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: userenv.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: secur32.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: winhttp.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dwrite.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: sspicli.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: msasn1.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: amsi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Section loaded: profapi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: urlmon.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: version.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: wlanapi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: winhttp.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: secur32.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: iertutil.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: srvcli.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: netutils.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: profapi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: sspicli.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: amsi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: userenv.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Section loaded: ondemandconnroutehelper.dll

Source: C:\Users\user\Downloads\Setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: PC App Store.lnk.16.dr	LNK file: ..\..\..\..\..\..\PCAppStore\PcAppStore.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCAppStore

Jump to behavior

Source:	Binary string: cryptbase.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: crypt32.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dnsapi.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ProviderInfottp.pdb source: NW_store.exe, 0000001B.00000003.2197859895.000001FD1ADC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: core.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdb source: NW_store.exe, 0000001B.00000003.2192648110.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189516417.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190215188.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192492342.000001FD1AAE2000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolForegroundWorkerspool.pdb. source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: (bcryptprimitives.pdbJ- source: NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System32\SHELL32.dllimitives.pdb source: NW_store.exe, 0000001B.00000003.2218391443.000001FD1AAEE000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: n.pdb) source: NW_store.exe, 0000001B.00000003.2197859895.000001FD1ADC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winspool.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: secur32.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcrt.pdb source: NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190412847.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189953314.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192648110.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192492342.000001FD1AAE2000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolForegroundWorkerrenv.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\nw85_win64\node-webkit\src\outst\nw\nw_elf.dll.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dows.UI.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rClient.pdb source: NW_store.exe, 0000001B.00000003.2218391443.000001FD1AAEE000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: twinapi.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shcore.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: advapi32.pdb source: NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190412847.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189953314.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192648110.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192492342.000001FD1AAE2000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: upapi.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System32\bcrypt.dllomponents.pdbj, source: NW_store.exe, 0000001B.00000003.2218391443.000001FD1AAEE000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: &Windows.Storage.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcrt.pdbP source: NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190412847.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189953314.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192648110.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gpapi.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolBackgroundWorkerupapi.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System32\cfgmgr32.dllging.pdb source: NW_store.exe, 0000001B.00000003.2218391443.000001FD1AAEE000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msctf.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wkscli.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dhcpcsvc.pdb7 source: NW_store.exe, 0000001B.00000003.2197859895.000001FD1ADC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ws2_32.pdb source: NW_store.exe, 0000001B.00000003.2192648110.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189516417.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190215188.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winspool.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2212242751.000001FD1AAE6000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: w.nitialexe\nw.exe.pdb@ source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\nw85_win64\node-webkit\src\outst\nw\ffmpeg.dll.pdbdllH source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WLDP.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nsi.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D22000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sspicli.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ole32.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: "CoreMessaging.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D22000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winmm.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gpapi.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: powrprof.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rt4.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ole32.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\nw85_win64\node-webkit\src\outst\nw\initialexe\nw.exe.pdbnents.dll source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: &twinapi.appcore.pdbI source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shlwapi.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Windows.UI.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D22000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Build\Build_1092c_D20241025T171023\fa_rss\Watchdog\x64\Release\Watchdog.pdb source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000016.00000000.2062781959.00007FF7AD95A000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: msasn1.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System32\SETUPAPI.dllging.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\nw85_win64\node-webkit\src\outst\nw\nw_elf.dll.pdbjs\NW_store.exe source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cfgmgr32.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: combase.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2212242751.000001FD1AAE6000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: lient.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gdi32full.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dpapi.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: w.w_elf.dll.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: omponents.pdb source: NW_store.exe, 0000001B.00000003.2218391443.000001FD1AAEE000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: usermgrcli.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: kernelbase.pdb source: NW_store.exe, 0000001A.00000003.2199227440.000001BAEB5C1000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2205116638.000001BAEB5E0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203377060.000001FD1ADDD000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192648110.000001FD18D63000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\SYSTEM32\netutils.dlltorage.pdb source: NW_store.exe, 0000001B.00000003.2218391443.000001FD1AAEE000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: UMPDC.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wtsapi32.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolForegroundWorkerr32.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dhcpcsvc.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2197859895.000001FD1ADC5000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: netutils.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wkscli.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dpapi.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: &twinapi.appcore.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D22000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: combase.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\nw85_win64\node-webkit\src\outst\nw\nw.dll.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: iphlpapi.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winsta.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shell32.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winhttp.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sspicli.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: kernelbase.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192648110.000001FD18D63000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp_win.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: XmlLite.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System32\PROPSYS.dllllamework.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2212242751.000001FD1AAE6000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: fmpeg.dll.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gdi32.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rpcrt4.pdbP source: NW_store.exe, 0000001B.00000003.2192648110.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189516417.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190215188.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\nw85_win64\node-webkit\src\outst\nw\initialexe\nw.exe.pdb source: NW_store.exe, 0000001A.00000000.2149139566.00007FF76BD10000.00000002.00000001.01000000.0000001A.sdmp, NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolForegroundWorkermgr32.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bcrypt.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sechost.pdb source: NW_store.exe, 0000001B.00000003.2193211390.000001FD1AAE6000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190412847.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2212242751.000001FD1AAE6000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189953314.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192648110.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192492342.000001FD1AAE2000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: agementAPI.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Windows.UI.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\zak\Downloads\Inetc\Unicode\Plugins\inetc.pdb source: Setup.exe, 0000000E.00000002.1769492942.000000000040A000.00000004.00000001.01000000.00000006.sdmp, inetc.dll.16.dr
Source:	Binary string: propsys.pdb source: NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: $Kernel.Appcore.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Build\Build_1092c_D20241025T171023\fa_rss\AppStoreUpdater\Release\auto_updater.pdb source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002F62000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dhcpcsvc.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msctf.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolForegroundWorkerapps.pdbdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: (bcryptprimitives.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscms.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: renv.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: user32.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: w.dll.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\nw85_win64\node-webkit\src\outst\nw\nw.dll.pdbnwjs\NW_store.exe source: NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winmm.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msasn1.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: devobj.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: UMPDC.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WindowManagementAPI.pdbnlaapi.pdbdbp source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nw.exe.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: win32u.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: RmClient.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: UxTheme.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: 000000000006er32.pdbE source: NW_store.exe, 0000001B.00000003.2197859895.000001FD1ADC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: base.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: &Windows.Storage.pdbE source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winsta.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolForegroundWorkerdows.UI.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bcrypt.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: spool.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: InputHost.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: utHost.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: pcsvc6.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: pterClient.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\SYSTEM32\WTSAPI32.dllagementAPI.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wintrust.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192648110.000001FD18D63000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nitialexe\nw.exe.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\nw85_win64\node-webkit\src\outst\nw\ffmpeg.dll.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000022.00000002.2366756696.00007FFF0C64C000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: ntmarta.pdb source: NW_store.exe, 0000001B.00000003.2192648110.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189516417.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190215188.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192492342.000001FD1AAE2000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: CLBCatQ.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D22000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ,ColorAdapterClient.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Build\Build_1092c_D20241025T171023\fa_rss\AppStoreUpdater\Release\auto_updater.pdb1 source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002F62000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: CLBCatQ.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shlwapi.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntmarta.pdbP source: NW_store.exe, 0000001B.00000003.2192648110.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189516417.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190215188.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: kernel32.pdb source: NW_store.exe, 0000001A.00000003.2199227440.000001BAEB5C1000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2205116638.000001BAEB5E0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203377060.000001FD1ADDD000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192648110.000001FD18D63000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ionsSee.pdb source: NW_store.exe, 0000001B.00000003.2197859895.000001FD1ADC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gdi32.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolForegroundWorkerutHost.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WinTypes.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: imm32.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: InputHost.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D22000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: UxTheme.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp_win.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: "CoreMessaging.pdbw. source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wpnapps.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: iphlpapi.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: n.pdb source: NW_store.exe, 0000001B.00000003.2197859895.000001FD1ADC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: propsys.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscms.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: version.pdbP source: NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190412847.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\nw85_win64\node-webkit\src\outst\nw\nw.dll.pdbV source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shell32.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: kernel32.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192648110.000001FD18D63000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wpnapps.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: $Kernel.Appcore.pdb. source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: MMDevAPI.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System32\ADVAPI32.dllelf.dll.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: XmlLite.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolForegroundWorkerrt4.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: imm32.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: DWrite.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: advapi32.pdbP source: NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190412847.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189953314.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192648110.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System32\Windows.UI.dllcore.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: profapi.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolForegroundWorkerpcsvc6.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: comctl32.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\SYSTEM32\usermgrcli.dllrClient.pdb source: NW_store.exe, 0000001B.00000003.2218391443.000001FD1AAEE000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: userenv.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ,TextInputFramework.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D22000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdbP source: NW_store.exe, 0000001B.00000003.2192648110.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189516417.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190215188.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ttp.pdb source: NW_store.exe, 0000001B.00000003.2197859895.000001FD1ADC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: secur32.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\nw85_win64\node-webkit\src\outst\nw\ffmpeg.dll.pdb( source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: 000000000004ionsSee.pdb source: NW_store.exe, 0000001B.00000003.2197859895.000001FD1ADC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: netutils.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WinTypes.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D22000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ,ColorAdapterClient.pdb] source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rpcrt4.pdb source: NW_store.exe, 0000001B.00000003.2192648110.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193211390.000001FD1AAE6000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189516417.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2212242751.000001FD1AAE6000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190215188.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192492342.000001FD1AAE2000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WindowManagementAPI.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218391443.000001FD1AAEE000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2191134084.000001FD1AAEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sechost.pdbP source: NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190412847.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189953314.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192648110.000001FD18D4A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: powrprof.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: user32.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dhcpcsvc6.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Build\Build_1092c_D20241025T171023\fa_rss\engine\Release\PCAppStore.pdb source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062217764.00007FF7D13EB000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: ThreadPoolForegroundWorkerlient.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shcore.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: torage.pdb source: NW_store.exe, 0000001B.00000003.2218391443.000001FD1AAEE000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ost.pdb source: NW_store.exe, 0000001B.00000003.2197859895.000001FD1ADC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nsi.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: MMDevAPI.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolBackgroundWorkerbase.pdb( source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: amework.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: usermgrcli.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: elf.dll.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WindowManagementAPI.pdbows.UI.dll resourceses source: NW_store.exe, 0000001B.00000003.2191134084.000001FD1AAEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nw.dll.pdb source: NW_store.exe, 0000001A.00000003.2199227440.000001BAEB5C1000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2205116638.000001BAEB5E6000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2202873976.000001FD1AB2F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dnsapi.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D22000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: userenv.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2212242751.000001FD1AAE6000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: setupapi.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nlaapi.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winhttp.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: oleaut32.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: r32.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: devobj.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gdi32full.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: (CoreUIComponents.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D22000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: RmClient.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: w.w.dll.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: &twinapi.appcore.pdbb36 source: NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dhcpcsvc6.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D22000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: profapi.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System32\XmlLite.dllpterClient.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WLDP.pdb source: NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: DWrite.pdbP source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: AddressFamilyost.pdb source: NW_store.exe, 0000001B.00000003.2197859895.000001FD1ADC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: w_elf.dll.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ws2_32.pdbP source: NW_store.exe, 0000001B.00000003.2192648110.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2189516417.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190215188.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D67000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolForegroundWorkerrmgrcli.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mgr32.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ypt.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\nw85_win64\node-webkit\src\outst\nw\nw_elf.dll.pdb- source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: version.pdb source: NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2190412847.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D49000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192492342.000001FD1AAE2000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: (CoreUIComponents.pdb)* source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wintrust.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: twinapi.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2213438978.000001FD18D22000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\nw85_win64\node-webkit\src\outst\nw\ffmpeg.dll.pdbfile specified. source: NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ging.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218391443.000001FD1AAEE000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rmgrcli.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: apps.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cryptbase.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ThreadPoolForegroundWorkerypt.pdbdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cfgmgr32.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: NW_store.exe, 0000001A.00000003.2199227440.000001BAEB5C1000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2205116638.000001BAEB5E6000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2161823271.000001FD18D64000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192648110.000001FD18D63000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18D9B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: w.fmpeg.dll.pdb' source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wtsapi32.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2195216437.000001FD18DB7000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2203812979.000001FD18DA7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: oleaut32.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\SYSTEM32\dhcpcsvc6.DLLcore.pdb$ source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: imitives.pdb source: NW_store.exe, 0000001B.00000003.2218391443.000001FD1AAEE000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: er32.pdb source: NW_store.exe, 0000001B.00000003.2197859895.000001FD1ADC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: comctl32.pdb source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218251420.000001FD18D1E000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2210764126.000001FD18D15000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: setupapi.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nlaapi.pdbP source: NW_store.exe, 0000001B.00000003.2190901175.000001FD18D23000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: crypt32.pdb source: NW_store.exe, 0000001B.00000003.2184109991.000001FD18D10000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2187515342.000001FD1ACDC000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2188677836.000001FD1ACEB000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2193749501.000001FD18D1C000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2192041336.000001FD18D20000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2211373413.000001FD1AAE3000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001B.00000003.2218725560.000001FD1AAE5000.00000004.00000020.00020000.00000000.sdmp

Source: vulkan-1.dll.16.dr	Static PE information: real checksum: 0x0 should be: 0xe0b14
Source: System.dll.16.dr	Static PE information: real checksum: 0x0 should be: 0x3d68
Source: nsJSON.dll.16.dr	Static PE information: real checksum: 0x0 should be: 0x6718
Source: nsJSON.dll.14.dr	Static PE information: real checksum: 0x0 should be: 0x6718
Source: libEGL.dll.16.dr	Static PE information: real checksum: 0x0 should be: 0x7ddc6
Source: vk_swiftshader.dll.16.dr	Static PE information: real checksum: 0x0 should be: 0x44caa7
Source: inetc.dll.16.dr	Static PE information: real checksum: 0x0 should be: 0x13c41
Source: inetc.dll.14.dr	Static PE information: real checksum: 0x0 should be: 0x13c41
Source: System.dll.14.dr	Static PE information: real checksum: 0x0 should be: 0x3d68
Source: e74cc629-2643-4c2d-83a5-14cbab20c252.tmp.0.dr	Static PE information: real checksum: 0x3937f should be: 0x33912
Source: nsDialogs.dll.14.dr	Static PE information: real checksum: 0x0 should be: 0x2f9b
Source: libGLESv2.dll.16.dr	Static PE information: real checksum: 0x0 should be: 0x7b9652
Source: notification_helper.exe.16.dr	Static PE information: real checksum: 0x0 should be: 0x11edb8
Source: NSISFastLib.dll.14.dr	Static PE information: real checksum: 0x0 should be: 0x30512
Source: ffmpeg.dll.16.dr	Static PE information: real checksum: 0x0 should be: 0x1f8136
Source: NW_store.exe.16.dr	Static PE information: real checksum: 0x0 should be: 0x23ab08
Source: nw_elf.dll.16.dr	Static PE information: real checksum: 0x0 should be: 0x124d11
Source: Math.dll.16.dr	Static PE information: real checksum: 0x0 should be: 0x155a8
Source: NSISFastLib.dll.16.dr	Static PE information: real checksum: 0x0 should be: 0x30512

Source: vk_swiftshader.dll.16.dr	Static PE information: section name: .gxfg
Source: vk_swiftshader.dll.16.dr	Static PE information: section name: .retplne
Source: vk_swiftshader.dll.16.dr	Static PE information: section name: .voltbl
Source: vk_swiftshader.dll.16.dr	Static PE information: section name: _RDATA
Source: vulkan-1.dll.16.dr	Static PE information: section name: .gxfg
Source: vulkan-1.dll.16.dr	Static PE information: section name: .retplne
Source: vulkan-1.dll.16.dr	Static PE information: section name: .voltbl
Source: vulkan-1.dll.16.dr	Static PE information: section name: _RDATA
Source: NW_store.exe.16.dr	Static PE information: section name: .gxfg
Source: NW_store.exe.16.dr	Static PE information: section name: .retplne
Source: NW_store.exe.16.dr	Static PE information: section name: .voltbl
Source: NW_store.exe.16.dr	Static PE information: section name: CPADinfo
Source: NW_store.exe.16.dr	Static PE information: section name: _RDATA
Source: NW_store.exe.16.dr	Static PE information: section name: malloc_h
Source: ffmpeg.dll.16.dr	Static PE information: section name: .gxfg
Source: ffmpeg.dll.16.dr	Static PE information: section name: .retplne
Source: ffmpeg.dll.16.dr	Static PE information: section name: .voltbl
Source: ffmpeg.dll.16.dr	Static PE information: section name: _RDATA
Source: libEGL.dll.16.dr	Static PE information: section name: .gxfg
Source: libEGL.dll.16.dr	Static PE information: section name: .retplne
Source: libEGL.dll.16.dr	Static PE information: section name: .voltbl
Source: libEGL.dll.16.dr	Static PE information: section name: _RDATA
Source: libEGL.dll.16.dr	Static PE information: section name: malloc_h
Source: libGLESv2.dll.16.dr	Static PE information: section name: .gxfg
Source: libGLESv2.dll.16.dr	Static PE information: section name: .retplne
Source: libGLESv2.dll.16.dr	Static PE information: section name: .voltbl
Source: libGLESv2.dll.16.dr	Static PE information: section name: _RDATA
Source: libGLESv2.dll.16.dr	Static PE information: section name: malloc_h
Source: node.dll.16.dr	Static PE information: section name: .gxfg
Source: node.dll.16.dr	Static PE information: section name: .retplne
Source: node.dll.16.dr	Static PE information: section name: .voltbl
Source: node.dll.16.dr	Static PE information: section name: _RDATA
Source: notification_helper.exe.16.dr	Static PE information: section name: .gxfg
Source: notification_helper.exe.16.dr	Static PE information: section name: .retplne
Source: notification_helper.exe.16.dr	Static PE information: section name: .voltbl
Source: notification_helper.exe.16.dr	Static PE information: section name: CPADinfo
Source: notification_helper.exe.16.dr	Static PE information: section name: _RDATA
Source: notification_helper.exe.16.dr	Static PE information: section name: malloc_h
Source: nw.dll.16.dr	Static PE information: section name: .gxfg
Source: nw.dll.16.dr	Static PE information: section name: .retplne
Source: nw.dll.16.dr	Static PE information: section name: .rodata
Source: nw.dll.16.dr	Static PE information: section name: .voltbl
Source: nw.dll.16.dr	Static PE information: section name: CPADinfo
Source: nw.dll.16.dr	Static PE information: section name: LZMADEC
Source: nw.dll.16.dr	Static PE information: section name: _RDATA
Source: nw.dll.16.dr	Static PE information: section name: malloc_h
Source: nw_elf.dll.16.dr	Static PE information: section name: .crthunk
Source: nw_elf.dll.16.dr	Static PE information: section name: .gxfg
Source: nw_elf.dll.16.dr	Static PE information: section name: .retplne
Source: nw_elf.dll.16.dr	Static PE information: section name: .voltbl
Source: nw_elf.dll.16.dr	Static PE information: section name: CPADinfo
Source: nw_elf.dll.16.dr	Static PE information: section name: _RDATA
Source: nw_elf.dll.16.dr	Static PE information: section name: malloc_h

Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Code function: 32_3_00007FFF76444110 push ecx; ret	32_3_00007FFF76444136
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Code function: 32_3_00007FFF764470A7 push ebp; iretd	32_3_00007FFF764470A8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Code function: 32_3_00007FFF76446720 push ecx; ret	32_3_00007FFF76446746
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Code function: 32_3_00007FFF76408267 push eax; ret	32_3_00007FFF7640826D
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Code function: 32_3_00007FFF76407D52 push ecx; retf	32_3_00007FFF76407D53

Source: C:\Users\user\Downloads\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	File created: C:\Users\user\PCAppStore\nwjs\nw_elf.dll	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\e74cc629-2643-4c2d-83a5-14cbab20c252.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	File created: C:\Users\user\AppData\Local\Temp\nsl346B.tmp\nsJSON.dll	Jump to dropped file
Source: C:\Users\user\Downloads\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\nsyBD07.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	File created: C:\Users\user\PCAppStore\nwjs\notification_helper.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	File created: C:\Users\user\PCAppStore\nwjs\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	File created: C:\Users\user\AppData\Local\Temp\nsl346B.tmp\Math.dll	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 997642.crdownload (copy)	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Setup.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	File created: C:\Users\user\PCAppStore\nwjs\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	File created: C:\Users\user\PCAppStore\nwjs\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	File created: C:\Users\user\PCAppStore\Watchdog.exe	Jump to dropped file
Source: C:\Users\user\Downloads\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\nsyBD07.tmp\NSISFastLib.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	File created: C:\Users\user\PCAppStore\Uninstaller.exe	Jump to dropped file
Source: C:\Users\user\Downloads\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\nsyBD07.tmp\inetc.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	File created: C:\Users\user\PCAppStore\nwjs\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	File created: C:\Users\user\PCAppStore\nwjs\node.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	File created: C:\Users\user\PCAppStore\nwjs\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	File created: C:\Users\user\PCAppStore\nwjs\ffmpeg.dll	Jump to dropped file
Source: C:\Users\user\Downloads\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\nsyBD07.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	File created: C:\Users\user\AppData\Local\Temp\nsl346B.tmp\NSISFastLib.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	File created: C:\Users\user\PCAppStore\nwjs\nw.dll	Jump to dropped file
Source: C:\Users\user\Downloads\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\nsyBD07.tmp\nsJSON.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	File created: C:\Users\user\PCAppStore\AutoUpdater.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	File created: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	File created: C:\Users\user\AppData\Local\Temp\nsl346B.tmp\inetc.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	File created: C:\Users\user\PCAppStore\PcAppStore.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	File created: C:\Users\user\AppData\Local\Temp\nsl346B.tmp\System.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	File created: C:\Users\user\PCAppStore\ui\static\js\2.801b9d83.chunk.js.LICENSE.txt			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	File created: C:\Users\user\PCAppStore\ReadMe.txt			Jump to behavior

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PcAppStoreUpdater	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Watchdog	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PCAppStore	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PCAppStore	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PCAppStore	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PcAppStoreUpdater	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PcAppStoreUpdater	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Watchdog	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Watchdog	Jump to behavior

Source: C:\Users\user\Downloads\Setup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Downloads\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\PcAppStore.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\Downloads\Setup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Caption from Win32_DiskDrive
Source: C:\Users\user\Downloads\Setup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Size from Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Caption from Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Size from Win32_DiskDrive

Source: C:\Users\user\PCAppStore\Watchdog.exe

Thread delayed: delay time: 300000

Jump to behavior

Source: C:\Users\user\PCAppStore\PcAppStore.exe

Window / User API: threadDelayed 607

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Dropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl346B.tmp\nsJSON.dll	Jump to dropped file
Source: C:\Users\user\Downloads\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyBD07.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Downloads\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyBD07.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Dropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\notification_helper.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Dropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl346B.tmp\NSISFastLib.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl346B.tmp\Math.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Dropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\nw.dll	Jump to dropped file
Source: C:\Users\user\Downloads\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyBD07.tmp\nsJSON.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Dropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Dropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\Downloads\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyBD07.tmp\NSISFastLib.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Dropped PE file which has not been started: C:\Users\user\PCAppStore\AutoUpdater.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Dropped PE file which has not been started: C:\Users\user\PCAppStore\Uninstaller.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl346B.tmp\inetc.dll	Jump to dropped file
Source: C:\Users\user\Downloads\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyBD07.tmp\inetc.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl346B.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Dropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\libGLESv2.dll	Jump to dropped file

Source: C:\Users\user\PCAppStore\Watchdog.exe TID: 1436	Thread sleep count: 197 > 30	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe TID: 1436	Thread sleep time: -11820000s >= -30000s	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe TID: 6056	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe TID: 1436	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe TID: 7384	Thread sleep time: -30000s >= -30000s

Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe

Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809

Source: C:\Users\user\Downloads\Setup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select ReleaseDate from Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select ReleaseDate from Win32_BIOS

Source: C:\Users\user\Downloads\Setup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select UUID from Win32_ComputerSystemProduct
Source: C:\Users\user\Downloads\Setup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Vendor from Win32_ComputerSystemProduct
Source: C:\Users\user\Downloads\Setup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Version from Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select UUID from Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Vendor from Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Version from Win32_ComputerSystemProduct
Source: C:\Users\user\PCAppStore\PcAppStore.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\PCAppStore\PcAppStore.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT HypervisorPresent FROM Win32_ComputerSystem
Source: C:\Users\user\PCAppStore\PcAppStore.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct

Source: C:\Users\user\Downloads\Setup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\Downloads\Setup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\Downloads\Setup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\Downloads\Setup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor

Source: C:\Users\user\PCAppStore\PcAppStore.exe	Last function: Thread delayed
Source: C:\Users\user\PCAppStore\Watchdog.exe	Last function: Thread delayed
Source: C:\Users\user\PCAppStore\Watchdog.exe	Last function: Thread delayed

Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	File Volume queried: C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Code Cache\js FullSizeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	File Volume queried: C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Code Cache\wasm FullSizeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	File Volume queried: C:\Users\user\AppData\Local\pc_app_store\User Data\Default\blob_storage\6a40f284-062c-47bc-a022-d0c99940c1ef FullSizeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	File Volume queried: C:\Users\user\AppData\Local\pc_app_store\User Data\Default FullSizeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	File Volume queried: C:\Users\user\AppData\Local\pc_app_store\User Data FullSizeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	File Volume queried: C:\Users\user\AppData\Local\pc_app_store\User Data\Default FullSizeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	File Volume queried: C:\Users\user\AppData\Local\pc_app_store\User Data\Default FullSizeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	File Volume queried: C:\Users\user\AppData\Local\pc_app_store\User Data\Default FullSizeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	File Volume queried: C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data FullSizeInformation

Source: C:\Users\user\PCAppStore\Watchdog.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Thread delayed: delay time: 300000	Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe	Thread delayed: delay time: 60000	Jump to behavior

Source: PcAppStore.exe, 00000025.00000003.2322581029.000002375DB54000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: stringComputer System ProductComputer System ProductSZMER10CC82742-52E4-CC1D-A08F-D3A4823E8F04VMware, Inc.
Source: PcAppStore.exe, 00000025.00000003.2320041335.000002375DB84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: stringComputer System ProductComputer System ProductSZMER10CC82742-52E4-CC1D-A08F-D3A4823E8F04VMware, Inc.NoneOCESSOR_LEV+
Source: PcAppStore.exe, 00000025.00000003.2320100588.000002375DB4F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: explorer.exe, 00000017.00000000.2109377461.000000000BFF2000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: 500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&
Source: explorer.exe, 00000017.00000003.2077159872.00000000089C9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00lT8
Source: credits.html.16.dr	Binary or memory string: * Neither the name of the VMware, Inc. nor the names of its contributors
Source: NW_store.exe, 00000022.00000002.2366756696.00007FFF0C64C000.00000002.00000001.01000000.0000001D.sdmp	Binary or memory string: vmncVMware Screen Codec / VMware Videovp5On2 VP5vp6On2 VP6vp6fOn2 VP6 (Flash version)targaTruevision Targa imageimage/x-targaimage/x-tga
Source: explorer.exe, 00000017.00000000.2067327465.0000000000B14000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: #CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Setup.exe, 0000000E.00000003.1768990124.000000000069A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000E.00000002.1770691866.0000000002A60000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2183625720.0000000003980000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2159551577.000000000060F000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000016.00000003.2151515505.000001D2CAD04000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000016.00000003.2121658597.000001D2CACF9000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000016.00000003.2166617606.000001D2CAD04000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.2093659592.00000000088D7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.2093659592.0000000008888000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: PcAppStore.exe, 00000019.00000002.2119379626.000001D5B1281000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: stringComputer System ProductComputer System ProductSZMER10CC82742-52E4-CC1D-A08F-D3A4823E8F04VMware, Inc.None+
Source: explorer.exe, 00000017.00000000.2067327465.0000000000B14000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000q;
Source: Setup.exe, 0000000E.00000003.1769321991.0000000000639000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware%2C+Inc%2E
Source: nsrDE1D.tmp, 00000010.00000002.2163365560.000000000066B000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2159551577.0000000000625000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SeE
Source: explorer.exe, 00000017.00000003.2077159872.00000000089C9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}9d2}i
Source: credits.html.16.dr	Binary or memory string: Copyright (c) 2011, VMware, Inc.
Source: PcAppStore.exe, 00000019.00000002.2119379626.000001D5B1281000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWs\%SystemRoot%\system32\mswsock.dlla\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=4OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common File
Source: NW_store.exe, 0000001B.00000003.2198879236.000001FD1AC54000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: explorer.exe, 00000017.00000000.2093659592.000000000893A000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
Source: explorer.exe, 00000017.00000003.2282205383.000000000C0D7000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}+
Source: explorer.exe, 00000017.00000003.2077159872.00000000089C9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000T
Source: explorer.exe, 00000017.00000000.2073568677.00000000071FF000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}W6
Source: PcAppStore.exe, 00000025.00000003.2320100588.000002375DB4F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: stringComputer System ProductComputer System ProductSZMER10CC82742-52E4-CC1D-A08F-D3A4823E8F04VMware, Inc.Noney*
Source: explorer.exe, 00000017.00000003.2083502571.00000000088E3000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTcaVMWare
Source: nsrDE1D.tmp, 00000010.00000003.2043521399.000000000398D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: LstringVMware, Inc.4
Source: explorer.exe, 00000017.00000000.2093659592.0000000008888000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000nf
Source: explorer.exe, 00000017.00000000.2093659592.0000000008770000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWUSm32\DriverStore\en-US\usb.inf_locK
Source: PcAppStore.exe, 00000025.00000003.2322581029.000002375DB67000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll.
Source: explorer.exe, 00000017.00000000.2093659592.0000000008888000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NECVMWar VMware SATA CD00
Source: credits.html.16.dr	Binary or memory string: ARE DISCLAIMED. IN NO EVENT SHALL VMWARE, INC. OR CONTRIBUTORS BE LIABLE FOR
Source: Setup.exe, 0000000E.00000003.1769321991.0000000000639000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.I
Source: nsrDE1D.tmp, 00000010.00000003.2043521399.000000000398D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.]'z
Source: explorer.exe, 00000017.00000000.2067327465.0000000000B14000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: explorer.exe, 00000017.00000003.2077159872.00000000089C9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: NW_store.exe, 00000022.00000002.2366756696.00007FFF0C64C000.00000002.00000001.01000000.0000001D.sdmp	Binary or memory string: VMware Screen Codec / VMware Video
Source: nsrDE1D.tmp, 00000010.00000003.2159551577.0000000000625000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware%2C+Inc%2EY

Source: C:\Users\user\Downloads\Setup.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Downloads\Setup.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://pcapp.store/installing.php?guid=0CC82742-52E4-CC1D-A08F-D3A4823E8F04&winver=19045&version=fa.1092c&nocache=20241101044703.142&_fcid=1730450804060690	Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe C:\Users\user\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x240,0x244,0x248,0x23c,0x24c,0x7fff32eda960,0x7fff32eda970,0x7fff32eda980
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2036 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:2
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=2268 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:3
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=2504 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --no-appcompat-clear --no-sandbox --file-url-path-alias="/gen=C:\Users\user\PCAppStore\nwjs\gen" --no-zygote --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1730444082539097 --launch-time-ticks=6808286653 --mojo-platform-channel-handle=2604 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:2
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=3980 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe C:\Users\user\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\pc_app_store\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x1b4,0x1b8,0x1bc,0x194,0x1c0,0x7ff76bd58a60,0x7ff76bd58a70,0x7ff76bd58a80

Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe

File opened: Windows Firewall: C:\Windows\System32\FirewallAPI.dll

Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe c:\users\user\pcappstore\nwjs\nw_store.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\pc_app_store\user data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=c:\users\user\appdata\local\pc_app_store\user data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\pc_app_store\user data\crashpad" "--metrics-dir=c:\users\user\appdata\local\pc_app_store\user data" --annotation=plat=win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x240,0x244,0x248,0x23c,0x24c,0x7fff32eda960,0x7fff32eda970,0x7fff32eda980
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe c:\users\user\pcappstore\nwjs\nw_store.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\pc_app_store\user data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\pc_app_store\user data\crashpad" --annotation=plat=win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x1b4,0x1b8,0x1bc,0x194,0x1c0,0x7ff76bd58a60,0x7ff76bd58a70,0x7ff76bd58a80
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=gpu-process --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=2036 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:2
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=2268 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:3
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=2504 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=renderer --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --nwjs --extension-process --no-appcompat-clear --no-sandbox --file-url-path-alias="/gen=c:\users\user\pcappstore\nwjs\gen" --no-zygote --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1730444082539097 --launch-time-ticks=6808286653 --mojo-platform-channel-handle=2604 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:2
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=utility --utility-sub-type=chrome.mojom.processormetrics --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=3980 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe c:\users\user\pcappstore\nwjs\nw_store.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\pc_app_store\user data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=c:\users\user\appdata\local\pc_app_store\user data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\pc_app_store\user data\crashpad" "--metrics-dir=c:\users\user\appdata\local\pc_app_store\user data" --annotation=plat=win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x240,0x244,0x248,0x23c,0x24c,0x7fff32eda960,0x7fff32eda970,0x7fff32eda980
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=gpu-process --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=2036 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:2
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=2268 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:3
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=2504 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=renderer --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --nwjs --extension-process --no-appcompat-clear --no-sandbox --file-url-path-alias="/gen=c:\users\user\pcappstore\nwjs\gen" --no-zygote --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1730444082539097 --launch-time-ticks=6808286653 --mojo-platform-channel-handle=2604 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:2
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=utility --utility-sub-type=chrome.mojom.processormetrics --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=3980 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Process created: C:\Users\user\PCAppStore\nwjs\NW_store.exe c:\users\user\pcappstore\nwjs\nw_store.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\pc_app_store\user data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\pc_app_store\user data\crashpad" --annotation=plat=win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x1b4,0x1b8,0x1bc,0x194,0x1c0,0x7ff76bd58a60,0x7ff76bd58a70,0x7ff76bd58a80

Source: explorer.exe, 00000017.00000003.2313950661.000000000BF97000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.2266932706.000000000BF7F000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd23
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062217764.00007FF7D13EB000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: C++/WinRT version:2.0.220110.5productr_binErreCode=%dproductcreate_shortcutshortcut_erroroid=%luSHGetFolderPath_error_code=%X&oid=%luQueryInterface_error_code=%X&oid=%luCoCreateInstance_error_code=%X&oid=%lu.lnknfinityan.lnkindsnanproductshortcut_delete_erroreC=%XnfinityanindsnanShell_TrayWnd0p+00p+0unknowninfnan(ind)nannan(snan)infnan(ind)nannan(snan)infnan(ind)nannan(snan)infnan(ind)nannan(snan)unknownLTRRTLLTRinfnan(ind)nannan(snan)infnan(ind)nannan(snan)type must be string, but is type must be number, but is type must be number, but is \\\HKEY_CLASSES_ROOTHKEY_CURRENT_USERHKEY_LOCAL_MACHINEHKEY_USERSHKEY_CURRENT_CONFIGCurrentBuildBuildNumberSOFTWARE\Microsoft\Windows NT\CurrentVersionSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon%lu%02X\/Software\Microsoft\Windows\CurrentVersion\RunSoftware\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\RunSoftware\Microsoft\Windows\CurrentVersion\RunSoftware\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\RunSoftware\PCAppStoreAppParamdefaultauto_start_oncontextual_offersperiodical_offerspersonilized_notifications%us%5B%5D=\uparamsnametype must be string, but is paramsnameurloidentryAppfilePath0e+000e+00RoGetActivationFactorycombase.dllCoIncrementMTAUsagecombase.dll^(https?://(?:www.)?([^/]+))(/.*)?$.dllDllGetActivationFactoryURL format is not valid : %wsWinHTTP 1.0handle initialization failuretimeout init failurehandle connection failureGEThandle request creation failurehandle request or response failurefile creation failurequery data not availableurloidlastTimeoTypesessionIdtagretmessageRoGetActivationFactorycombase.dllCoIncrementMTAUsagecombase.dll.dllDllGetActivationFactoryiconnamepathoidanimationsoundmenu_storemenu_searchhttps://pcapp.storenamepathmicrosoftIdregpathkeydisplaycountblinkingnotificationIconrunParampathalt_linkmicrosoftIdregpathkeyidwinGetParamsaltActionaltActionParamsid
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062217764.00007FF7D13EB000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: productui_creation_failedcreation_error=%wsui_termination_errordirectory_switching_error.\nwjs\NW_store.exe.\ui\.ENDING_EVT_HANDLERWindows Default Lock ScreenLocalPCAppStore\productsystem_eventmsg=shutdownshutdownproductsystem_eventmsg=logofflogoff{"app":{"menu_search":{"search_request":"", "page":"b"},"show_window": "menu_search"}}ClosingEventproducttaskbar_handler_erroreCode=%luShell_TrayWndStartTrayDummySearchControlTrayButton
Source: explorer.exe, 00000017.00000000.2073045024.0000000004550000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.2068166275.0000000001111000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000017.00000000.2098635300.0000000008A18000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000017.00000000.2068166275.0000000001111000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062217764.00007FF7D13EB000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: list too longStartMenuExperienceHost.exeShellExperienceHost.exeexplorer.exeSearchApp.exeSearchUI.exeSearchHost.exe{"app":{"menu_search":{"search_request":"", "page":"a", "top":%d,"left":%d,"bottom":%d,"right":%d},"show_window": "menu_search"}}{"app": {"hide_window": "menu_search"}}Shell_TrayWndStartTrayDummySearchControlTrayButton
Source: explorer.exe, 00000017.00000000.2067327465.0000000000AF7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: *Progman
Source: explorer.exe, 00000017.00000000.2068166275.0000000001111000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: bProgram Manager]
Source: explorer.exe, 00000017.00000000.2068166275.0000000001111000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062217764.00007FF7D13EB000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: TTaskbarShell_TrayWnd{"app": {"init":{"direction":"%c","screen_size":{"with_topbar":%d,"t":%d,"l":%d,"b":%d,"r":%d}}}}
Source: nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062217764.00007FF7D13EB000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: NWidgetShell_TrayWndTrayNotifyWnd+TrayButtonPNGArial++

Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\package.json VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\package.json VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\d87a233b676578ff_0 VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\d87a233b676578ff_0 VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\AppData\Local\pc_app_store\User Data\Crashpad\reports\d568d9a6-4397-419e-9348-c22d5887c7d2.dmp VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\AppData\Local\pc_app_store\User Data\Crashpad\reports\d568d9a6-4397-419e-9348-c22d5887c7d2.dmp VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\AppData\Local\pc_app_store\User Data\Crashpad\reports\d568d9a6-4397-419e-9348-c22d5887c7d2.dmp VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\AppData\Local\pc_app_store\User Data\Crashpad\reports\d568d9a6-4397-419e-9348-c22d5887c7d2.dmp VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\AppData\Local\pc_app_store\User Data\Crashpad\reports\d568d9a6-4397-419e-9348-c22d5887c7d2.dmp VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\package.json VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\package.json VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Network\SCT Auditing Pending Reports VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\package.json VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\package.json VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\static\js\2.801b9d83.chunk.bin VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\static\js\main.717b6389.chunk.bin VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\static\js\2.801b9d83.chunk.bin VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\static\js\main.717b6389.chunk.bin VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\static\js\2.801b9d83.chunk.bin VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\static\js\main.717b6389.chunk.bin VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe	Queries volume information: C:\Users\user\PCAppStore\ui\package.json VolumeInformation

Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe

Code function: 34_2_00007FFF0C60CB70 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

34_2_00007FFF0C60CB70

Source: C:\Users\user\Downloads\Setup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiSpywareProduct
Source: C:\Users\user\Downloads\Setup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiVirusProduct
Source: C:\Users\user\Downloads\Setup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiSpywareProduct
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from FirewallProduct

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\PCAppStore\nwjs\NW_store.exe

File opened: C:\Users\user\AppData\Local\pc_app_store\User Data\Default\History

Source: en-GB.pak.info.16.dr	Binary or memory string: IDS_WIN_8_1_OBSOLETE,943,../../chrome/app/chromium_strings.grd
Source: en-GB.pak.info.16.dr	Binary or memory string: IDS_WIN_XP_VISTA_OBSOLETE,940,../../chrome/app/chromium_strings.grd
Source: en-GB.pak.info.16.dr	Binary or memory string: IDS_WIN_8_OBSOLETE,942,../../chrome/app/chromium_strings.grd
Source: en-GB.pak.info.16.dr	Binary or memory string: IDS_WIN_7_OBSOLETE,941,../../chrome/app/chromium_strings.grd

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	141 Windows Management Instrumentation	1 Windows Service	1 Windows Service	11 Masquerading	1 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Command and Scripting Interpreter	111 Registry Run Keys / Startup Folder	12 Process Injection	1 Disable or Modify Tools	LSASS Memory	1 Query Registry	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 DLL Side-Loading	111 Registry Run Keys / Startup Folder	141 Virtualization/Sandbox Evasion	Security Account Manager	231 Security Software Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	12 Process Injection	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	141 Virtualization/Sandbox Evasion	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	1 Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	1 File and Directory Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	144 System Information Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\nsl346B.tmp\Math.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl346B.tmp\NSISFastLib.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl346B.tmp\System.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl346B.tmp\inetc.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl346B.tmp\nsJSON.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp	38%	ReversingLabs	Win32.PUA.Generic
C:\Users\user\AppData\Local\Temp\nsyBD07.tmp\NSISFastLib.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsyBD07.tmp\System.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsyBD07.tmp\inetc.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsyBD07.tmp\nsDialogs.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsyBD07.tmp\nsJSON.dll	0%	ReversingLabs
C:\Users\user\PCAppStore\AutoUpdater.exe	5%	ReversingLabs
C:\Users\user\PCAppStore\PcAppStore.exe	5%	ReversingLabs
C:\Users\user\PCAppStore\Uninstaller.exe	29%	ReversingLabs
C:\Users\user\PCAppStore\Watchdog.exe	5%	ReversingLabs
C:\Users\user\PCAppStore\nwjs\NW_store.exe	0%	ReversingLabs
C:\Users\user\PCAppStore\nwjs\d3dcompiler_47.dll	0%	ReversingLabs
C:\Users\user\PCAppStore\nwjs\ffmpeg.dll	0%	ReversingLabs
C:\Users\user\PCAppStore\nwjs\libEGL.dll	0%	ReversingLabs
C:\Users\user\PCAppStore\nwjs\libGLESv2.dll	0%	ReversingLabs
C:\Users\user\PCAppStore\nwjs\node.dll	0%	ReversingLabs
C:\Users\user\PCAppStore\nwjs\notification_helper.exe	0%	ReversingLabs
C:\Users\user\PCAppStore\nwjs\nw.dll	0%	ReversingLabs
C:\Users\user\PCAppStore\nwjs\nw_elf.dll	0%	ReversingLabs
C:\Users\user\PCAppStore\nwjs\vk_swiftshader.dll	0%	ReversingLabs
C:\Users\user\PCAppStore\nwjs\vulkan-1.dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://api.msn.com:443/v1/news/Feed/Windows?	0%	URL Reputation	safe
http://anglebug.com/4633	0%	URL Reputation	safe
https://anglebug.com/7382	0%	URL Reputation	safe
https://deff.nelreports.net/api/report?cat=msn	0%	URL Reputation	safe
http://anglebug.com/6929	0%	URL Reputation	safe
https://anglebug.com/7246	0%	URL Reputation	safe
https://anglebug.com/7369	0%	URL Reputation	safe
https://anglebug.com/7489	0%	URL Reputation	safe
https://issuetracker.google.com/161903006	0%	URL Reputation	safe
http://anglebug.com/4722	0%	URL Reputation	safe
http://anglebug.com/3502	0%	URL Reputation	safe
http://anglebug.com/3623	0%	URL Reputation	safe
http://anglebug.com/3625	0%	URL Reputation	safe
http://anglebug.com/3624	0%	URL Reputation	safe
http://anglebug.com/4836	0%	URL Reputation	safe
http://schemas.micro	0%	URL Reputation	safe
http://anglebug.com/3970	0%	URL Reputation	safe
http://anglebug.com/5901	0%	URL Reputation	safe
https://anglebug.com/7161	0%	URL Reputation	safe
https://anglebug.com/7162	0%	URL Reputation	safe
http://anglebug.com/5906	0%	URL Reputation	safe
http://anglebug.com/2517	0%	URL Reputation	safe
http://anglebug.com/4937	0%	URL Reputation	safe
https://issuetracker.google.com/166809097	0%	URL Reputation	safe

Name	Malicious	Antivirus Detection	Reputation
https://pcapp.store/pixel.gif	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://support.google.com/chrome/answer/6098869	nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002FF3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.jcpenney.com/cartFAULT	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://api.msn.com:443/v1/news/Feed/Windows?	explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.2069271781.0000000002F60000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/4633	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://anglebug.com/7382	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://shop.advanceautoparts.com/web/OrderItemDisplay	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://deff.nelreports.net/api/report?cat=msn	explorer.exe, 00000017.00000000.2093659592.0000000008888000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://chrome.google.com/webstore?hl=urCtrl$2	nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.zappos.com/cart	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://pcapp.store/c=	chrome.exe, 00000000.00000003.2388900720.0000700C06B40000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://unisolated.invalid/	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC528000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://pcapp.store/pixel.gif?guid=&version=&evt_src=fa_&evt_action=&nocache=%s%s%s%s%s%s%s%s&%s%s%I	nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062217764.00007FF7D13EB000.00000002.00000001.01000000.00000016.sdmp	false		unknown
https://td.doubleclick.net/td/rul/858128210?random=1730450826199&cv=11&fst=1730450826199&fmt=3&bg=ff	chrome.exe, 00000000.00000003.2418527778.0000700C0713C000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://www.altardstate.com/cart/	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.adorama.com/als.mvc/cartview	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.theatlantic.com/politics/archive/2014/02/the-origin-of-liberalism/283780/	explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://anglebug.com/6929	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppche_16.dbK	explorer.exe, 00000017.00000000.2093659592.0000000008888000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://pcapp.store/pixel.gif?guid=0CC82742-52E4-CC1D-A08F-D3A4823E8F04&version=fa.1092c&evt_src=fa_	nsrDE1D.tmp, 00000010.00000003.2159551577.0000000000625000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2041291767.000000000398E000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2042942776.000000000398D000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2041106057.000000000398C000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2042760465.000000000398D000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2042140026.000000000398C000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2042545328.000000000398C000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2038239230.000000000398C000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2160818890.000000000398E000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2043521399.000000000398D000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2038127190.00000000039BA000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000003.2248389877.000002D2D6732000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.bestbuy.com/cart	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.msn.com/en-us/news/politics/george-santos-former-campaign-treasurer-pleads-guilty-to-fed	explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858128210/?random=1730450805546&cv=	chrome.exe, 00000000.00000003.2377001774.0000700C05424000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://issuetracker.google.com/274859104PLn	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC528000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://anglebug.com/7246	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC528000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://anglebug.com/7369	NW_store.exe, 0000001A.00000003.2201049652.000001BAEC53A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://anglebug.com/7489	NW_store.exe, 0000001A.00000003.2201049652.000001BAEC53A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/lifestyle/lifestyle-buzz/there-are-8-types-of-intelligence-which-one-is-yo	explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://pcapp.store/api/api.phpp	chrome.exe, 00000000.00000003.2413191184.0000700C06BD0000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928&cr_id=688766820456&cv_id=0&format=$	chrome.exe, 00000000.00000003.2432402694.0000700C05AF8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://pcapp.store	chrome.exe, 00000000.00000003.2431002352.0000700C0529C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2392711594.0000700C04B64000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2428924626.0000700C04C9C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2395320133.0000700C0717C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2417200343.0000700C04B74000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2352355911.0000700C04F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2424249739.0000700C05348000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2432402694.0000700C05AF8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2397708924.0000700C06F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2418527778.0000700C0713C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000000.00000003.2374326622.0000700C05674000.00000004.00000001.00020000.00000000.sdmp, NW_store.exe, 00000020.00000003.2249401907.00001A8000A0C000.00000004.00001000.00020000.00000000.sdmp	true		unknown
https://d74queuslupub.cloudfront.net/	Watchdog.exe, 00000016.00000003.2151515505.000001D2CAD04000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000016.00000003.2121658597.000001D2CACF9000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000016.00000003.2166617606.000001D2CAD04000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000016.00000003.2121658597.000001D2CACD3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://pcapp.store/pixel.gif?guid=0CC82742-52E4-CC1D-A08F-D3A4823E8F04&version=fa.1092c&inst_parent	nsrDE1D.tmp, 00000010.00000003.2159551577.0000000000625000.00000004.00000020.00020000.00000000.sdmp, nsrDE1D.tmp, 00000010.00000003.2160818890.00000000039C9000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://issuetracker.google.com/161903006	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.ae.com/us/en/cart	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.joann.com/cartncodings	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com/chrome/privacy/eula_text.htmlT&r	nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://cart.ebay.com/	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy	chrome.exe, 00000000.00000003.2392711594.0000700C04B64000.00000004.00000001.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2200761130.000001BAEBA80000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.gamestop.com/cart/	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928&cr_id=688766820411&cv_id=0&format=$	chrome.exe, 00000000.00000003.2432402694.0000700C05AF8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928&cr_id=688766820429&cv_id=0&format=$	chrome.exe, 00000000.00000003.2432402694.0000700C05AF8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://www.boostmobile.com/cart.html	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://chrome.google.com/webstore?hl=ukCtrl$1	nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.samsclub.com/cart	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://anglebug.com/4722	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.msn.com/v1/news/Feed/Windows?activityId=BD3E37D8C4964A928E655AAA177D65C1&timeOut=5000&oc	explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://www.overstock.com/cart	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156786411258&cr_id=682239234212&cv_id=0&format=$	chrome.exe, 00000000.00000003.2432402694.0000700C05AF8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://www.bloomingdales.com/my-bag	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://anglebug.com/357700	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://pcapp.storeDate:	chrome.exe, 00000000.00000003.2395320133.0000700C0717C000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://pcapp.store/LMEMH	Setup.exe, 0000000E.00000002.1770691866.0000000002A60000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://pcapp.store/cpg_fa.php?guid=An	nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062217764.00007FF7D13EB000.00000002.00000001.01000000.00000016.sdmp	false		unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13g0vJ-dark	explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928&cr_id=688766820414&cv_id=0&format=$	chrome.exe, 00000000.00000003.2432402694.0000700C05AF8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://www.hottopic.com/cartT	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://anglebug.com/3502	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/3623	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/3625	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/3624	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://chrome.google.com/webstore?hl=en-GB	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC491000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.officedepot.com/cart/shoppingCart.do	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=fa.1092c;Z~	Setup.exe, 0000000E.00000002.1769947363.00000000005BA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://anglebug.com/4836	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.weightwatchers.com/us/shop/checkout/cart	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC2F0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://schemas.micro	explorer.exe, 00000017.00000000.2068466797.00000000025F0000.00000002.00000001.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg	explorer.exe, 00000017.00000000.2073568677.0000000007147000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://ch.search.yahoo.com/favicon.ico	chrome.exe, 00000000.00000003.2352355911.0000700C04F64000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://chrome.google.com/webstore?hl=zh-TWCtrl$1	nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://pcapp.store/lp/appstore/img/favicon.ico	chrome.exe, 00000000.00000003.2383109953.0000700C04CFC000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://issuetracker.google.com/309028728	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://anglebug.com/3970	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC514000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://chromeenterprise.google/policies/#BrowserSwitcherUrlList	nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928&cr_id=688766820444&cv_id=0&format=$	chrome.exe, 00000000.00000003.2432402694.0000700C05AF8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://pcapp.store/fa_version.php?guid=%ws&res=link&nocache=%d	nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002F62000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.talbots.com/cart	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928&cr_id=688795175019&cv_id=0&format=$	chrome.exe, 00000000.00000003.2432402694.0000700C05AF8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://chrome.google.com/webstore/category/extensions	nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.sephora.com/basket8	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://anglebug.com/8297	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC528000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://pcapp.storenamepathmicrosoftIdregpathkeydisplaycountblinkingnotificationIconrunParampathalt_	nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002C6B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000015.00000000.2062217764.00007FF7D13EB000.00000002.00000001.01000000.00000016.sdmp	false		unknown
http://anglebug.com/5901	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://passwords.google.comT	nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://anglebug.com/7161	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.bhphotovideo.com/find/cart.jsp	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://anglebug.com/7162	NW_store.exe, 0000001A.00000003.2201049652.000001BAEC53A000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://issuetracker.google.com/292285899	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC528000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving	chrome.exe, 00000000.00000003.2388900720.0000700C06B40000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://anglebug.com/5906	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/2517	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/4937	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2211510307.000001BAEC585000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://outlook.comsoft.A	explorer.exe, 00000017.00000003.2266932706.000000000BFDF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000000.2109377461.000000000BFDE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000017.00000003.2078931167.000000000BF65000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://issuetracker.google.com/166809097	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC614000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001A.00000003.2196934902.000001BAEC526000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000001D.00000003.2195704859.0000018D40985000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://myshop.amplify.com/cartive	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.carid.com/cart.php	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.overstock.com/cartw_tab_url	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://android.notify.windows.com/iOS0	explorer.exe, 00000017.00000003.2078931167.000000000BF18000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://www.google.com/chrome/privacy/eula_text.htmlYar&d	nsrDE1D.tmp, 00000010.00000002.2164256961.0000000002877000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.homedepot.com/mycart/home	NW_store.exe, 0000001A.00000003.2211510307.000001BAEC422000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
74.125.133.157	unknown	United States	15169	GOOGLEUS	false
151.101.129.229	unknown	United States	54113	FASTLYUS	false
209.222.21.115	unknown	United States	20473	AS-CHOOPAUS	false
151.101.193.229	unknown	United States	54113	FASTLYUS	false
216.58.206.34	unknown	United States	15169	GOOGLEUS	false
142.250.185.168	unknown	United States	15169	GOOGLEUS	false
216.239.38.181	unknown	United States	15169	GOOGLEUS	false
104.22.45.142	unknown	United States	13335	CLOUDFLARENETUS	false
159.223.126.41	unknown	United States	46118	CELANESE-US	false
142.250.185.202	unknown	United States	15169	GOOGLEUS	false
142.250.181.232	unknown	United States	15169	GOOGLEUS	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.185.163	unknown	United States	15169	GOOGLEUS	false
18.173.205.24	unknown	United States	3	MIT-GATEWAYSUS	false
142.250.186.132	unknown	United States	15169	GOOGLEUS	false
104.22.44.142	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.184.228	unknown	United States	15169	GOOGLEUS	false
142.250.184.200	unknown	United States	15169	GOOGLEUS	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false
172.217.16.142	unknown	United States	15169	GOOGLEUS	false
104.248.126.225	unknown	United States	14061	DIGITALOCEAN-ASNUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
108.177.15.84	unknown	United States	15169	GOOGLEUS	false
172.67.15.14	unknown	United States	13335	CLOUDFLARENETUS	false
172.217.16.206	unknown	United States	15169	GOOGLEUS	false
216.239.32.181	unknown	United States	15169	GOOGLEUS	false
195.181.170.18	unknown	United Kingdom	60068	CDN77GB	false
142.250.185.234	unknown	United States	15169	GOOGLEUS	false
167.99.235.203	unknown	United States	14061	DIGITALOCEAN-ASNUS	false
142.250.185.238	unknown	United States	15169	GOOGLEUS	false
212.102.56.179	unknown	Italy	60068	CDN77GB	false
142.250.181.226	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.196	unknown	United States	15169	GOOGLEUS	false
142.250.185.131	unknown	United States	15169	GOOGLEUS	false
212.102.56.178	unknown	Italy	60068	CDN77GB	false
142.250.185.195	unknown	United States	15169	GOOGLEUS	false
216.58.212.163	unknown	United States	15169	GOOGLEUS	false
45.32.1.23	unknown	United States	20473	AS-CHOOPAUS	false
37.19.194.81	unknown	Ukraine	31343	INTERTELECOMUA	false
142.250.186.42	unknown	United States	15169	GOOGLEUS	false
142.250.185.74	unknown	United States	15169	GOOGLEUS	false
142.250.185.98	unknown	United States	15169	GOOGLEUS	false
169.150.255.180	unknown	United States	2711	SPIRITTEL-ASUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1546627
Start date and time:	2024-11-01 09:45:57 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 36s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://pcapp.store/pixel.gif
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	37
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Detection:	MAL
Classification:	mal64.spyw.evad.win@58/484@0/45
EGA Information:	Failed
HCA Information:	Successful, ratio: 80% Number of executed functions: 6 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
Execution Graph export aborted for target NW_store.exe, PID 1608 because there are no executed function
Execution Graph export aborted for target NW_store.exe, PID 7320 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Skipping network analysis since amount of network traffic is too extensive
VT rate limit hit for: https://pcapp.store/pixel.gif

Simulations

Behavior and APIs

Time	Type	Description
04:47:56	API Interceptor	352x Sleep call for process: Watchdog.exe modified
04:47:57	API Interceptor	233x Sleep call for process: explorer.exe modified
04:48:09	API Interceptor	1x Sleep call for process: NW_store.exe modified

Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	112552
Entropy (8bit):	4.025866067085216
Encrypted:	false
SSDEEP:	768:HcVSdkXGa2B0Xjk0+dOfqn8NALhVFPggCUkqzueZ9R1v12B/wOmbypJDLy3CmMh9:DkB2FOfqnb2b6MhticGun/NFgj/Ka+
MD5:	4DB5AF7C78D4213866D27811832C5964
SHA1:	9845E6A55534CA51B3C1018155D3A5B2A35627A7
SHA-256:	911D86AF8B4BD5746EAC52A8BB08E3632C7DE0B149277DF0FF9E5BDA3C1E8590
SHA-512:	8EF6EC5F4A9A7C60950367E87E919B9DCA37B7FB085CC4C92EFD8BBCC7AFD8C1554C7FBFA4761D3D2325FF5C61731B0F2975C94760828F9C448207AD4B0EF3CB
Malicious:	false
Reputation:	low
Preview:	....h... ...............P..............._...x...d......................].......e.n.-.C.H.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....N.1...........user..:............................................c.a.l.i.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................... ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....N.1...........user..:............................................c.a.l.i..

Process:	C:\Users\user\Downloads\Setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	93386616
Entropy (8bit):	7.99999306217129
Encrypted:	true
SSDEEP:	1572864:52KX1mfH5AoIZnp9/pkhKzHjrSADzxet6X3mRsDqpszbyxjpB3ayh1sN1KGoMy1u:5jExAJh/pksTnFet6mu2G0jptggJ+flP
MD5:	84EE733F8014D22DAD2DFEF725489980
SHA1:	950A437488464103B9BF34610962C22192585BFC
SHA-256:	F42D2BF4A50AB0CDB4A1C43964F0429C4663E27C76D8C61AFA174A531A7819A1
SHA-512:	132C9BE1217804B73F8A99EA44D702E9DA0782CB6BBCC80DB2C2C72BDA1A93D06B2ADEF1B464F9163311F7482B2400553BA082C0F7F3CCF3B42C8C9B881306EB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 38%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf._9..Pf..Pg.LPf._;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*......@6............@.......................... ............@.............................................HO.......... ..X)...........................................................................................text...vf.......h.................. ..`.rdata...............l..............@..@.data...x...........................@....ndata... ...............................rsrc...HO.......P..................@..@................................................................................................................................................................................................................................................................................................................................................

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 1 07:46:30 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.978730313919478
Encrypted:	false
SSDEEP:	48:8DdST+KuHCidAKZdA1FehwiZUklqehAy+3:8Ubv/y
MD5:	526AE96D028A542BFBF3E58EAD86B85C
SHA1:	014A4B8A3426399674A26E461081E6D5FBBA9A2D
SHA-256:	4B52016CB5B6B71D1BDFD561E6CF714A5DBFD0F706D50BBAA0555AFF0953A559
SHA-512:	A55A3F1F016608A503B5FEDF8F2790225BF637FEEE7211D0650D4381B4272DB677CE3C0D44E1D283CAC459B459AA5ADCFF13266C2995F4A49CD8FE20A879275D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....{...:,..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IaY.E....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VaY.E....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VaY.E....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VaY.E..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VaY.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Cr4.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Target ID:	0
Start time:	04:46:27
Start date:	01/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	1
Start time:	04:46:28
Start date:	01/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2008,i,7092667227049171613,2672400075963886792,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	2
Start time:	04:46:29
Start date:	01/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pcapp.store/pixel.gif"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	11
Start time:	04:46:44
Start date:	01/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3228 --field-trial-handle=2008,i,7092667227049171613,2672400075963886792,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	13
Start time:	04:46:49
Start date:	01/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4208 --field-trial-handle=2008,i,7092667227049171613,2672400075963886792,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	14
Start time:	04:46:55
Start date:	01/11/2024
Path:	C:\Users\user\Downloads\Setup.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Downloads\Setup.exe"
Imagebase:	0x400000
File size:	190'056 bytes
MD5 hash:	CE1DA93BC7DF56983CE05CBC5E83C4B1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	15
Start time:	04:47:03
Start date:	01/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" https://pcapp.store/installing.php?guid=0CC82742-52E4-CC1D-A08F-D3A4823E8F04&winver=19045&version=fa.1092c&nocache=20241101044703.142&_fcid=1730450804060690
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	16
Start time:	04:47:25
Start date:	01/11/2024
Path:	C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\nsrDE1D.tmp" /internal 1730450804060690 /force
Imagebase:	0x400000
File size:	93'386'616 bytes
MD5 hash:	84EE733F8014D22DAD2DFEF725489980
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 38%, ReversingLabs
Reputation:	low
Has exited:	true

Target ID:	25
Start time:	04:48:01
Start date:	01/11/2024
Path:	C:\Users\user\PCAppStore\PcAppStore.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\PCAppStore\PcAppStore.exe" /init default showM
Imagebase:	0x7ff7d1180000
File size:	3'116'888 bytes
MD5 hash:	4B88D8ADA8D22622C30D581FC38EAA52
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	26
Start time:	04:48:04
Start date:	01/11/2024
Path:	C:\Users\user\PCAppStore\nwjs\NW_store.exe
Wow64 process (32bit):	false
Commandline:	.\nwjs\NW_store.exe .\ui\.
Imagebase:	0x7ff76bb90000
File size:	2'312'704 bytes
MD5 hash:	E472E46BDFD736351D4B086B4C4CA134
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	false

Target ID:	27
Start time:	04:48:05
Start date:	01/11/2024
Path:	C:\Users\user\PCAppStore\nwjs\NW_store.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x240,0x244,0x248,0x23c,0x24c,0x7fff32eda960,0x7fff32eda970,0x7fff32eda980
Imagebase:	0x7ff76bb90000
File size:	2'312'704 bytes
MD5 hash:	E472E46BDFD736351D4B086B4C4CA134
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	31
Start time:	04:48:10
Start date:	01/11/2024
Path:	C:\Users\user\PCAppStore\nwjs\NW_store.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=2504 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:8
Imagebase:	0x7ff76bb90000
File size:	2'312'704 bytes
MD5 hash:	E472E46BDFD736351D4B086B4C4CA134
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	34
Start time:	04:48:15
Start date:	01/11/2024
Path:	C:\Users\user\PCAppStore\nwjs\NW_store.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=3980 --field-trial-handle=2052,i,9912710646978768218,3650411500597378476,262144 --variations-seed-version /prefetch:8
Imagebase:	0x7ff76bb90000
File size:	2'312'704 bytes
MD5 hash:	E472E46BDFD736351D4B086B4C4CA134
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	37
Start time:	04:48:21
Start date:	01/11/2024
Path:	C:\Users\user\PCAppStore\PcAppStore.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\PCAppStore\PcAppStore.exe" /init default showM
Imagebase:	0x7ff7d1180000
File size:	3'116'888 bytes
MD5 hash:	4B88D8ADA8D22622C30D581FC38EAA52
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://pcapp.store/pixel.gif

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000015.db

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\p[1].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\p[2].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\p[3].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\p[4].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\p[5].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\p[1].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\p[2].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\p[3].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\p[4].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\p[5].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\p[1].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\p[2].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\p[3].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\p[4].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\p[5].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\p[6].gif

Windows Analysis Report
https://pcapp.store/pixel.gif

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre