Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Setup.exe

Overview

General Information

Sample name:Setup.exe
Analysis ID:1635751
MD5:0f9131f87fb905a6a13c584a4011fdd3
SHA1:78368e5a662bc88ce0621045cc3b43cc83aab0ac
SHA256:0a4a1f6ec75b4d44a2c1444d8cca746c99a36662684abc6a67838006e2e4ad84
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Compliance

Score:36
Range:0 - 100

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Creates multiple autostart registry keys
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to check if a connection to the internet is available
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to download and execute PE files
Contains functionality to download and launch executables
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
EXE planting / hijacking vulnerabilities found
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64native
  • Setup.exe (PID: 8668 cmdline: "C:\Users\user\Desktop\Setup.exe" MD5: 0F9131F87FB905A6A13C584A4011FDD3)
    • chrome.exe (PID: 8872 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pcapp.store/installing.php?guid=00000000-0000-0000-0000-D05099DB2397&winver=19042&version=fa.2009&nocache=20250311185930.728&_fcid=1741726344365755 MD5: BB7C48CDDDE076E7EB44022520F40F77)
      • chrome.exe (PID: 9076 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2192,i,16560485422673983836,16616803505807711791,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2208 /prefetch:3 MD5: BB7C48CDDDE076E7EB44022520F40F77)
      • chrome.exe (PID: 8492 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --no-subproc-heap-profiling --field-trial-handle=5124,i,16560485422673983836,16616803505807711791,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5268 /prefetch:8 MD5: BB7C48CDDDE076E7EB44022520F40F77)
      • chrome.exe (PID: 8840 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --no-subproc-heap-profiling --field-trial-handle=5216,i,16560485422673983836,16616803505807711791,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4728 /prefetch:8 MD5: BB7C48CDDDE076E7EB44022520F40F77)
    • PcAppStore.exe (PID: 8212 cmdline: "C:\Users\user\PCAppStore\PcAppStore.exe" /init default MD5: 1D7B2E853186125A599F5E2476D28E6B)
      • PcAppStore.exe (PID: 1420 cmdline: "C:\Users\user\PCAppStore\PcAppStore.exe" /init default /restart MD5: 1D7B2E853186125A599F5E2476D28E6B)
    • Watchdog.exe (PID: 8328 cmdline: "C:\Users\user\PCAppStore\Watchdog.exe" /guid=00000000-0000-0000-0000-D05099DB2397 /rid=20250311185932.2914303375 /ver=fa.2009 MD5: 00D28AB96B6CB2D936922FF7AB7006BE)
  • PcAppStore.exe (PID: 10068 cmdline: "C:\Users\user\PCAppStore\PCAppStore.exe" /init default MD5: 1D7B2E853186125A599F5E2476D28E6B)
  • AutoUpdater.exe (PID: 10216 cmdline: "C:\Users\user\PCAppStore\AutoUpdater.exe" /i MD5: 45DF180325C19906E6C3332F72226586)
  • Watchdog.exe (PID: 9252 cmdline: "C:\Users\user\PCAppStore\Watchdog.exe" /guid=00000000-0000-0000-0000-D05099DB2397 /rid=20250311185932.2914303375 /ver=fa.2009 MD5: 00D28AB96B6CB2D936922FF7AB7006BE)
  • PcAppStore.exe (PID: 9824 cmdline: "C:\Users\user\PCAppStore\PCAppStore.exe" /init default MD5: 1D7B2E853186125A599F5E2476D28E6B)
  • AutoUpdater.exe (PID: 9868 cmdline: "C:\Users\user\PCAppStore\AutoUpdater.exe" /i MD5: 45DF180325C19906E6C3332F72226586)
  • Watchdog.exe (PID: 9224 cmdline: "C:\Users\user\PCAppStore\Watchdog.exe" /guid=00000000-0000-0000-0000-D05099DB2397 /rid=20250311185932.2914303375 /ver=fa.2009 MD5: 00D28AB96B6CB2D936922FF7AB7006BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\PCAppStore\PCAppStore.exe" /init default, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Setup.exe, ProcessId: 8668, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCAppStore

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-11T23:59:35.223158+010020283713Unknown Traffic192.168.11.2049774209.222.21.115443TCP
2025-03-11T23:59:47.666213+010020283713Unknown Traffic192.168.11.2049838209.222.21.115443TCP
2025-03-11T23:59:49.098913+010020283713Unknown Traffic192.168.11.2049839209.222.21.115443TCP
2025-03-11T23:59:50.516413+010020283713Unknown Traffic192.168.11.2049840209.222.21.115443TCP
2025-03-11T23:59:52.616747+010020283713Unknown Traffic192.168.11.2049841209.222.21.115443TCP
2025-03-11T23:59:52.639690+010020283713Unknown Traffic192.168.11.2049842209.222.21.115443TCP
2025-03-11T23:59:53.545492+010020283713Unknown Traffic192.168.11.2049844209.222.21.115443TCP
2025-03-11T23:59:53.938965+010020283713Unknown Traffic192.168.11.2049845209.222.21.115443TCP
2025-03-11T23:59:55.358311+010020283713Unknown Traffic192.168.11.2049846209.222.21.115443TCP
2025-03-11T23:59:58.064414+010020283713Unknown Traffic192.168.11.2049847209.222.21.115443TCP
2025-03-11T23:59:58.777091+010020283713Unknown Traffic192.168.11.2049848209.222.21.115443TCP
2025-03-12T00:00:00.195807+010020283713Unknown Traffic192.168.11.2049849209.222.21.115443TCP
2025-03-12T00:00:03.533107+010020283713Unknown Traffic192.168.11.2049852209.222.21.115443TCP
2025-03-12T00:00:04.614996+010020283713Unknown Traffic192.168.11.2049853209.222.21.115443TCP
2025-03-12T00:00:06.034577+010020283713Unknown Traffic192.168.11.2049854209.222.21.115443TCP
2025-03-12T00:00:09.023826+010020283713Unknown Traffic192.168.11.2049856209.222.21.115443TCP
2025-03-12T00:00:09.457395+010020283713Unknown Traffic192.168.11.2049857209.222.21.115443TCP
2025-03-12T00:00:10.871725+010020283713Unknown Traffic192.168.11.2049858209.222.21.115443TCP
2025-03-12T00:00:14.456355+010020283713Unknown Traffic192.168.11.2049859209.222.21.115443TCP
2025-03-12T00:00:15.308867+010020283713Unknown Traffic192.168.11.2049860209.222.21.115443TCP
2025-03-12T00:00:16.732806+010020283713Unknown Traffic192.168.11.2049861209.222.21.115443TCP
2025-03-12T00:00:16.824236+010020283713Unknown Traffic192.168.11.2049862209.222.21.115443TCP
2025-03-12T00:00:17.716731+010020283713Unknown Traffic192.168.11.2049864209.222.21.115443TCP
2025-03-12T00:00:19.880206+010020283713Unknown Traffic192.168.11.2049865209.222.21.115443TCP
2025-03-12T00:00:21.165151+010020283713Unknown Traffic192.168.11.2049866209.222.21.115443TCP
2025-03-12T00:00:22.583482+010020283713Unknown Traffic192.168.11.2049867209.222.21.115443TCP
2025-03-12T00:00:25.421072+010020283713Unknown Traffic192.168.11.2049869209.222.21.115443TCP
2025-03-12T00:00:26.010823+010020283713Unknown Traffic192.168.11.2049870209.222.21.115443TCP
2025-03-12T00:00:27.429667+010020283713Unknown Traffic192.168.11.2049871209.222.21.115443TCP
2025-03-12T00:00:30.840959+010020283713Unknown Traffic192.168.11.2049872209.222.21.115443TCP
2025-03-12T00:00:31.874010+010020283713Unknown Traffic192.168.11.2049873209.222.21.115443TCP
2025-03-12T00:00:33.300779+010020283713Unknown Traffic192.168.11.2049874209.222.21.115443TCP
2025-03-12T00:00:36.275134+010020283713Unknown Traffic192.168.11.2049878209.222.21.115443TCP
2025-03-12T00:00:36.721082+010020283713Unknown Traffic192.168.11.2049879209.222.21.115443TCP
2025-03-12T00:00:38.141716+010020283713Unknown Traffic192.168.11.2049881209.222.21.115443TCP
2025-03-12T00:00:41.703174+010020283713Unknown Traffic192.168.11.2049883209.222.21.115443TCP
2025-03-12T00:00:42.571710+010020283713Unknown Traffic192.168.11.2049884209.222.21.115443TCP
2025-03-12T00:00:43.991132+010020283713Unknown Traffic192.168.11.2049885209.222.21.115443TCP
2025-03-12T00:00:47.235540+010020283713Unknown Traffic192.168.11.2049886209.222.21.115443TCP
2025-03-12T00:00:48.418033+010020283713Unknown Traffic192.168.11.2049887209.222.21.115443TCP
2025-03-12T00:00:49.847115+010020283713Unknown Traffic192.168.11.2049888209.222.21.115443TCP
2025-03-12T00:00:52.670222+010020283713Unknown Traffic192.168.11.2049889209.222.21.115443TCP
2025-03-12T00:00:53.297934+010020283713Unknown Traffic192.168.11.2049890209.222.21.115443TCP
2025-03-12T00:00:54.723717+010020283713Unknown Traffic192.168.11.2049891209.222.21.115443TCP
2025-03-12T00:00:58.096662+010020283713Unknown Traffic192.168.11.2049892209.222.21.115443TCP
2025-03-12T00:00:59.155348+010020283713Unknown Traffic192.168.11.2049893209.222.21.115443TCP
2025-03-12T00:01:00.580003+010020283713Unknown Traffic192.168.11.2049894209.222.21.115443TCP
2025-03-12T00:01:03.530190+010020283713Unknown Traffic192.168.11.2049895209.222.21.115443TCP
2025-03-12T00:01:03.999682+010020283713Unknown Traffic192.168.11.2049896209.222.21.115443TCP
2025-03-12T00:01:04.062751+010020283713Unknown Traffic192.168.11.2049897209.222.21.115443TCP
2025-03-12T00:01:04.483322+010020283713Unknown Traffic192.168.11.2049898209.222.21.115443TCP
2025-03-12T00:01:06.281851+010020283713Unknown Traffic192.168.11.2049900209.222.21.115443TCP
2025-03-12T00:01:18.743265+010020283713Unknown Traffic192.168.11.2049904209.222.21.115443TCP
2025-03-12T00:01:20.164124+010020283713Unknown Traffic192.168.11.2049905209.222.21.115443TCP
2025-03-12T00:01:21.583401+010020283713Unknown Traffic192.168.11.2049906209.222.21.115443TCP
2025-03-12T00:01:22.999260+010020283713Unknown Traffic192.168.11.2049907209.222.21.115443TCP
2025-03-12T00:01:23.502697+010020283713Unknown Traffic192.168.11.2049908209.222.21.115443TCP
2025-03-12T00:01:24.436766+010020283713Unknown Traffic192.168.11.2049909209.222.21.115443TCP
2025-03-12T00:01:25.852175+010020283713Unknown Traffic192.168.11.2049910209.222.21.115443TCP
2025-03-12T00:01:28.920852+010020283713Unknown Traffic192.168.11.2049911209.222.21.115443TCP
2025-03-12T00:01:30.310984+010020283713Unknown Traffic192.168.11.2049912209.222.21.115443TCP
2025-03-12T00:01:31.729991+010020283713Unknown Traffic192.168.11.2049913209.222.21.115443TCP
2025-03-12T00:01:34.486146+010020283713Unknown Traffic192.168.11.2049914209.222.21.115443TCP
2025-03-12T00:01:35.164761+010020283713Unknown Traffic192.168.11.2049915209.222.21.115443TCP
2025-03-12T00:01:36.668145+010020283713Unknown Traffic192.168.11.2049916209.222.21.115443TCP
2025-03-12T00:01:39.897801+010020283713Unknown Traffic192.168.11.2049917209.222.21.115443TCP
2025-03-12T00:01:41.230576+010020283713Unknown Traffic192.168.11.2049918209.222.21.115443TCP
2025-03-12T00:01:42.656543+010020283713Unknown Traffic192.168.11.2049919209.222.21.115443TCP
2025-03-12T00:01:45.325796+010020283713Unknown Traffic192.168.11.2049920209.222.21.115443TCP
2025-03-12T00:01:46.097592+010020283713Unknown Traffic192.168.11.2049921209.222.21.115443TCP
2025-03-12T00:01:47.529774+010020283713Unknown Traffic192.168.11.2049922209.222.21.115443TCP
2025-03-12T00:01:50.746909+010020283713Unknown Traffic192.168.11.2049923209.222.21.115443TCP
2025-03-12T00:01:52.075298+010020283713Unknown Traffic192.168.11.2049924209.222.21.115443TCP
2025-03-12T00:01:53.499389+010020283713Unknown Traffic192.168.11.2049925209.222.21.115443TCP
2025-03-12T00:01:56.285311+010020283713Unknown Traffic192.168.11.2049926209.222.21.115443TCP
2025-03-12T00:01:56.919523+010020283713Unknown Traffic192.168.11.2049927209.222.21.115443TCP
2025-03-12T00:01:58.336265+010020283713Unknown Traffic192.168.11.2049928209.222.21.115443TCP
2025-03-12T00:02:01.711609+010020283713Unknown Traffic192.168.11.2049929209.222.21.115443TCP
2025-03-12T00:02:02.841338+010020283713Unknown Traffic192.168.11.2049930209.222.21.115443TCP
2025-03-12T00:02:04.273551+010020283713Unknown Traffic192.168.11.2049931209.222.21.115443TCP
2025-03-12T00:02:07.142734+010020283713Unknown Traffic192.168.11.2049932209.222.21.115443TCP
2025-03-12T00:02:07.698579+010020283713Unknown Traffic192.168.11.2049933209.222.21.115443TCP
2025-03-12T00:02:09.114541+010020283713Unknown Traffic192.168.11.2049934209.222.21.115443TCP
2025-03-12T00:02:12.567700+010020283713Unknown Traffic192.168.11.2049935209.222.21.115443TCP
2025-03-12T00:02:13.536248+010020283713Unknown Traffic192.168.11.2049936209.222.21.115443TCP
2025-03-12T00:02:14.951707+010020283713Unknown Traffic192.168.11.2049937209.222.21.115443TCP
2025-03-12T00:02:18.107830+010020283713Unknown Traffic192.168.11.2049938209.222.21.115443TCP
2025-03-12T00:02:19.371149+010020283713Unknown Traffic192.168.11.2049939209.222.21.115443TCP
2025-03-12T00:02:20.791526+010020283713Unknown Traffic192.168.11.2049940209.222.21.115443TCP
2025-03-12T00:02:23.535668+010020283713Unknown Traffic192.168.11.2049941209.222.21.115443TCP
2025-03-12T00:02:24.229383+010020283713Unknown Traffic192.168.11.2049942209.222.21.115443TCP
2025-03-12T00:02:25.643265+010020283713Unknown Traffic192.168.11.2049943209.222.21.115443TCP
2025-03-12T00:02:28.965699+010020283713Unknown Traffic192.168.11.2049944209.222.21.115443TCP
2025-03-12T00:02:30.066273+010020283713Unknown Traffic192.168.11.2049945209.222.21.115443TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-11T23:59:47.410615+010028033043Unknown Traffic192.168.11.2049835209.222.21.115443TCP
2025-03-12T00:01:18.273471+010028033043Unknown Traffic192.168.11.2049902209.222.21.115443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\PCAppStore\AutoUpdater.exeReversingLabs: Detection: 20%
Source: C:\Users\user\PCAppStore\PcAppStore.exeReversingLabs: Detection: 21%
Source: C:\Users\user\PCAppStore\Watchdog.exeReversingLabs: Detection: 18%
Multi AV Scanner detection for submitted file
Source: Setup.exeReversingLabs: Detection: 26%
Source: Setup.exeVirustotal: Detection: 32%Perma Link
Source: C:\Users\user\Desktop\Setup.exeEXE: C:\Users\user\PCAppStore\PcAppStore.exeJump to behavior
Source: C:\Users\user\Desktop\Setup.exeEXE: C:\Users\user\PCAppStore\AutoUpdater.exeJump to behavior
Source: C:\Users\user\Desktop\Setup.exeEXE: C:\Users\user\PCAppStore\Uninstaller.exeJump to behavior
Source: C:\Users\user\Desktop\Setup.exeEXE: C:\Users\user\PCAppStore\Watchdog.exeJump to behavior
Source: https://pcapp.store/?p=lpd_installing_r2&guid=00000000-0000-0000-0000-D05099DB2397&_fcid=1741726344365755&_winver=19042&version=fa.2009HTTP Parser: No favicon
Source: https://pcapp.store/?p=lpd_installing_r2&guid=00000000-0000-0000-0000-D05099DB2397&_fcid=1741726344365755&_winver=19042&version=fa.2009HTTP Parser: No favicon
Source: https://pcapp.store/?p=lpd_installing_r2&guid=00000000-0000-0000-0000-D05099DB2397&_fcid=1741726344365755&_winver=19042&version=fa.2009HTTP Parser: No favicon
Source: https://pcapp.store/?p=lpd_installing_r2&guid=00000000-0000-0000-0000-D05099DB2397&_fcid=1741726344365755&_winver=19042&version=fa.2009HTTP Parser: No favicon
Source: https://pcapp.store/?p=lpd_installing_r2&guid=00000000-0000-0000-0000-D05099DB2397&_fcid=1741726344365755&_winver=19042&version=fa.2009HTTP Parser: No favicon

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\Setup.exeEXE: C:\Users\user\PCAppStore\PcAppStore.exeJump to behavior
Source: C:\Users\user\Desktop\Setup.exeEXE: C:\Users\user\PCAppStore\AutoUpdater.exeJump to behavior
Source: C:\Users\user\Desktop\Setup.exeEXE: C:\Users\user\PCAppStore\Uninstaller.exeJump to behavior
Source: C:\Users\user\Desktop\Setup.exeEXE: C:\Users\user\PCAppStore\Watchdog.exeJump to behavior
Uses 32bit PE files
Source: Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Creates a directory in C:\Program Files
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\scoped_dir8872_213608675Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_BITS_8872_1580283357Jump to behavior
Creates a software uninstall entry
Source: C:\Users\user\Desktop\Setup.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCAppStoreJump to behavior
Creates license or readme file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\PCAppStore\ReadMe.txtJump to behavior
PE / OLE file has a valid certificate
Source: Setup.exeStatic PE information: certificate valid
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.164.116.25:443 -> 192.168.11.20:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49774 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49835 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49841 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49842 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49843 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49844 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49847 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.164.116.25:443 -> 192.168.11.20:49850 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49852 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49856 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49859 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49862 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49863 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49864 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49865 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.164.116.125:443 -> 192.168.11.20:49868 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49869 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49872 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49878 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49883 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49886 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49889 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49892 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49895 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49897 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49898 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49900 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49902 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49908 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49911 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49914 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49915 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49917 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49920 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49923 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49926 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49929 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49930 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49932 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49935 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49938 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49941 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49944 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\Build\Build_2009_D20250220T163010\fa_rss\engine\Release\PCAppStore.pdb source: PcAppStore.exe, 00000003.00000002.4598633668.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678634675.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791283394.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787156029.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029721404.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034626005.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593511802.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457508235.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.dr
Source: Binary string: C:\Build\Build_2009_D20250220T163010\fa_rss\AppStoreUpdater\Release\auto_updater.pdb1 source: AutoUpdater.exe, 0000000A.00000000.3867391210.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe, 0000000A.00000002.3884907412.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe, 0000000E.00000000.4109925472.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe, 0000000E.00000002.4125890892.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe.0.dr
Source: Binary string: C:\Users\zak\Downloads\Inetc\Unicode\Plugins\inetc.pdb source: inetc.dll.0.dr
Source: Binary string: C:\Build\Build_2009_D20250220T163010\fa_rss\AppStoreUpdater\Release\auto_updater.pdb source: AutoUpdater.exe, 0000000A.00000000.3867391210.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe, 0000000A.00000002.3884907412.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe, 0000000E.00000000.4109925472.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe, 0000000E.00000002.4125890892.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe.0.dr
Source: Binary string: C:\Build\Build_2009_D20250220T163010\fa_rss\Watchdog\x64\Release\Watchdog.pdb source: Watchdog.exe, 00000004.00000000.3682250163.00007FF74102A000.00000002.00000001.01000000.00000010.sdmp, Watchdog.exe, 00000004.00000002.5455861086.00007FF74102A000.00000002.00000001.01000000.00000010.sdmp, Watchdog.exe, 0000000B.00000002.5455981953.00007FF74102A000.00000002.00000001.01000000.00000010.sdmp, Watchdog.exe, 0000000B.00000000.3948251288.00007FF74102A000.00000002.00000001.01000000.00000010.sdmp, Watchdog.exe, 0000000F.00000000.4190554794.00007FF74102A000.00000002.00000001.01000000.00000010.sdmp, Watchdog.exe, 0000000F.00000002.5456051723.00007FF74102A000.00000002.00000001.01000000.00000010.sdmp, Watchdog.exe.0.dr
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C49
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406873 FindFirstFileW,FindClose,0_2_00406873
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B98B7C00 FindFirstFileExW,GetLastError,DeleteFileW,FindNextFileW,GetLastError,RemoveDirectoryW,3_2_00007FF6B98B7C00
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A3DE8C GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,3_2_00007FF6B9A3DE8C
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A3DDDC FindClose,FindFirstFileExW,GetLastError,GetCurrentDirectoryW,GetLastError,3_2_00007FF6B9A3DDDC
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF741020A20 FindFirstFileExW,FindNextFileW,FindClose,FindClose,4_2_00007FF741020A20
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF741011D10 FindClose,FindFirstFileExW,GetLastError,4_2_00007FF741011D10
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF741011D84 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,4_2_00007FF741011D84
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF2D8B0 wsprintfW,FindFirstFileW,wsprintfW,DeleteFileW,FindNextFileW,FindClose,10_2_00007FF6DAF2D8B0
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF7DAF8 FindFirstFileExW,FindNextFileW,FindClose,FindClose,10_2_00007FF6DAF7DAF8
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B98BBA90 InternetCheckConnectionW,3_2_00007FF6B98BBA90
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A20C70 URLDownloadToFileW,ShellExecuteExW,3_2_00007FF6B9A20C70
Source: global trafficHTTP traffic detected: GET /api/pcapp_engine.php?a=config&guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009 HTTP/1.1Host: pcapp.storeCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /api/pcapp_engine.php?a=config&guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009 HTTP/1.1Host: pcapp.storeCache-Control: no-cache
Source: Joe Sandbox ViewIP Address: 64.176.203.93 64.176.203.93
Source: Joe Sandbox ViewIP Address: 209.222.21.115 209.222.21.115
Source: Joe Sandbox ViewIP Address: 104.248.126.225 104.248.126.225
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49774 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49841 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49846 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49857 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49859 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49840 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49844 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49849 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49873 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49839 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49883 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49848 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49860 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49866 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49838 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49845 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49884 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49862 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49842 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49852 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49847 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49858 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49887 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49889 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49888 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49872 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49918 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49874 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49854 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49921 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49892 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49865 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49896 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49897 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49931 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49945 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49900 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49878 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49861 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49907 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49906 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49920 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49867 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49904 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49881 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49879 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49925 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49864 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49923 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49898 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49886 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49853 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49905 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49929 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49927 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49870 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49910 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49909 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49911 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49871 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49856 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49916 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49913 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49944 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49894 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49912 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49885 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49928 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49937 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49917 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49869 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49939 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49914 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49893 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49938 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49908 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49933 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49890 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49941 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49935 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49924 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49895 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49930 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49891 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49932 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49936 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49915 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49926 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49919 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49940 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49922 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49943 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49934 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.20:49942 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.11.20:49835 -> 209.222.21.115:443
Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.11.20:49902 -> 209.222.21.115:443
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.36
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.131
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.131
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.24.83
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.24.83
Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.157
Source: unknownTCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknownTCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A20C70 URLDownloadToFileW,ShellExecuteExW,3_2_00007FF6B9A20C70
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_installer&evt_action=localmac&addon[]=D0-50-99-DB-23-97&addon[]=D0-50-99-DB-23-98&_fcid=1741726344365755 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_mini_installer&evt_action=show_page&p=wel&_fcid=1741726344365755 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_mini_installer&evt_action=start&_fcid=1741726344365755 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_mini_installer&evt_action=show_page&p=installing&_fcid=1741726344365755 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_installer&evt_action=start&_fcid=1741726344365755 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_installer&evt_action=installing&_fcid=1741726344365755 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_installer&evt_action=done&_fcid=1741726344365755 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /installing.php?guid=00000000-0000-0000-0000-D05099DB2397&winver=19042&version=fa.2009&nocache=20250311185930.728&_fcid=1741726344365755 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_mini_installer&evt_action=done&_fcid=1741726344365755 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /?p=lpd_installing_r2&guid=00000000-0000-0000-0000-D05099DB2397&_fcid=1741726344365755&_winver=19042&version=fa.2009 HTTP/1.1Host: pcapp.storeConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /p.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=watch_dog&evt_action=signal_event&data={"counter":0,"rid":"20250311185932.2914303375","isPCAppRunning":1,"registryInfo":{"pcAppInAutostart":1},"filesystemInfo":{"AutoUpdaterExeExists":1,"PcAppStoreExeExists":1,"pcappstoreIcoExists":1,"UninstallerExeExists":1,"startupFolderLnkExists":1}}&eng_time=1741733972&nocache=31943 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: d74queuslupub.cloudfront.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /lp/lpd_installing_r2/src/lpd_installing_r2.min.css?nocache=1731594251558 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pcapp.store/?p=lpd_installing_r2&guid=00000000-0000-0000-0000-D05099DB2397&_fcid=1741726344365755&_winver=19042&version=fa.2009Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/front_img/lp/lpd_installing_r2/img/done_windows_icon.svg HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/?p=lpd_installing_r2&guid=00000000-0000-0000-0000-D05099DB2397&_fcid=1741726344365755&_winver=19042&version=fa.2009Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /src/main.js HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pcapp.store/?p=lpd_installing_r2&guid=00000000-0000-0000-0000-D05099DB2397&_fcid=1741726344365755&_winver=19042&version=fa.2009Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /lp/lpd_installing_r2/src/lpd_installing_r2.min.js?nocache=1731594251558 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pcapp.store/?p=lpd_installing_r2&guid=00000000-0000-0000-0000-D05099DB2397&_fcid=1741726344365755&_winver=19042&version=fa.2009Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/front_img/logo/logo-dark.svg HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/?p=lpd_installing_r2&guid=00000000-0000-0000-0000-D05099DB2397&_fcid=1741726344365755&_winver=19042&version=fa.2009Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=channel&id=-3&eng_time=1741733972932&nocache=4305015 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pcapp/images/front_img/lp/lpd_installing_r2/img/done_windows_icon.svg HTTP/1.1Host: repository.pcapp.storeConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pcapp/images/front_img/logo/logo-dark.svg HTTP/1.1Host: repository.pcapp.storeConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/front_img/lp/lpd_installing_r2/img/done_cursor_icon.svg HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/lp/lpd_installing_r2/src/lpd_installing_r2.min.css?nocache=1731594251558Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _fcid=1741726344365755
Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/858128210/?random=1741733974798&cv=11&fst=1741733974798&bg=ffffff&guid=ON&async=1&gtm=45be53a1v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102067808~102482433~102587591~102640600~102717422~102788824~102791784~102814059~102825837&u_w=1920&u_h=1080&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D00000000-0000-0000-0000-D05099DB2397%26_fcid%3D1741726344365755%26_winver%3D19042%26version%3Dfa.2009&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=322693512.1741733975&uaa=x86&uab=64&uafvl=Chromium%3B128.0.6613.120%7CNot%253BA%253DBrand%3B24.0.0.0%7CGoogle%2520Chrome%3B128.0.6613.120&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /td/rul/858128210?random=1741733974798&cv=11&fst=1741733974798&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be53a1v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102067808~102482433~102587591~102640600~102717422~102788824~102791784~102814059~102825837&u_w=1920&u_h=1080&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D00000000-0000-0000-0000-D05099DB2397%26_fcid%3D1741726344365755%26_winver%3D19042%26version%3Dfa.2009&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=322693512.1741733975&uaa=x86&uab=64&uafvl=Chromium%3B128.0.6613.120%7CNot%253BA%253DBrand%3B24.0.0.0%7CGoogle%2520Chrome%3B128.0.6613.120&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/858128210/?random=1741733974824&cv=11&fst=1741733974824&bg=ffffff&guid=ON&async=1&gtm=45be53a1v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102067808~102482433~102587591~102640600~102717422~102788824~102791784~102814059~102825837&u_w=1920&u_h=1080&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D00000000-0000-0000-0000-D05099DB2397%26_fcid%3D1741726344365755%26_winver%3D19042%26version%3Dfa.2009&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=322693512.1741733975&uaa=x86&uab=64&uafvl=Chromium%3B128.0.6613.120%7CNot%253BA%253DBrand%3B24.0.0.0%7CGoogle%2520Chrome%3B128.0.6613.120&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=4 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /td/rul/858128210?random=1741733974824&cv=11&fst=1741733974824&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be53a1v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102067808~102482433~102587591~102640600~102717422~102788824~102791784~102814059~102825837&u_w=1920&u_h=1080&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D00000000-0000-0000-0000-D05099DB2397%26_fcid%3D1741726344365755%26_winver%3D19042%26version%3Dfa.2009&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=322693512.1741733975&uaa=x86&uab=64&uafvl=Chromium%3B128.0.6613.120%7CNot%253BA%253DBrand%3B24.0.0.0%7CGoogle%2520Chrome%3B128.0.6613.120&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /td/ga/rul?tid=G-VFQWFX3X1C&gacid=719172791.1741733975&gtm=45je53a1v898645365za200zb9103256652&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=102067808~102482433~102587591~102640600~102717422~102788824~102791784~102814060~102825837&z=2125355853 HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pcapp/images/front_img/logo/logo-dark.svg HTTP/1.1Host: repository.pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _fcid=1741726344365755; guid=00000000-0000-0000-0000-D05099DB2397; _gcl_au=1.1.322693512.1741733975
Source: global trafficHTTP traffic detected: GET /pcapp/images/front_img/lp/lpd_installing_r2/img/done_windows_icon.svg HTTP/1.1Host: repository.pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _fcid=1741726344365755; guid=00000000-0000-0000-0000-D05099DB2397; _gcl_au=1.1.322693512.1741733975
Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/858128210/?random=1741733975062&cv=11&fst=1741733975062&bg=ffffff&guid=ON&async=1&gtm=45be53a1v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102067808~102482433~102587591~102640600~102717422~102788824~102791784~102814059~102825837&u_w=1920&u_h=1080&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D00000000-0000-0000-0000-D05099DB2397%26_fcid%3D1741726344365755%26_winver%3D19042%26version%3Dfa.2009&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=322693512.1741733975&uaa=x86&uab=64&uafvl=Chromium%3B128.0.6613.120%7CNot%253BA%253DBrand%3B24.0.0.0%7CGoogle%2520Chrome%3B128.0.6613.120&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion&rfmt=3&fmt=4 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /td/rul/858128210?random=1741733975062&cv=11&fst=1741733975062&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be53a1v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102067808~102482433~102587591~102640600~102717422~102788824~102791784~102814059~102825837&u_w=1920&u_h=1080&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D00000000-0000-0000-0000-D05099DB2397%26_fcid%3D1741726344365755%26_winver%3D19042%26version%3Dfa.2009&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=322693512.1741733975&uaa=x86&uab=64&uafvl=Chromium%3B128.0.6613.120%7CNot%253BA%253DBrand%3B24.0.0.0%7CGoogle%2520Chrome%3B128.0.6613.120&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pcapp/images/front_img/lp/lpd_installing_r2/img/done_cursor_icon.svg HTTP/1.1Host: repository.pcapp.storeConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _fcid=1741726344365755; guid=00000000-0000-0000-0000-D05099DB2397; _gcl_au=1.1.322693512.1741733975; _ga=GA1.1.719172791.1741733975; _ga_VFQWFX3X1C=GS1.1.1741733974.1.0.1741733974.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _fcid=1741726344365755; guid=00000000-0000-0000-0000-D05099DB2397; _gcl_au=1.1.322693512.1741733975; _ga=GA1.1.719172791.1741733975; _ga_VFQWFX3X1C=GS1.1.1741733974.1.0.1741733974.60.0.0
Source: global trafficHTTP traffic detected: GET /pixelgif.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _fcid=1741726344365755; guid=00000000-0000-0000-0000-D05099DB2397; _gcl_au=1.1.322693512.1741733975; _ga=GA1.1.719172791.1741733975; _ga_VFQWFX3X1C=GS1.1.1741733974.1.0.1741733974.60.0.0
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/858128210/?random=1741733974798&cv=11&fst=1741730400000&bg=ffffff&guid=ON&async=1&gtm=45be53a1v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102067808~102482433~102587591~102640600~102717422~102788824~102791784~102814059~102825837&u_w=1920&u_h=1080&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D00000000-0000-0000-0000-D05099DB2397%26_fcid%3D1741726344365755%26_winver%3D19042%26version%3Dfa.2009&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=322693512.1741733975&uaa=x86&uab=64&uafvl=Chromium%3B128.0.6613.120%7CNot%253BA%253DBrand%3B24.0.0.0%7CGoogle%2520Chrome%3B128.0.6613.120&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCjtLzM4uEuKNY2QvPoJZ9J70CmgzW8_j7gMg&random=1077384361&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/858128210/?random=1741733974824&cv=11&fst=1741730400000&bg=ffffff&guid=ON&async=1&gtm=45be53a1v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102067808~102482433~102587591~102640600~102717422~102788824~102791784~102814059~102825837&u_w=1920&u_h=1080&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D00000000-0000-0000-0000-D05099DB2397%26_fcid%3D1741726344365755%26_winver%3D19042%26version%3Dfa.2009&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=322693512.1741733975&uaa=x86&uab=64&uafvl=Chromium%3B128.0.6613.120%7CNot%253BA%253DBrand%3B24.0.0.0%7CGoogle%2520Chrome%3B128.0.6613.120&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCjtLzMO-kGrBCgPTITE5aY4SiCsWcwAYpMPQ&random=4024809035&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pcapp/images/front_img/lp/lpd_installing_r2/img/done_cursor_icon.svg HTTP/1.1Host: repository.pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _fcid=1741726344365755; guid=00000000-0000-0000-0000-D05099DB2397; _gcl_au=1.1.322693512.1741733975; _ga=GA1.1.719172791.1741733975; _ga_VFQWFX3X1C=GS1.1.1741733974.1.0.1741733974.60.0.0
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/858128210/?random=1741733975062&cv=11&fst=1741730400000&bg=ffffff&guid=ON&async=1&gtm=45be53a1v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102067808~102482433~102587591~102640600~102717422~102788824~102791784~102814059~102825837&u_w=1920&u_h=1080&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D00000000-0000-0000-0000-D05099DB2397%26_fcid%3D1741726344365755%26_winver%3D19042%26version%3Dfa.2009&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=322693512.1741733975&uaa=x86&uab=64&uafvl=Chromium%3B128.0.6613.120%7CNot%253BA%253DBrand%3B24.0.0.0%7CGoogle%2520Chrome%3B128.0.6613.120&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCjtLzMR5sB5CDT4ChqEx5rbwtry1EPX2M7xw&random=3007548151&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _fcid=1741726344365755; guid=00000000-0000-0000-0000-D05099DB2397; _gcl_au=1.1.322693512.1741733975; _ga=GA1.1.719172791.1741733975; _ga_VFQWFX3X1C=GS1.1.1741733974.1.0.1741733974.60.0.0
Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/16677593363/?random=1741733976191&cv=11&fst=1741733976191&bg=ffffff&guid=ON&async=1&gtm=45be53a1v9202749091za200zb9103256652&gcd=13l3l3l3l1l1&dma=0&tag_exp=102067808~102482433~102587591~102640600~102717422~102788824~102791784~102814059~102825837&u_w=1920&u_h=1080&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D00000000-0000-0000-0000-D05099DB2397%26_fcid%3D1741726344365755%26_winver%3D19042%26version%3Dfa.2009&label=aD6cCLyzi4MaEJPCv5A-&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=322693512.1741733975&uaa=x86&uab=64&uafvl=Chromium%3B128.0.6613.120%7CNot%253BA%253DBrand%3B24.0.0.0%7CGoogle%2520Chrome%3B128.0.6613.120&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion&rfmt=3&fmt=4 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global trafficHTTP traffic detected: GET /td/rul/16677593363?random=1741733976191&cv=11&fst=1741733976191&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be53a1v9202749091za200zb9103256652&gcd=13l3l3l3l1l1&dma=0&tag_exp=102067808~102482433~102587591~102640600~102717422~102788824~102791784~102814059~102825837&u_w=1920&u_h=1080&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D00000000-0000-0000-0000-D05099DB2397%26_fcid%3D1741726344365755%26_winver%3D19042%26version%3Dfa.2009&label=aD6cCLyzi4MaEJPCv5A-&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=322693512.1741733975&uaa=x86&uab=64&uafvl=Chromium%3B128.0.6613.120%7CNot%253BA%253DBrand%3B24.0.0.0%7CGoogle%2520Chrome%3B128.0.6613.120&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/858128210/?random=1741733974798&cv=11&fst=1741730400000&bg=ffffff&guid=ON&async=1&gtm=45be53a1v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102067808~102482433~102587591~102640600~102717422~102788824~102791784~102814059~102825837&u_w=1920&u_h=1080&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D00000000-0000-0000-0000-D05099DB2397%26_fcid%3D1741726344365755%26_winver%3D19042%26version%3Dfa.2009&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=322693512.1741733975&uaa=x86&uab=64&uafvl=Chromium%3B128.0.6613.120%7CNot%253BA%253DBrand%3B24.0.0.0%7CGoogle%2520Chrome%3B128.0.6613.120&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCjtLzM4uEuKNY2QvPoJZ9J70CmgzW8_j7gMg&random=1077384361&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: */*X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/858128210/?random=1741733974824&cv=11&fst=1741730400000&bg=ffffff&guid=ON&async=1&gtm=45be53a1v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102067808~102482433~102587591~102640600~102717422~102788824~102791784~102814059~102825837&u_w=1920&u_h=1080&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D00000000-0000-0000-0000-D05099DB2397%26_fcid%3D1741726344365755%26_winver%3D19042%26version%3Dfa.2009&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=322693512.1741733975&uaa=x86&uab=64&uafvl=Chromium%3B128.0.6613.120%7CNot%253BA%253DBrand%3B24.0.0.0%7CGoogle%2520Chrome%3B128.0.6613.120&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCjtLzMO-kGrBCgPTITE5aY4SiCsWcwAYpMPQ&random=4024809035&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: */*X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/858128210/?random=1741733975062&cv=11&fst=1741730400000&bg=ffffff&guid=ON&async=1&gtm=45be53a1v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102067808~102482433~102587591~102640600~102717422~102788824~102791784~102814059~102825837&u_w=1920&u_h=1080&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D00000000-0000-0000-0000-D05099DB2397%26_fcid%3D1741726344365755%26_winver%3D19042%26version%3Dfa.2009&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=322693512.1741733975&uaa=x86&uab=64&uafvl=Chromium%3B128.0.6613.120%7CNot%253BA%253DBrand%3B24.0.0.0%7CGoogle%2520Chrome%3B128.0.6613.120&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCjtLzMR5sB5CDT4ChqEx5rbwtry1EPX2M7xw&random=3007548151&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: */*X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/16677593363/?random=1741733976191&cv=11&fst=1741730400000&bg=ffffff&guid=ON&async=1&gtm=45be53a1v9202749091za200zb9103256652&gcd=13l3l3l3l1l1&dma=0&tag_exp=102067808~102482433~102587591~102640600~102717422~102788824~102791784~102814059~102825837&u_w=1920&u_h=1080&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D00000000-0000-0000-0000-D05099DB2397%26_fcid%3D1741726344365755%26_winver%3D19042%26version%3Dfa.2009&label=aD6cCLyzi4MaEJPCv5A-&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=322693512.1741733975&uaa=x86&uab=64&uafvl=Chromium%3B128.0.6613.120%7CNot%253BA%253DBrand%3B24.0.0.0%7CGoogle%2520Chrome%3B128.0.6613.120&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQCjtLzMwtyKEMRaGyoo4fnUdhjXdP3_XvJUnAcHbNzXrSRUAu8ddnxt&random=1851182625&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /lp/appstore/img/favicon.ico HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/?p=lpd_installing_r2&guid=00000000-0000-0000-0000-D05099DB2397&_fcid=1741726344365755&_winver=19042&version=fa.2009Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _fcid=1741726344365755; guid=00000000-0000-0000-0000-D05099DB2397; _gcl_au=1.1.322693512.1741733975; _ga=GA1.1.719172791.1741733975; _ga_VFQWFX3X1C=GS1.1.1741733974.1.0.1741733974.60.0.0
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/16677593363/?random=1741733976191&cv=11&fst=1741730400000&bg=ffffff&guid=ON&async=1&gtm=45be53a1v9202749091za200zb9103256652&gcd=13l3l3l3l1l1&dma=0&tag_exp=102067808~102482433~102587591~102640600~102717422~102788824~102791784~102814059~102825837&u_w=1920&u_h=1080&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D00000000-0000-0000-0000-D05099DB2397%26_fcid%3D1741726344365755%26_winver%3D19042%26version%3Dfa.2009&label=aD6cCLyzi4MaEJPCv5A-&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=322693512.1741733975&uaa=x86&uab=64&uafvl=Chromium%3B128.0.6613.120%7CNot%253BA%253DBrand%3B24.0.0.0%7CGoogle%2520Chrome%3B128.0.6613.120&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQCjtLzMwtyKEMRaGyoo4fnUdhjXdP3_XvJUnAcHbNzXrSRUAu8ddnxt&random=1851182625&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: */*X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /lp/appstore/img/favicon.ico HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _fcid=1741726344365755; guid=00000000-0000-0000-0000-D05099DB2397; _gcl_au=1.1.322693512.1741733975; _ga=GA1.1.719172791.1741733975; _ga_VFQWFX3X1C=GS1.1.1741733974.1.0.1741733974.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _fcid=1741726344365755; guid=00000000-0000-0000-0000-D05099DB2397; _gcl_au=1.1.322693512.1741733975; _ga=GA1.1.719172791.1741733975; _ga_VFQWFX3X1C=GS1.1.1741733974.1.0.1741733974.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _fcid=1741726344365755; guid=00000000-0000-0000-0000-D05099DB2397; _gcl_au=1.1.322693512.1741733975; _ga=GA1.1.719172791.1741733975; _ga_VFQWFX3X1C=GS1.1.1741733974.1.0.1741733974.60.0.0
Source: global trafficHTTP traffic detected: GET /api/pcapp_engine.php?a=config&guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009 HTTP/1.1Host: pcapp.storeCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_runtime_installation&result=error&eng_time=1741733985873&nocache=4317468 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=started&prnt=Setup.exe&sys_lang=en-US&eng_time=1741733985882&nocache=4318906 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741733986341&nocache=4320312 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=menu_search&eng_time=1741733991344&nocache=4322437 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_auto_updater&evt_action=start&&eng_time=1741733991298&nocache=4322390 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /fa_version.php?guid=00000000-0000-0000-0000-D05099DB2397&end_v=fa.2009&nocache=4322828 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pcapp.storeConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_auto_updater&evt_action=end&&eng_time=1741733992251&nocache=4323343 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_menu_search&evt_action=deleted&&eng_time=1741733991762&nocache=4323734 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741733991765&nocache=4325156 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=menu_store&eng_time=1741733996765&nocache=4327859 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_menu_store&evt_action=deleted&&eng_time=1741733997236&nocache=4328578 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741733997244&nocache=4330000 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /p.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=watch_dog&evt_action=signal_event&data={"counter":0,"rid":"20250311185932.2914303375","isPCAppRunning":1,"registryInfo":{"pcAppInAutostart":1},"filesystemInfo":{"AutoUpdaterExeExists":1,"PcAppStoreExeExists":1,"pcappstoreIcoExists":1,"UninstallerExeExists":1,"startupFolderLnkExists":1}}&eng_time=1741733999&nocache=32031 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: d74queuslupub.cloudfront.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=hint&eng_time=1741734002238&nocache=4333328 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_hint&evt_action=deleted&&eng_time=1741734002657&nocache=4334421 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741734002727&nocache=4335843 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=menu_search&eng_time=1741734007725&nocache=4338828 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_menu_search&evt_action=deleted&&eng_time=1741734008148&nocache=4339265 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741734008152&nocache=4340671 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=menu_store&eng_time=1741734013163&nocache=4344265 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_menu_store&evt_action=deleted&&eng_time=1741734013576&nocache=4345109 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741734013581&nocache=4346546 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_auto_updater&evt_action=start&&eng_time=1741734015505&nocache=4346593 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /fa_version.php?guid=00000000-0000-0000-0000-D05099DB2397&end_v=fa.2009&nocache=4347031 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pcapp.storeConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_auto_updater&evt_action=end&&eng_time=1741734016425&nocache=4347515 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=widget_73412&eng_time=1741734018586&nocache=4349687 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_widget_73412&evt_action=deleted&&eng_time=1741734019005&nocache=4350968 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741734019116&nocache=4352390 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /p.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=watch_dog&evt_action=signal_event&data={"counter":0,"rid":"20250311185932.2914303375","isPCAppRunning":1,"registryInfo":{"pcAppInAutostart":1},"filesystemInfo":{"AutoUpdaterExeExists":1,"PcAppStoreExeExists":1,"pcappstoreIcoExists":1,"UninstallerExeExists":1,"startupFolderLnkExists":1}}&eng_time=1741734023&nocache=32110 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: d74queuslupub.cloudfront.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=hint&eng_time=1741734024125&nocache=4355218 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_hint&evt_action=deleted&&eng_time=1741734024544&nocache=4355812 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741734024547&nocache=4357234 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=menu_search&eng_time=1741734029547&nocache=4360656 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_menu_search&evt_action=deleted&&eng_time=1741734029961&nocache=4361671 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741734029964&nocache=4363109 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=menu_store&eng_time=1741734034970&nocache=4366078 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_menu_store&evt_action=deleted&&eng_time=1741734035404&nocache=4366531 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741734035409&nocache=4367937 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=widget_73412&eng_time=1741734040406&nocache=4371515 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_widget_73412&evt_action=deleted&&eng_time=1741734040822&nocache=4372375 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741734040931&nocache=4373796 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=hint&eng_time=1741734045931&nocache=4377031 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_hint&evt_action=deleted&&eng_time=1741734046354&nocache=4378218 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741734046358&nocache=4379656 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=menu_search&eng_time=1741734051369&nocache=4382468 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_menu_search&evt_action=deleted&&eng_time=1741734051787&nocache=4383109 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741734051791&nocache=4384531 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=menu_store&eng_time=1741734056791&nocache=4387890 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_menu_store&evt_action=deleted&&eng_time=1741734057219&nocache=4388968 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741734057223&nocache=4390390 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=widget_73412&eng_time=1741734062232&nocache=4393343 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_widget_73412&evt_action=deleted&&eng_time=1741734062649&nocache=4393812 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=waiting_for_windows_creation&hint=0&offer=0&menu_store=0&menu_search=0&store=0&settings=0&eng_time=1741734062764&nocache=4393875 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=reload&reason=waiting_for_windows_creation&eng_time=1741734063181&nocache=4394265 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=channel&id=-3&eng_time=1741734063967&nocache=4396078 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /api/pcapp_engine.php?a=config&guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009 HTTP/1.1Host: pcapp.storeCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_runtime_installation&result=error&eng_time=1741734076716&nocache=4408546 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=invalid_app_close&close_state=RESTART&eng_time=1741734076720&nocache=4409968 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=started&prnt=PcAppStore.exe&sys_lang=en-US&eng_time=1741734076721&nocache=4411390 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741734077194&nocache=4412796 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=menu_search&eng_time=1741734082203&nocache=4413296 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_menu_search&evt_action=deleted&&eng_time=1741734082619&nocache=4414234 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741734082624&nocache=4415656 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=menu_store&eng_time=1741734087626&nocache=4418734 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_menu_store&evt_action=deleted&&eng_time=1741734088041&nocache=4420109 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741734088184&nocache=4421531 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=hint&eng_time=1741734093181&nocache=4424281 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_hint&evt_action=deleted&&eng_time=1741734093602&nocache=4424968 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741734093606&nocache=4426468 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=menu_search&eng_time=1741734098603&nocache=4429703 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_menu_search&evt_action=deleted&&eng_time=1741734099019&nocache=4431015 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741734099022&nocache=4432453 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=menu_store&eng_time=1741734104024&nocache=4435125 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_menu_store&evt_action=deleted&&eng_time=1741734104443&nocache=4435890 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741734104447&nocache=4437328 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=widget_73412&eng_time=1741734109446&nocache=4440546 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_widget_73412&evt_action=deleted&&eng_time=1741734109867&nocache=4441875 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741734109987&nocache=4443296 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=hint&eng_time=1741734114984&nocache=4446093 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_hint&evt_action=deleted&&eng_time=1741734115402&nocache=4446718 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741734115407&nocache=4448140 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=menu_search&eng_time=1741734120407&nocache=4451515 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_menu_search&evt_action=deleted&&eng_time=1741734120831&nocache=4452656 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741734120834&nocache=4454078 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=menu_store&eng_time=1741734125847&nocache=4456953 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_menu_store&evt_action=deleted&&eng_time=1741734126265&nocache=4457500 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741734126268&nocache=4458921 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=widget_73412&eng_time=1741734131269&nocache=4462375 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_widget_73412&evt_action=deleted&&eng_time=1741734131692&nocache=4463343 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741734131807&nocache=4464765 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=hint&eng_time=1741734136808&nocache=4467921 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_hint&evt_action=deleted&&eng_time=1741734137229&nocache=4469187 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741734137233&nocache=4470609 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=menu_search&eng_time=1741734142231&nocache=4473343 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_menu_search&evt_action=deleted&&eng_time=1741734142653&nocache=4474046 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=webview_error&reason=failed_to_create_environment&error_code=2147942402&eng_time=1741734142657&nocache=4475453 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_product&evt_action=windows_manager_error&reason=window_creation_timeout&window_name=menu_store&eng_time=1741734147668&nocache=4478781 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_menu_store&evt_action=deleted&&eng_time=1741734148088&nocache=4479875 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: chromecache_97.2.dr, chromecache_96.2.drString found in binary or memory: Math.round(q);t["gtm.videoElapsedTime"]=Math.round(f);t["gtm.videoPercent"]=r;t["gtm.videoVisible"]=u;return t},Rk:function(){e=sb()},Nd:function(){d()}}};var cc=wa(["data-gtm-yt-inspected-"]),AG=["www.youtube.com","www.youtube-nocookie.com"],BG,CG=!1; equals www.youtube.com (Youtube)
Source: chromecache_106.2.dr, chromecache_97.2.dr, chromecache_96.2.dr, chromecache_105.2.drString found in binary or memory: c?"runIfCanceled":"runIfUncanceled",[]);if(!g.length)return!0;var k=mD(a,c,e);Q(121);if(k["gtm.elementUrl"]==="https://www.facebook.com/tr/")return Q(122),!0;if(d&&f){for(var m=Db(b,g.length),n=0;n<g.length;++n)g[n](k,m);return m.done}for(var p=0;p<g.length;++p)g[p](k,function(){});return!0},pD=function(){var a=[],b=function(c){return gb(a,function(d){return d.form===c})};return{store:function(c,d){var e=b(c);e?e.button=d:a.push({form:c,button:d})},get:function(c){var d=b(c);return d?d.button:null}}}, equals www.facebook.com (Facebook)
Source: chromecache_97.2.dr, chromecache_96.2.drString found in binary or memory: if(!(f||g||k||m.length||n.length))return;var q={Vh:f,Th:g,Uh:k,Bi:m,Ci:n,pf:p,Rb:e},r=z.YT;if(r)return r.ready&&r.ready(d),e;var u=z.onYouTubeIframeAPIReady;z.onYouTubeIframeAPIReady=function(){u&&u();d()};E(function(){for(var v=A.getElementsByTagName("script"),t=v.length,w=0;w<t;w++){var x=v[w].getAttribute("src");if(LG(x,"iframe_api")||LG(x,"player_api"))return e}for(var y=A.getElementsByTagName("iframe"),B=y.length,C=0;C<B;C++)if(!CG&&JG(y[C],q.pf))return uc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
Source: chromecache_106.2.dr, chromecache_105.2.drString found in binary or memory: return f}yG.K="internal.enableAutoEventOnTimer";var cc=wa(["data-gtm-yt-inspected-"]),AG=["www.youtube.com","www.youtube-nocookie.com"],BG,CG=!1; equals www.youtube.com (Youtube)
Source: chromecache_106.2.dr, chromecache_97.2.dr, chromecache_96.2.dr, chromecache_105.2.drString found in binary or memory: var NF=function(a,b,c,d,e){var f=KC("fsl",c?"nv.mwt":"mwt",0),g;g=c?KC("fsl","nv.ids",[]):KC("fsl","ids",[]);if(!g.length)return!0;var k=PC(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);Q(121);if(m==="https://www.facebook.com/tr/")return Q(122),!0;k["gtm.elementUrl"]=m;k["gtm.formCanceled"]=c;a.getAttribute("name")!=null&&(k["gtm.interactedFormName"]=a.getAttribute("name"));e&&(k["gtm.formSubmitElement"]=e,k["gtm.formSubmitElementText"]=e.value);if(d&&f){if(!xB(k,zB(b, equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: pcapp.store
Source: global trafficDNS traffic detected: DNS query: d74queuslupub.cloudfront.net
Source: global trafficDNS traffic detected: DNS query: repository.pcapp.store
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: td.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: google.com
Source: global trafficDNS traffic detected: DNS query: analytics.google.com
Source: global trafficDNS traffic detected: DNS query: stats.g.doubleclick.net
Source: unknownHTTP traffic detected: POST /inst_cpg.php?guid=00000000-0000-0000-0000-D05099DB2397&_fcid=1741726344365755&version=fa.2009&src=pcapp_mini&uc=16le HTTP/1.1Content-Type: application/jsonUser-Agent: NSIS_wininetHost: pcapp.storeContent-Length: 10456Cache-Control: no-cache
Source: global trafficTCP traffic: 192.168.11.20:59265 -> 239.255.255.250:1900
Source: global trafficTCP traffic: 192.168.11.20:59265 -> 239.255.255.250:1900
Source: global trafficTCP traffic: 192.168.11.20:59265 -> 239.255.255.250:1900
Source: global trafficTCP traffic: 192.168.11.20:59265 -> 239.255.255.250:1900
Source: global trafficTCP traffic: 192.168.11.20:59009 -> 239.255.255.250:1900
Source: global trafficTCP traffic: 192.168.11.20:59009 -> 239.255.255.250:1900
Source: global trafficTCP traffic: 192.168.11.20:59009 -> 239.255.255.250:1900
Source: global trafficTCP traffic: 192.168.11.20:59009 -> 239.255.255.250:1900
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Mar 2025 22:59:37 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Mar 2025 22:59:37 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Mar 2025 22:59:41 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Mar 2025 22:59:46 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: Setup.exe, PcAppStore.exe.0.dr, Uninstaller.exe.0.dr, Watchdog.exe.0.dr, AutoUpdater.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Setup.exe, PcAppStore.exe.0.dr, Uninstaller.exe.0.dr, Watchdog.exe.0.dr, AutoUpdater.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Setup.exe, PcAppStore.exe.0.dr, Uninstaller.exe.0.dr, Watchdog.exe.0.dr, AutoUpdater.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Setup.exe, PcAppStore.exe.0.dr, Uninstaller.exe.0.dr, Watchdog.exe.0.dr, AutoUpdater.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Setup.exe, 00000000.00000002.3694361478.0000000002C1C000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000002.4596295141.00000201982E0000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000004.00000002.5454156624.00000176A27E5000.00000004.00000020.00020000.00000000.sdmp, AutoUpdater.exe, 0000000A.00000002.3883349819.00000281F6F1D000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000002.5455040187.000001E913EA7000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000003.4249260331.000001E913E9B000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000003.4250258459.000001E913EA6000.00000004.00000020.00020000.00000000.sdmp, AutoUpdater.exe, 0000000E.00000002.4124786793.000001B678893000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000F.00000002.5454257799.00000205B3EA1000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5454704918.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5171067122.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4896734431.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390515434.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4954502025.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5063151284.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: Setup.exe, 00000000.00000002.3694361478.0000000002C1C000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000002.4596295141.00000201982E0000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000004.00000002.5454156624.00000176A27E5000.00000004.00000020.00020000.00000000.sdmp, AutoUpdater.exe, 0000000A.00000002.3883349819.00000281F6F1D000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000002.5455040187.000001E913EA7000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000003.4249260331.000001E913E9B000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000003.4250258459.000001E913EA6000.00000004.00000020.00020000.00000000.sdmp, AutoUpdater.exe, 0000000E.00000002.4124786793.000001B678893000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000F.00000002.5454257799.00000205B3EA1000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5454704918.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5171067122.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4896734431.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390515434.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4954502025.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5063151284.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: Setup.exe, PcAppStore.exe.0.dr, Uninstaller.exe.0.dr, Watchdog.exe.0.dr, AutoUpdater.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Setup.exe, PcAppStore.exe.0.dr, Uninstaller.exe.0.dr, Watchdog.exe.0.dr, AutoUpdater.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Setup.exe, PcAppStore.exe.0.dr, Uninstaller.exe.0.dr, Watchdog.exe.0.dr, AutoUpdater.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: AutoUpdater.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Setup.exe, PcAppStore.exe.0.dr, Uninstaller.exe.0.dr, Watchdog.exe.0.dr, AutoUpdater.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Setup.exe, Uninstaller.exe.0.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Setup.exe, PcAppStore.exe.0.dr, Uninstaller.exe.0.dr, Watchdog.exe.0.dr, AutoUpdater.exe.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: Setup.exe, PcAppStore.exe.0.dr, Uninstaller.exe.0.dr, Watchdog.exe.0.dr, AutoUpdater.exe.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: Setup.exe, PcAppStore.exe.0.dr, Uninstaller.exe.0.dr, Watchdog.exe.0.dr, AutoUpdater.exe.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: Setup.exe, PcAppStore.exe.0.dr, Uninstaller.exe.0.dr, Watchdog.exe.0.dr, AutoUpdater.exe.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: Setup.exe, PcAppStore.exe.0.dr, Uninstaller.exe.0.dr, Watchdog.exe.0.dr, AutoUpdater.exe.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: Setup.exe, 00000000.00000002.3694361478.0000000002C1C000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000002.4596295141.00000201982E0000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000004.00000002.5454156624.00000176A27E5000.00000004.00000020.00020000.00000000.sdmp, AutoUpdater.exe, 0000000A.00000002.3883349819.00000281F6F1D000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000002.5455040187.000001E913EA7000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000003.4249260331.000001E913E9B000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000003.4250258459.000001E913EA6000.00000004.00000020.00020000.00000000.sdmp, AutoUpdater.exe, 0000000E.00000002.4124786793.000001B678893000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000F.00000002.5454257799.00000205B3EA1000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5454704918.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5171067122.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4896734431.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390515434.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4954502025.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5063151284.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
Source: chromecache_105.2.drString found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: chromecache_106.2.dr, chromecache_97.2.dr, chromecache_96.2.dr, chromecache_105.2.drString found in binary or memory: https://cct.google/taggy/agent.js
Source: Watchdog.exe, 00000004.00000002.5454156624.00000176A27A1000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000003.4250258459.000001E913EEF000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000002.5455040187.000001E913EEF000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000F.00000002.5454257799.00000205B3EE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d74queuslupub.cloudfront.net/
Source: Watchdog.exe, 0000000F.00000002.5454257799.00000205B3EE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d74queuslupub.cloudfront.net/:
Source: Watchdog.exe, 0000000B.00000003.4250258459.000001E913EEF000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000002.5455040187.000001E913EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d74queuslupub.cloudfront.net/D
Source: Watchdog.exe, Watchdog.exe, 00000004.00000000.3682250163.00007FF74102A000.00000002.00000001.01000000.00000010.sdmp, Watchdog.exe, 00000004.00000002.5454156624.00000176A271D000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000004.00000002.5455861086.00007FF74102A000.00000002.00000001.01000000.00000010.sdmp, Watchdog.exe, 0000000B.00000002.5454278988.000001E913E27000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000002.5455981953.00007FF74102A000.00000002.00000001.01000000.00000010.sdmp, Watchdog.exe, 0000000B.00000000.3948251288.00007FF74102A000.00000002.00000001.01000000.00000010.sdmp, Watchdog.exe, 0000000F.00000002.5454257799.00000205B3E19000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000F.00000000.4190554794.00007FF74102A000.00000002.00000001.01000000.00000010.sdmp, Watchdog.exe, 0000000F.00000002.5456051723.00007FF74102A000.00000002.00000001.01000000.00000010.sdmp, Watchdog.exe.0.drString found in binary or memory: https://d74queuslupub.cloudfront.net/p.gif?guid=%ws&version=%ws&evt_src=watch_dog&evt_action=signal_
Source: Watchdog.exe, 0000000F.00000002.5454257799.00000205B3E32000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000F.00000002.5454257799.00000205B3E82000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000F.00000002.5454257799.00000205B3EA1000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000F.00000002.5454257799.00000205B3E93000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000F.00000002.5454257799.00000205B3EE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d74queuslupub.cloudfront.net/p.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009
Source: chromecache_114.2.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa0ZL7SUc.woff2)
Source: chromecache_114.2.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2)
Source: chromecache_114.2.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1pL7SUc.woff2)
Source: chromecache_114.2.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa25L7SUc.woff2)
Source: chromecache_114.2.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa2JL7SUc.woff2)
Source: chromecache_114.2.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa2ZL7SUc.woff2)
Source: chromecache_114.2.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa2pL7SUc.woff2)
Source: chromecache_105.2.drString found in binary or memory: https://google.com
Source: AutoUpdater.exe, 0000000A.00000000.3867391210.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe, 0000000A.00000002.3884907412.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe, 0000000E.00000000.4109925472.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe, 0000000E.00000002.4125890892.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe.0.drString found in binary or memory: https://google.comlast_v=%ws&dl_lnk=%wsempty_instructionsno_internet_connectionend
Source: chromecache_105.2.drString found in binary or memory: https://googleads.g.doubleclick.net
Source: PcAppStore.exe, 00000003.00000002.4595228236.0000020196567000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000004.00000002.5454156624.00000176A27A1000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000003.4250258459.000001E913EEF000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000002.5455040187.000001E913EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: PcAppStore.exe, 00000011.00000002.5455749800.0000021BA13E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com$y;
Source: Setup.exe, 00000000.00000002.3694361478.0000000002C1C000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000002.4596295141.00000201982E0000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000004.00000002.5454156624.00000176A27E5000.00000004.00000020.00020000.00000000.sdmp, AutoUpdater.exe, 0000000A.00000002.3883349819.00000281F6F1D000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000002.5455040187.000001E913EA7000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000003.4249260331.000001E913E9B000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000003.4250258459.000001E913EA6000.00000004.00000020.00020000.00000000.sdmp, AutoUpdater.exe, 0000000E.00000002.4124786793.000001B678893000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000F.00000002.5454257799.00000205B3EA1000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5454704918.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5171067122.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4896734431.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390515434.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4954502025.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5063151284.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: chromecache_105.2.drString found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_106.2.dr, chromecache_97.2.dr, chromecache_96.2.dr, chromecache_105.2.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: PcAppStore.exeString found in binary or memory: https://pcapp.store
Source: PcAppStore.exe, 00000011.00000003.4837080064.0000021BA1474000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1474000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5454704918.0000021B9F43A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5457839107.00007FF6B9B2B000.00000004.00000001.01000000.0000000F.sdmpString found in binary or memory: https://pcapp.store/
Source: PcAppStore.exe, 00000003.00000003.3982779087.0000020198372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/&
Source: PcAppStore.exe, 00000011.00000003.4837080064.0000021BA1474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/-widge
Source: PcAppStore.exe, 00000003.00000002.4596295141.00000201982E0000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//app
Source: PcAppStore.exe, 00000011.00000003.4836420944.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//appstore-hint/?guid=00000000-0000-0000-000
Source: PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//appstore-hint/?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009
Source: PcAppStore.exe, 00000003.00000002.4596295141.00000201982E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//appstore-hint/?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.20099
Source: PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//appstore-hint/?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009r
Source: PcAppStore.exe, 00000003.00000002.4596295141.00000201982E0000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//appstore-menu/?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009
Source: PcAppStore.exe, 00000003.00000002.4596295141.00000201982E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//appstore-menu/?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009-
Source: PcAppStore.exe, 00000003.00000002.4596295141.00000201982E0000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//appstore-settings/?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009
Source: PcAppStore.exe, 00000003.00000003.3982852048.0000020198362000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000002.4596295141.0000020198362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//appstore-settings/?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009)y
Source: PcAppStore.exe, 00000011.00000002.5454704918.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5171067122.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4896734431.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390515434.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4954502025.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5063151284.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//appstore-settings/?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009eH
Source: PcAppStore.exe, 00000003.00000003.3982779087.0000020198372000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4954273350.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4836420944.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4897769569.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//appstore-widget/?guid=00000000-0000-0000-0
Source: PcAppStore.exe, 00000003.00000003.3982852048.0000020198362000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000002.4596295141.0000020198362000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000002.4596295141.0000020198314000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5454704918.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5171067122.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1425000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4896734431.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390515434.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4954502025.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5063151284.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//appstore-widget/?guid=00000000-0000-0000-0000-D05099DB2397&id=73273&version=fa.
Source: PcAppStore.exe, 00000003.00000003.3982852048.0000020198362000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000002.4596295141.0000020198362000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000002.4596295141.0000020198314000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4954273350.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390709298.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4836420944.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4897769569.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5170863521.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1425000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5062918911.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//appstore-widget/?guid=00000000-0000-0000-0000-D05099DB2397&id=73412&version=fa.
Source: PcAppStore.exe, 00000003.00000002.4596295141.00000201982E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//ima
Source: PcAppStore.exe, 00000003.00000002.4596295141.00000201982E0000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000002.4595228236.0000020196582000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4837080064.0000021BA143D000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//images/front_img/appstore-settings/index_5/icon_check.png
Source: PcAppStore.exe, 00000011.00000003.4837080064.0000021BA143D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//images/front_img/appstore-settings/index_5/icon_check.png2
Source: PcAppStore.exe, 00000011.00000003.4837080064.0000021BA143D000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//images/front_img/appstore-settings/index_5/icon_check.pngA
Source: PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//images/front_img/appstore-settings/index_5/icon_check.pngQLj4Yj
Source: PcAppStore.exe, 00000011.00000003.5062918911.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pca
Source: PcAppStore.exe, 00000003.00000003.3982779087.0000020198372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcaQX
Source: PcAppStore.exe, 00000003.00000002.4596295141.0000020198362000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000003.3982779087.0000020198372000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000002.4595228236.0000020196575000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4954273350.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390709298.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4836420944.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4897769569.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5170863521.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5062918911.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appHint.js
Source: PcAppStore.exe, 00000003.00000002.4596295141.0000020198362000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000003.3982779087.0000020198372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appHint.js13779
Source: PcAppStore.exe, 00000011.00000003.4954273350.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390709298.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4836420944.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4897769569.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5170863521.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5062918911.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appHint.js13779Np
Source: PcAppStore.exe, 00000011.00000003.4896734431.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390515434.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5171067122.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4954502025.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5063151284.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5454704918.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appHint.jstore
Source: PcAppStore.exe, 00000011.00000003.5062918911.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appMenuStore.js
Source: PcAppStore.exe, 00000011.00000003.4837080064.0000021BA142B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appMenuStore.js.2009
Source: PcAppStore.exe, 00000003.00000002.4595228236.0000020196575000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appMenuStore.js3kZ
Source: PcAppStore.exe, 00000011.00000003.4896734431.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390515434.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5171067122.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4954502025.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5063151284.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5454704918.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appMenuStore.jsP
Source: PcAppStore.exe, 00000003.00000002.4595228236.0000020196593000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appMenuStore.jsb
Source: PcAppStore.exe, 00000003.00000002.4596295141.0000020198362000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000003.3982779087.0000020198372000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000002.4595228236.0000020196575000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4954273350.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390709298.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4896734431.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4836420944.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4897769569.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390515434.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5170863521.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5171067122.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4954502025.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5063151284.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5454704918.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5062918911.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appOffer.js
Source: PcAppStore.exe, 00000003.00000002.4596295141.0000020198362000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000003.3982779087.0000020198372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appOffer.js310225927Z
Source: PcAppStore.exe, 00000011.00000003.4954273350.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390709298.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4836420944.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4897769569.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5170863521.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5062918911.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appOffer.jsappS
Source: PcAppStore.exe, 00000003.00000002.4596295141.0000020198362000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000003.3982779087.0000020198372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appOffer.jsq
Source: PcAppStore.exe, 00000003.00000002.4596295141.0000020198362000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000003.3982779087.0000020198372000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000002.4595228236.0000020196575000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4954273350.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390709298.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4896734431.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4836420944.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4897769569.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390515434.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5170863521.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5171067122.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4954502025.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5063151284.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5454704918.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5062918911.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appSearchMenu.js
Source: PcAppStore.exe, 00000011.00000003.4837080064.0000021BA142B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appSearchMenu.js$m;
Source: PcAppStore.exe, 00000003.00000002.4595228236.0000020196593000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appSearchMenu.js009
Source: PcAppStore.exe, 00000003.00000002.4596295141.0000020198362000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000003.3982779087.0000020198372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appSearchMenu.jsI
Source: PcAppStore.exe, 00000011.00000003.4954273350.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390709298.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4836420944.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4897769569.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5170863521.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5062918911.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appSearchMenu.jsap
Source: PcAppStore.exe, 00000003.00000002.4596295141.0000020198362000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000003.3982779087.0000020198372000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4954273350.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390709298.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4896734431.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4836420944.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4897769569.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4837080064.0000021BA142B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390515434.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5170863521.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5171067122.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4954502025.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1425000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5063151284.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5454704918.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5062918911.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appSettings.js
Source: PcAppStore.exe, 00000003.00000002.4595228236.0000020196575000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appSettings.jsWebview2Setup.exe
Source: PcAppStore.exe, 00000011.00000003.4954273350.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390709298.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4836420944.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4897769569.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5170863521.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5062918911.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appSettings.jsei;
Source: PcAppStore.exe, 00000003.00000003.3982779087.0000020198372000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4954273350.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390709298.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4836420944.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4897769569.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5170863521.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5062918911.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appStore.js
Source: PcAppStore.exe, 00000003.00000002.4595228236.0000020196575000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appStore.jsYhp
Source: PcAppStore.exe, 00000003.00000002.4596295141.0000020198362000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000003.3982779087.0000020198372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appStore.jsn8
Source: PcAppStore.exe, 00000011.00000003.4896734431.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390515434.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5171067122.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4954502025.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5063151284.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5454704918.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appStore.jssicalStores
Source: PcAppStore.exe, 00000011.00000003.4954273350.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390709298.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4836420944.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4897769569.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5170863521.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5062918911.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appStore.jsvp
Source: PcAppStore.exe, 00000003.00000002.4596295141.00000201982E0000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000002.4595228236.0000020196575000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4954273350.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390709298.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4836420944.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4897769569.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5170863521.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5062918911.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appWidget.js
Source: PcAppStore.exe, 00000011.00000003.4896734431.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390515434.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5171067122.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4954502025.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5063151284.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5454704918.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appWidget.jsMicrosoftEdgeWebview2Setup.exea
Source: PcAppStore.exe, 00000011.00000003.4954273350.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390709298.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4836420944.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4897769569.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5170863521.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5062918911.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appWidget.jsppM
Source: PcAppStore.exe, 00000003.00000002.4596295141.00000201982E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appWidget.jst
Source: PcAppStore.exe, 00000003.00000002.4596295141.00000201982E0000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000002.4595228236.0000020196575000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4954273350.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390709298.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4896734431.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4836420944.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4897769569.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390515434.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5170863521.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5171067122.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4954502025.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5063151284.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5454704918.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5062918911.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appWindow.js
Source: PcAppStore.exe, 00000003.00000002.4596295141.00000201982E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appWindow.js2
Source: PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appWindow.js9200
Source: PcAppStore.exe, 00000003.00000002.4596295141.00000201982E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//pcapp/src/app/appWindow.jsz
Source: PcAppStore.exe, 00000003.00000002.4598633668.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678634675.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791283394.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787156029.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029721404.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034626005.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593511802.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457508235.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drString found in binary or memory: https://pcapp.store//pixel.giffa.%u
Source: PcAppStore.exe, 00000011.00000003.5063151284.0000021B9F4E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store//search-menu/?a=getTemplate&guid=00000000-0000-0000-0000-D05099DB2397&p
Source: PcAppStore.exe, 00000003.00000002.4595228236.00000201964AC000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000D.00000002.4033402891.000001CB68501000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000D.00000003.4031447423.000001CB68500000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/2
Source: PcAppStore.exe, 00000011.00000003.4837080064.0000021BA1474000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/4U
Source: AutoUpdater.exe, 0000000A.00000002.3884101101.00000281F8BB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/5zQ
Source: PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/6808
Source: PcAppStore.exe, 00000003.00000003.3982779087.0000020198372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/7
Source: PcAppStore.exe, 00000003.00000003.3982779087.0000020198372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/9
Source: ReadMe.txt.0.drString found in binary or memory: https://pcapp.store/?p=lpd_appstore-faq
Source: PcAppStore.exe, 00000011.00000003.4837080064.0000021BA1474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/userHTdC4
Source: PcAppStore.exe, 00000003.00000002.4595228236.00000201964AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/B
Source: PcAppStore.exe, 00000009.00000003.3789442795.00000163102DF000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000009.00000002.3790256980.00000163102E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/H
Source: PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/IQEogPPT
Source: PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/Kzc82
Source: AutoUpdater.exe, 0000000E.00000002.4125443861.000001B67A5F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/M
Source: PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/PUJ
Source: PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/T
Source: PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/_nameXTtCQ0
Source: PcAppStore.exe, 00000003.00000002.4598633668.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678634675.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791283394.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787156029.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029721404.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034626005.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593511802.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457508235.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drString found in binary or memory: https://pcapp.store/account/logintray_exit
Source: PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/anager
Source: PcAppStore.exe, 00000003.00000002.4596295141.00000201982E0000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/api/pcapp_engine.php?a=config&guid=00000000-0000-0000-0000-D05099DB2397&version=
Source: PcAppStore.exe, 00000003.00000002.4598633668.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678634675.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791283394.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787156029.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029721404.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034626005.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593511802.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457508235.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drString found in binary or memory: https://pcapp.store/cpg_fa.php?guid=An
Source: PcAppStore.exe, PcAppStore.exe, 00000003.00000002.4598633668.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678634675.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791283394.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787156029.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029721404.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034626005.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593511802.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457508235.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drString found in binary or memory: https://pcapp.store/dl_cta_open.php?guid=%ws&name=%ws&type=%ws
Source: PcAppStore.exe, PcAppStore.exe, 00000003.00000002.4598633668.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678634675.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791283394.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787156029.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029721404.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034626005.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593511802.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457508235.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drString found in binary or memory: https://pcapp.store/dl_cta_open.php?guid=%ws&oid=%lu&entryApp=%ws
Source: PcAppStore.exe, 00000011.00000003.4837080064.0000021BA1474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/enu/?a
Source: Setup.exe, 00000000.00000002.3694361478.0000000002C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/f
Source: AutoUpdater.exe, AutoUpdater.exe, 0000000A.00000000.3867391210.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe, 0000000A.00000002.3884907412.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe, 0000000E.00000000.4109925472.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe, 0000000E.00000002.4125890892.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe.0.drString found in binary or memory: https://pcapp.store/fa_version.php?guid=%ws&end_v=%ws&nocache=%d
Source: AutoUpdater.exe, AutoUpdater.exe, 0000000A.00000000.3867391210.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe, 0000000A.00000002.3884907412.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe, 0000000E.00000000.4109925472.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe, 0000000E.00000002.4125890892.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe.0.drString found in binary or memory: https://pcapp.store/fa_version.php?guid=%ws&res=link&nocache=%d
Source: AutoUpdater.exe, 0000000E.00000002.4124786793.000001B678893000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/fa_version.php?guid=00000000-0000-0000-0000-D05099DB2397&end_v=fa.2009&nocache=4
Source: PcAppStore.exe, 00000009.00000002.3791601660.00007FF6B9B2B000.00000004.00000001.01000000.0000000F.sdmpString found in binary or memory: https://pcapp.store/h
Source: Setup.exe, 00000000.00000002.3692454309.00000000007F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/inst_cpg.php?guid=00000000-0000-0000-0000-D05099DB2397&_fcid=1741726344365755&ve
Source: Setup.exe, 00000000.00000002.3692454309.000000000075F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/installing.php?guid=&winver=
Source: Setup.exe, 00000000.00000002.3694361478.0000000002CC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/installing.php?guid=00000000-0000-0000-0000-D05099DB2397&winver=19042&version=fa
Source: PcAppStore.exe, 00000003.00000003.3982779087.0000020198372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/led_t
Source: PcAppStore.exe, 00000003.00000002.4598633668.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678634675.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791283394.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787156029.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029721404.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034626005.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593511802.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457508235.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drString found in binary or memory: https://pcapp.store/notify_app_v2.php?guid=&lastid=&lasttime=&nocache=&end_v=%ws%ws%ws%d%ws%d%ws%ws%
Source: PcAppStore.exe, 00000011.00000003.4837080064.0000021BA1474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/pWJ
Source: PcAppStore.exeString found in binary or memory: https://pcapp.store/pixel.gif
Source: Setup.exe, 00000000.00000002.3692454309.000000000075F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/pixel.gif?guid=&version=&evt_src=fa_installer&evt_action=localmac&_fcid=
Source: AutoUpdater.exe, 0000000A.00000002.3884101101.00000281F8BC4000.00000004.00000020.00020000.00000000.sdmp, AutoUpdater.exe, 0000000A.00000002.3883349819.00000281F6F76000.00000004.00000020.00020000.00000000.sdmp, AutoUpdater.exe, 0000000E.00000002.4124786793.000001B67887E000.00000004.00000020.00020000.00000000.sdmp, AutoUpdater.exe, 0000000E.00000002.4125443861.000001B67A60B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_a
Source: PcAppStore.exe, 00000011.00000003.4897769569.0000021BA14C3000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_h
Source: Setup.exe, 00000000.00000002.3694361478.0000000002CC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_i
Source: PcAppStore.exe, 00000011.00000003.5062918911.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_m
Source: PcAppStore.exe, 00000011.00000002.5454704918.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_p
Source: PcAppStore.exe, 00000003.00000002.4596295141.0000020198362000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000002.4596295141.0000020198396000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390709298.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA14A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=fa_w
Source: PcAppStore.exe, 00000003.00000002.4598633668.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678634675.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791283394.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787156029.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029721404.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034626005.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593511802.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457508235.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drString found in binary or memory: https://pcapp.store/pixel.gifROOT
Source: PcAppStore.exe, 00000003.00000002.4598633668.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678634675.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791283394.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787156029.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029721404.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034626005.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593511802.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457508235.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drString found in binary or memory: https://pcapp.store/pixel.gifShell_SecondaryTrayWndtype
Source: PcAppStore.exe, 00000003.00000002.4598633668.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678634675.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791283394.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787156029.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029721404.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034626005.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593511802.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457508235.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drString found in binary or memory: https://pcapp.store/pixel.gifatlTraceGeneralatlTraceCOMatlTraceQIatlTraceRegistraratlTraceRefcountat
Source: Setup.exe, 00000000.00000002.3692454309.000000000075F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/privacy.html?guid=wel&evt_src=fa_mini_installer&evt_action=show_page&p=
Source: Setup.exe, 00000000.00000002.3695557114.0000000004D69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/q
Source: PcAppStore.exe, 00000011.00000002.5454704918.0000021B9F457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/t
Source: Setup.exe, 00000000.00000002.3692454309.000000000075F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/tos.html?guid=
Source: PcAppStore.exe, 00000011.00000002.5454704918.0000021B9F457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/v
Source: PcAppStore.exe, 00000003.00000002.4596295141.0000020198314000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000002.4596295141.000002019839F000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4837080064.0000021BA1474000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA1474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store:443
Source: PcAppStore.exe, 00000003.00000002.4596295141.00000201982E0000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5455749800.0000021BA13E0000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390515434.0000021B9F4AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store:443/pixel.gif?guid=00000000-0000-0000-0000-D05099DB2397&version=fa.2009&evt_src=
Source: PcAppStore.exe, 00000003.00000002.4596295141.0000020198396000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store:443a
Source: PcAppStore.exe, 00000003.00000002.4596295141.000002019839F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store:443o
Source: PcAppStore.exe, 00000003.00000002.4596295141.0000020198396000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store:443p
Source: PcAppStore.exe, 00000003.00000002.4598633668.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678634675.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791283394.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787156029.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029721404.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034626005.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593511802.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457508235.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drString found in binary or memory: https://pcapp.storeinfnan(ind)nannan(snan)%02Xinfnan(ind)nannan(snan)
Source: AutoUpdater.exeString found in binary or memory: https://pcappstore.s3.amazonaws.com/version
Source: AutoUpdater.exe, 0000000A.00000000.3867391210.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe, 0000000A.00000002.3884907412.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe, 0000000E.00000000.4109925472.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe, 0000000E.00000002.4125890892.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe.0.drString found in binary or memory: https://pcappstore.s3.amazonaws.com/versionrinstruction_failed%ws?guid=%ws&nocache=%dauto_updater.ex
Source: PcAppStore.exe.0.drString found in binary or memory: https://search.pcapp.store/r.html?q=%ws&br=%ws&en=%ws&guid=%ws&end_v=%ws
Source: chromecache_97.2.dr, chromecache_96.2.drString found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_97.2.dr, chromecache_96.2.drString found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_106.2.dr, chromecache_97.2.dr, chromecache_96.2.dr, chromecache_105.2.drString found in binary or memory: https://td.doubleclick.net
Source: chromecache_105.2.drString found in binary or memory: https://www.google.com
Source: chromecache_117.2.drString found in binary or memory: https://www.google.com/pagead/1p-user-list/16677593363/?random
Source: chromecache_111.2.dr, chromecache_103.2.dr, chromecache_102.2.drString found in binary or memory: https://www.google.com/pagead/1p-user-list/858128210/?random
Source: chromecache_105.2.drString found in binary or memory: https://www.googleadservices.com
Source: chromecache_105.2.drString found in binary or memory: https://www.googletagmanager.com
Source: chromecache_106.2.dr, chromecache_97.2.dr, chromecache_96.2.dr, chromecache_105.2.drString found in binary or memory: https://www.googletagmanager.com/a?
Source: chromecache_106.2.dr, chromecache_97.2.dr, chromecache_96.2.dr, chromecache_105.2.drString found in binary or memory: https://www.googletagmanager.com/static/service_worker/
Source: chromecache_97.2.dr, chromecache_96.2.drString found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_97.2.dr, chromecache_96.2.drString found in binary or memory: https://www.youtube.com/iframe_api
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.164.116.25:443 -> 192.168.11.20:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49774 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49835 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49841 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49842 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49843 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49844 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49847 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.164.116.25:443 -> 192.168.11.20:49850 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49852 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49856 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49859 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49862 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49863 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49864 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49865 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.164.116.125:443 -> 192.168.11.20:49868 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49869 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49872 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49878 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49883 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49886 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49889 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49892 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49895 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49897 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49898 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49900 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49902 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49908 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49911 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49914 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49915 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49917 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49920 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49923 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49926 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49929 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49930 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49932 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49935 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49938 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49941 version: TLS 1.2
Source: unknownHTTPS traffic detected: 209.222.21.115:443 -> 192.168.11.20:49944 version: TLS 1.2
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004056DE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004056DE
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A13650 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,3_2_00007FF6B9A13650
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0040755C0_2_0040755C
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406D850_2_00406D85
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A8C1083_2_00007FF6B9A8C108
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A765C03_2_00007FF6B9A765C0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B98027FF3_2_00007FF6B98027FF
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A59B243_2_00007FF6B9A59B24
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A7571C3_2_00007FF6B9A7571C
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A47AC43_2_00007FF6B9A47AC4
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A8BA6C3_2_00007FF6B9A8BA6C
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A7BF603_2_00007FF6B9A7BF60
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A831643_2_00007FF6B9A83164
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A675203_2_00007FF6B9A67520
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B98834543_2_00007FF6B9883454
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A6F4903_2_00007FF6B9A6F490
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A778E03_2_00007FF6B9A778E0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A679303_2_00007FF6B9A67930
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B99E78803_2_00007FF6B99E7880
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A82EE83_2_00007FF6B9A82EE8
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A671103_2_00007FF6B9A67110
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A7B0083_2_00007FF6B9A7B008
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A6A2403_2_00007FF6B9A6A240
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A3E4403_2_00007FF6B9A3E440
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B987E5503_2_00007FF6B987E550
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B98BE8103_2_00007FF6B98BE810
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A79CC03_2_00007FF6B9A79CC0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A89E643_2_00007FF6B9A89E64
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A3DE8C3_2_00007FF6B9A3DE8C
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B99E9E203_2_00007FF6B99E9E20
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A815783_2_00007FF6B9A81578
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A7CA743_2_00007FF6B9A7CA74
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A7C3F43_2_00007FF6B9A7C3F4
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A688903_2_00007FF6B9A68890
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF74100EA304_2_00007FF74100EA30
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF741020A204_2_00007FF741020A20
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF741022AB04_2_00007FF741022AB0
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF7410271A84_2_00007FF7410271A8
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF74101E4CC4_2_00007FF74101E4CC
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF74101EB4C4_2_00007FF74101EB4C
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF7410193C04_2_00007FF7410193C0
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF74101CEB44_2_00007FF74101CEB4
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF741011D844_2_00007FF741011D84
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF7410195CC4_2_00007FF7410195CC
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF74101A6104_2_00007FF74101A610
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF74101E0384_2_00007FF74101E038
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF741022F4C4_2_00007FF741022F4C
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF7410197D84_2_00007FF7410197D8
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF829B010_2_00007FF6DAF829B0
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF3202010_2_00007FF6DAF32020
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF7140810_2_00007FF6DAF71408
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF3A2E710_2_00007FF6DAF3A2E7
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF6B13810_2_00007FF6DAF6B138
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF4B8E810_2_00007FF6DAF4B8E8
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF4AC4410_2_00007FF6DAF4AC44
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF58C7B10_2_00007FF6DAF58C7B
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF41C9C10_2_00007FF6DAF41C9C
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF65B8410_2_00007FF6DAF65B84
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF70BCC10_2_00007FF6DAF70BCC
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF48BD010_2_00007FF6DAF48BD0
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF36BE810_2_00007FF6DAF36BE8
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF72A3C10_2_00007FF6DAF72A3C
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF57A4C10_2_00007FF6DAF57A4C
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF6AA6410_2_00007FF6DAF6AA64
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF53AA410_2_00007FF6DAF53AA4
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF4EADC10_2_00007FF6DAF4EADC
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF7DAF810_2_00007FF6DAF7DAF8
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF76B2410_2_00007FF6DAF76B24
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF6597810_2_00007FF6DAF65978
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF7F99010_2_00007FF6DAF7F990
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF529C410_2_00007FF6DAF529C4
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF389EC10_2_00007FF6DAF389EC
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF479F010_2_00007FF6DAF479F0
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF3E0B810_2_00007FF6DAF3E0B8
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF7B13410_2_00007FF6DAF7B134
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF82FB410_2_00007FF6DAF82FB4
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF3EE4C10_2_00007FF6DAF3EE4C
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF4CE9C10_2_00007FF6DAF4CE9C
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF80EA010_2_00007FF6DAF80EA0
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF65D8810_2_00007FF6DAF65D88
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF8246410_2_00007FF6DAF82464
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF674A010_2_00007FF6DAF674A0
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF7D4A810_2_00007FF6DAF7D4A8
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF6536410_2_00007FF6DAF65364
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF3E38010_2_00007FF6DAF3E380
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF5A38810_2_00007FF6DAF5A388
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF6C3E010_2_00007FF6DAF6C3E0
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF5941010_2_00007FF6DAF59410
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF382E710_2_00007FF6DAF382E7
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF771A410_2_00007FF6DAF771A4
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF5B21010_2_00007FF6DAF5B210
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF678A410_2_00007FF6DAF678A4
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF4F8BC10_2_00007FF6DAF4F8BC
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF6C8EC10_2_00007FF6DAF6C8EC
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF738F010_2_00007FF6DAF738F0
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF5475010_2_00007FF6DAF54750
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF4C76810_2_00007FF6DAF4C768
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF6577410_2_00007FF6DAF65774
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF3B81410_2_00007FF6DAF3B814
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF6E82010_2_00007FF6DAF6E820
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF6683410_2_00007FF6DAF66834
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF7669010_2_00007FF6DAF76690
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF4271010_2_00007FF6DAF42710
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF7D72410_2_00007FF6DAF7D724
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF6556810_2_00007FF6DAF65568
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF4057410_2_00007FF6DAF40574
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF7C57C10_2_00007FF6DAF7C57C
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: String function: 00007FF6B9828130 appears 77 times
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: String function: 00007FF6B9A344F0 appears 41 times
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: String function: 00007FF6B9814950 appears 118 times
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: String function: 00007FF6B98151C0 appears 341 times
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: String function: 00007FF6DAF23B20 appears 46 times
Source: Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal48.evad.winEXE@34/66@29/16
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0040498A GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_0040498A
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF74100D8C0 CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,CloseHandle,Process32NextW,CloseHandle,4_2_00007FF74100D8C0
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B98272C0 LoadResource,LockResource,SizeofResource,3_2_00007FF6B98272C0
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\scoped_dir8872_213608675Jump to behavior
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\PCAppStoreJump to behavior
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd8BA9.tmpJump to behavior
Source: Setup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Users\user\Desktop\Setup.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: PcAppStore.exe, 00000003.00000002.4598767062.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678756281.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787297992.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791465662.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034777257.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029815270.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457688359.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593608789.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drBinary or memory string: SELECT sql FROM%d UNION ALL SELECT shell_add_schema(sql,mainNULL,name) AS sql, type, tbl_name, name, rowid, AS snum, AS sname FROM .sqlite_schema UNION ALL SELECT shell_module_schema(name), 'table', name, name, name, 9e+99, 'main' FROM pragma_module_list) WHERE %Qlower(printf('%s.%s',sname,tbl_name))lower(tbl_name) GLOB LIKE ESCAPE '\' AND name NOT LIKE 'sqlite_%%' AND sql IS NOT NULL ORDER BY snum, rowidSQL: %s;
Source: PcAppStore.exe, 00000003.00000002.4598767062.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678756281.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787297992.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791465662.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034777257.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029815270.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457688359.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593608789.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drBinary or memory string: INSERT INTO sqlite_schema(type,name,tbl_name,rootpage,sql)VALUES('table','%q','%q',0,'%q');%s
Source: PcAppStore.exe, 00000003.00000002.4598767062.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678756281.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787297992.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791465662.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034777257.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029815270.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457688359.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593608789.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: PcAppStore.exe, 00000003.00000002.4598767062.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678756281.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787297992.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791465662.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034777257.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029815270.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457688359.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593608789.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drBinary or memory string: SELECT max(length(key)) FROM temp.sqlite_parameters;
Source: PcAppStore.exe, 00000003.00000002.4598767062.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678756281.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787297992.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791465662.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034777257.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029815270.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457688359.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593608789.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drBinary or memory string: CREATE TABLE ColNames( cpos INTEGER PRIMARY KEY, name TEXT, nlen INT, chop INT, reps INT, suff TEXT);CREATE VIEW RepeatedNames AS SELECT DISTINCT t.name FROM ColNames t WHERE t.name COLLATE NOCASE IN ( SELECT o.name FROM ColNames o WHERE o.cpos<>t.cpos);
Source: PcAppStore.exe, 00000003.00000002.4598767062.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678756281.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787297992.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791465662.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034777257.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029815270.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457688359.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593608789.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drBinary or memory string: SELECT type,name,tbl_name,sql FROM sqlite_schema ORDER BY name;
Source: PcAppStore.exe, 00000003.00000002.4598767062.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678756281.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787297992.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791465662.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034777257.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029815270.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457688359.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593608789.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drBinary or memory string: SELECT key, quote(value) FROM temp.sqlite_parameters;
Source: PcAppStore.exe, 00000003.00000002.4598767062.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678756281.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787297992.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791465662.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034777257.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029815270.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457688359.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593608789.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drBinary or memory string: SELECT 'CREATE TEMP' || substr(sql, 7) FROM sqlite_schema WHERE tbl_name = %Q AND type IN ('table', 'trigger') ORDER BY type;
Source: PcAppStore.exe, 00000003.00000002.4598767062.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678756281.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787297992.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791465662.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034777257.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029815270.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457688359.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593608789.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drBinary or memory string: INSERT INTO selftest(tno,op,cmd,ans) SELECT rowid*10,op,cmd,ans FROM [_shell$self];
Source: PcAppStore.exe, 00000003.00000002.4598767062.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678756281.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787297992.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791465662.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034777257.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029815270.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457688359.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593608789.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drBinary or memory string: SELECT * FROM "%w" ORDER BY rowid DESC;Warning: cannot step "%s" backwardsSELECT name, sql FROM sqlite_schema WHERE %sError: (%d) %s on [%s]
Source: PcAppStore.exe, 00000003.00000002.4598767062.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678756281.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787297992.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791465662.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034777257.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029815270.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457688359.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593608789.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drBinary or memory string: INSERT INTO sqlite_schema(type,name,tbl_name,rootpage,sql)VALUES('table','%q','%q',0,'%q');
Source: PcAppStore.exe, 00000003.00000002.4598767062.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678756281.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787297992.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791465662.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034777257.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029815270.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457688359.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593608789.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: PcAppStore.exe, 00000003.00000002.4598767062.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678756281.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787297992.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791465662.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034777257.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029815270.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457688359.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593608789.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drBinary or memory string: SELECT * FROM "%w" ORDER BY rowid DESC;
Source: PcAppStore.exe, 00000003.00000002.4598767062.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678756281.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787297992.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791465662.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034777257.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029815270.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457688359.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593608789.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drBinary or memory string: SELECT tbl,idx,stat FROM sqlite_stat1 ORDER BY tbl,idx;
Source: PcAppStore.exe, 00000003.00000002.4598767062.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678756281.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787297992.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791465662.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034777257.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029815270.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457688359.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593608789.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drBinary or memory string: SELECT 'EXPLAIN QUERY PLAN SELECT 1 FROM ' || quote(s.name) || ' WHERE ' || group_concat(quote(s.name) || '.' || quote(f.[from]) || '=?' || fkey_collate_clause( f.[table], COALESCE(f.[to], p.[name]), s.name, f.[from]),' AND '), 'SEARCH ' || s.name || ' USING COVERING INDEX*(' || group_concat('*=?', ' AND ') || ')', s.name || '(' || group_concat(f.[from], ', ') || ')', f.[table] || '(' || group_concat(COALESCE(f.[to], p.[name])) || ')', 'CREATE INDEX ' || quote(s.name ||'_'|| group_concat(f.[from], '_')) || ' ON ' || quote(s.name) || '(' || group_concat(quote(f.[from]) || fkey_collate_clause( f.[table], COALESCE(f.[to], p.[name]), s.name, f.[from]), ', ') || ');', f.[table] FROM sqlite_schema AS s, pragma_foreign_key_list(s.name) AS f LEFT JOIN pragma_table_info AS p ON (pk-1=seq AND p.arg=f.[table]) GROUP BY s.name, f.id ORDER BY (CASE WHEN ? THEN f.[table] ELSE s.name END)
Source: PcAppStore.exe, 00000003.00000002.4598767062.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678756281.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787297992.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791465662.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034777257.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029815270.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457688359.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593608789.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drBinary or memory string: SELECT 'CREATE TEMP' || substr(sql, 7) FROM sqlite_schema WHERE tbl_name = %Q AND type IN ('table', 'trigger') ORDER BY type;ALTER TABLE temp.%Q RENAME TO %QINSERT INTO %Q VALUES(, %s?)UPDATE %Q SET , %s%Q=?DELETE FROM %QSELECT type, name, sql, 1 FROM sqlite_schema WHERE type IN ('table','view') AND name NOT LIKE 'sqlite_%%' UNION ALL SELECT type, name, sql, 2 FROM sqlite_schema WHERE type = 'trigger' AND tbl_name IN(SELECT name FROM sqlite_schema WHERE type = 'view') ORDER BY 4, 1CREATE TABLE x(, %s%Q COLLATE %s)CREATE VIRTUAL TABLE %Q USING expert(%Q)SELECT max(i.seqno) FROM sqlite_schema AS s, pragma_index_list(s.name) AS l, pragma_index_info(l.name) AS i WHERE s.type = 'table', %sx.%Q IS rem(%d, x.%Q) COLLATE %s%s%dSELECT %s FROM %Q x ORDER BY %sSELECT %s FROM temp.t592690916721053953805701627921227776 x ORDER BY %s%d %dDROP TABLE IF EXISTS temp.t592690916721053953805701627921227776CREATE TABLE temp.t592690916721053953805701627921227776 AS SELECT * FROM %QSELECT s.rowid, s.name, l.name FROM sqlite_schema AS s, pragma_index_list(s.name) AS l WHERE s.type = 'table'SELECT name, coll FROM pragma_index_xinfo(?) WHERE keyINSERT INTO sqlite_stat1 VALUES(?, ?, ?)ANALYZE; PRAGMA writable_schema=1remsampleDROP TABLE IF EXISTS temp.t592690916721053953805701627921227776ANALYZE sqlite_schemaDROP TABLE IF EXISTS temp.t592690916721053953805701627921227776:memory::memory:SELECT sql FROM sqlite_schema WHERE name NOT LIKE 'sqlite_%%' AND sql NOT LIKE 'CREATE VIRTUAL %%'Cannot find a unique index name to propose. -- stat1: %s;%s%s
Source: PcAppStore.exe, 00000003.00000002.4598767062.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678756281.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787297992.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791465662.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034777257.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029815270.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457688359.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593608789.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drBinary or memory string: INSERT OR IGNORE INTO "%s" VALUES(?,?);Error %d: %s on [%s]
Source: PcAppStore.exe, 00000003.00000002.4598767062.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678756281.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787297992.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791465662.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034777257.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029815270.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457688359.00007FF6B9B09000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593608789.00007FF6B9B08000.00000008.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.drBinary or memory string: SELECT name,seq FROM sqlite_sequence ORDER BY name;
Source: Setup.exeReversingLabs: Detection: 26%
Source: Setup.exeVirustotal: Detection: 32%
Source: PcAppStore.exeString found in binary or memory: /silent /install
Source: C:\Users\user\Desktop\Setup.exeFile read: C:\Users\user\Desktop\Setup.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Setup.exe "C:\Users\user\Desktop\Setup.exe"
Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pcapp.store/installing.php?guid=00000000-0000-0000-0000-D05099DB2397&winver=19042&version=fa.2009&nocache=20250311185930.728&_fcid=1741726344365755
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2192,i,16560485422673983836,16616803505807711791,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2208 /prefetch:3
Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PcAppStore.exe" /init default
Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Users\user\PCAppStore\Watchdog.exe "C:\Users\user\PCAppStore\Watchdog.exe" /guid=00000000-0000-0000-0000-D05099DB2397 /rid=20250311185932.2914303375 /ver=fa.2009
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --no-subproc-heap-profiling --field-trial-handle=5124,i,16560485422673983836,16616803505807711791,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5268 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --no-subproc-heap-profiling --field-trial-handle=5216,i,16560485422673983836,16616803505807711791,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4728 /prefetch:8
Source: unknownProcess created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PCAppStore.exe" /init default
Source: unknownProcess created: C:\Users\user\PCAppStore\AutoUpdater.exe "C:\Users\user\PCAppStore\AutoUpdater.exe" /i
Source: unknownProcess created: C:\Users\user\PCAppStore\Watchdog.exe "C:\Users\user\PCAppStore\Watchdog.exe" /guid=00000000-0000-0000-0000-D05099DB2397 /rid=20250311185932.2914303375 /ver=fa.2009
Source: unknownProcess created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PCAppStore.exe" /init default
Source: unknownProcess created: C:\Users\user\PCAppStore\AutoUpdater.exe "C:\Users\user\PCAppStore\AutoUpdater.exe" /i
Source: unknownProcess created: C:\Users\user\PCAppStore\Watchdog.exe "C:\Users\user\PCAppStore\Watchdog.exe" /guid=00000000-0000-0000-0000-D05099DB2397 /rid=20250311185932.2914303375 /ver=fa.2009
Source: C:\Users\user\PCAppStore\PcAppStore.exeProcess created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PcAppStore.exe" /init default /restart
Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pcapp.store/installing.php?guid=00000000-0000-0000-0000-D05099DB2397&winver=19042&version=fa.2009&nocache=20250311185930.728&_fcid=1741726344365755Jump to behavior
Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PcAppStore.exe" /init default Jump to behavior
Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Users\user\PCAppStore\Watchdog.exe "C:\Users\user\PCAppStore\Watchdog.exe" /guid=00000000-0000-0000-0000-D05099DB2397 /rid=20250311185932.2914303375 /ver=fa.2009Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2192,i,16560485422673983836,16616803505807711791,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2208 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --no-subproc-heap-profiling --field-trial-handle=5124,i,16560485422673983836,16616803505807711791,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5268 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --no-subproc-heap-profiling --field-trial-handle=5216,i,16560485422673983836,16616803505807711791,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4728 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeProcess created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PcAppStore.exe" /init default /restartJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wlanapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: pcappdebugger.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: eventsviewer.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wlanapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: pcappdebugger.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: eventsviewer.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: urlmon.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: winhttp.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: iertutil.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: srvcli.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: netutils.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: edgegdi.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: windows.storage.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: wldp.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: uxtheme.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: wininet.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: sspicli.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: profapi.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: mswsock.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: winnsi.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: dpapi.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: msasn1.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: cryptsp.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: rsaenh.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: cryptbase.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: gpapi.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: dnsapi.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: schannel.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: ntasn1.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: ncrypt.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: version.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: urlmon.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: iertutil.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: srvcli.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: netutils.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wlanapi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: winhttp.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: dwmapi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: secur32.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wininet.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: msi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: profapi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: sspicli.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: edgegdi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wbemcomn.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: amsi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: userenv.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: pcappdebugger.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: eventsviewer.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: urlmon.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: winhttp.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: iertutil.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: srvcli.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: netutils.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: edgegdi.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: wbemcomn.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: amsi.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: userenv.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: profapi.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: webio.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: mswsock.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: winnsi.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: sspicli.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: dnsapi.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: schannel.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: ntasn1.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: ncrypt.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: msasn1.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: cryptsp.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: rsaenh.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: cryptbase.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: gpapi.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: dpapi.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: uxtheme.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: wininet.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: windows.storage.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: wldp.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: urlmon.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: winhttp.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: iertutil.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: srvcli.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: netutils.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: edgegdi.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: windows.storage.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: wldp.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: uxtheme.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: wininet.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: sspicli.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: profapi.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: mswsock.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: winnsi.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: dpapi.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: msasn1.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: cryptsp.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: rsaenh.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: cryptbase.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: gpapi.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: dnsapi.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: schannel.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: ntasn1.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: ncrypt.dll
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: version.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: urlmon.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: iertutil.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: srvcli.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: netutils.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wlanapi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: winhttp.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: dwmapi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: secur32.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wininet.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: msi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: profapi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: sspicli.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: edgegdi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wbemcomn.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: amsi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: userenv.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: pcappdebugger.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: eventsviewer.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: propsys.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: uxtheme.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wbemcomn.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: winnsi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: windows.storage.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wldp.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: mswsock.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: dpapi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: msasn1.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: cryptsp.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: rsaenh.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: cryptbase.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: gpapi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: dnsapi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: schannel.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: ntasn1.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: ncrypt.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: webio.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: windows.ui.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: windowmanagementapi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: textinputframework.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: inputhost.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: coremessaging.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wintypes.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: coremessaging.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: coremessaging.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wintypes.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: ntmarta.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: coremessaging.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: winsta.dll
Source: C:\Users\user\Desktop\Setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: PC App Store.lnk.0.drLNK file: ..\..\..\..\..\..\PCAppStore\PcAppStore.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\scoped_dir8872_213608675Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_BITS_8872_1580283357Jump to behavior
Source: C:\Users\user\Desktop\Setup.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCAppStoreJump to behavior
Source: Setup.exeStatic PE information: certificate valid
Source: Setup.exeStatic file information: File size 1990736 > 1048576
Source: Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Build\Build_2009_D20250220T163010\fa_rss\engine\Release\PCAppStore.pdb source: PcAppStore.exe, 00000003.00000002.4598633668.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678634675.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791283394.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000000.3787156029.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000000.4029721404.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 0000000D.00000002.4034626005.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000000.4593511802.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000011.00000002.5457508235.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe.0.dr
Source: Binary string: C:\Build\Build_2009_D20250220T163010\fa_rss\AppStoreUpdater\Release\auto_updater.pdb1 source: AutoUpdater.exe, 0000000A.00000000.3867391210.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe, 0000000A.00000002.3884907412.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe, 0000000E.00000000.4109925472.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe, 0000000E.00000002.4125890892.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe.0.dr
Source: Binary string: C:\Users\zak\Downloads\Inetc\Unicode\Plugins\inetc.pdb source: inetc.dll.0.dr
Source: Binary string: C:\Build\Build_2009_D20250220T163010\fa_rss\AppStoreUpdater\Release\auto_updater.pdb source: AutoUpdater.exe, 0000000A.00000000.3867391210.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe, 0000000A.00000002.3884907412.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe, 0000000E.00000000.4109925472.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe, 0000000E.00000002.4125890892.00007FF6DAF8A000.00000002.00000001.01000000.00000012.sdmp, AutoUpdater.exe.0.dr
Source: Binary string: C:\Build\Build_2009_D20250220T163010\fa_rss\Watchdog\x64\Release\Watchdog.pdb source: Watchdog.exe, 00000004.00000000.3682250163.00007FF74102A000.00000002.00000001.01000000.00000010.sdmp, Watchdog.exe, 00000004.00000002.5455861086.00007FF74102A000.00000002.00000001.01000000.00000010.sdmp, Watchdog.exe, 0000000B.00000002.5455981953.00007FF74102A000.00000002.00000001.01000000.00000010.sdmp, Watchdog.exe, 0000000B.00000000.3948251288.00007FF74102A000.00000002.00000001.01000000.00000010.sdmp, Watchdog.exe, 0000000F.00000000.4190554794.00007FF74102A000.00000002.00000001.01000000.00000010.sdmp, Watchdog.exe, 0000000F.00000002.5456051723.00007FF74102A000.00000002.00000001.01000000.00000010.sdmp, Watchdog.exe.0.dr
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B98B28D0 RoGetActivationFactory,LoadLibraryW,GetProcAddress,RoGetActivationFactory,GetErrorInfo,LoadLibraryW,GetProcAddress,3_2_00007FF6B98B28D0
Source: Setup.exeStatic PE information: real checksum: 0x1ee5cc should be: 0x1e8a71
Source: Math.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x155a8
Source: System.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x3d68
Source: nsJSON.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x6718
Source: inetc.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x13c41
Source: NSISFastLib.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x30512
Source: nsDialogs.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x2f9b
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A20C70 URLDownloadToFileW,ShellExecuteExW,3_2_00007FF6B9A20C70
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nst8BBA.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\PCAppStore\PcAppStore.exeJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\PCAppStore\AutoUpdater.exeJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nst8BBA.tmp\nsJSON.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nst8BBA.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\PCAppStore\Uninstaller.exeJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nst8BBA.tmp\NSISFastLib.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\PCAppStore\Watchdog.exeJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nst8BBA.tmp\Math.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nst8BBA.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\PCAppStore\ReadMe.txtJump to behavior

Boot Survival

barindex
Creates multiple autostart registry keys
Source: C:\Users\user\Desktop\Setup.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PcAppStoreUpdaterJump to behavior
Source: C:\Users\user\Desktop\Setup.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WatchdogJump to behavior
Source: C:\Users\user\Desktop\Setup.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PCAppStoreJump to behavior
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnkJump to behavior
Source: C:\Users\user\Desktop\Setup.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PCAppStoreJump to behavior
Source: C:\Users\user\Desktop\Setup.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PCAppStoreJump to behavior
Source: C:\Users\user\Desktop\Setup.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PcAppStoreUpdaterJump to behavior
Source: C:\Users\user\Desktop\Setup.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PcAppStoreUpdaterJump to behavior
Source: C:\Users\user\Desktop\Setup.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WatchdogJump to behavior
Source: C:\Users\user\Desktop\Setup.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WatchdogJump to behavior
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\AutoUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\PcAppStore.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Caption from Win32_DiskDrive
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Size from Win32_DiskDrive
Source: C:\Users\user\PCAppStore\Watchdog.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeThread delayed: delay time: 300000
Source: C:\Users\user\PCAppStore\Watchdog.exeThread delayed: delay time: 300000
Source: C:\Users\user\PCAppStore\PcAppStore.exeWindow / User API: threadDelayed 918Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeWindow / User API: threadDelayed 5730Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeWindow / User API: threadDelayed 976
Source: C:\Users\user\PCAppStore\PcAppStore.exeWindow / User API: threadDelayed 5604
Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst8BBA.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst8BBA.tmp\nsJSON.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst8BBA.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\PCAppStore\Uninstaller.exeJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst8BBA.tmp\NSISFastLib.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst8BBA.tmp\Math.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst8BBA.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\PCAppStore\PcAppStore.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_3-104582
Source: C:\Users\user\PCAppStore\Watchdog.exeAPI coverage: 9.2 %
Source: C:\Users\user\PCAppStore\Watchdog.exe TID: 1416Thread sleep time: -120000s >= -30000sJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe TID: 8324Thread sleep time: -300000s >= -30000sJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe TID: 1416Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe TID: 3680Thread sleep time: -120000s >= -30000s
Source: C:\Users\user\PCAppStore\Watchdog.exe TID: 3680Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\PCAppStore\Watchdog.exe TID: 7328Thread sleep time: -300000s >= -30000s
Source: C:\Users\user\PCAppStore\Watchdog.exe TID: 9976Thread sleep time: -120000s >= -30000s
Source: C:\Users\user\PCAppStore\Watchdog.exe TID: 8700Thread sleep time: -300000s >= -30000s
Source: C:\Users\user\PCAppStore\Watchdog.exe TID: 9976Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select ReleaseDate from Win32_BIOS
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select UUID from Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Vendor from Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Version from Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select TotalPhysicalMemory from Win32_ComputerSystem
Source: C:\Users\user\PCAppStore\PcAppStore.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\PCAppStore\PcAppStore.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\PCAppStore\AutoUpdater.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\PCAppStore\PcAppStore.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\PCAppStore\AutoUpdater.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\PCAppStore\PcAppStore.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Users\user\PCAppStore\Watchdog.exeLast function: Thread delayed
Source: C:\Users\user\PCAppStore\Watchdog.exeLast function: Thread delayed
Source: C:\Users\user\PCAppStore\Watchdog.exeLast function: Thread delayed
Source: C:\Users\user\PCAppStore\PcAppStore.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C49
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406873 FindFirstFileW,FindClose,0_2_00406873
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B98B7C00 FindFirstFileExW,GetLastError,DeleteFileW,FindNextFileW,GetLastError,RemoveDirectoryW,3_2_00007FF6B98B7C00
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A3DE8C GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,3_2_00007FF6B9A3DE8C
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A3DDDC FindClose,FindFirstFileExW,GetLastError,GetCurrentDirectoryW,GetLastError,3_2_00007FF6B9A3DDDC
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF741020A20 FindFirstFileExW,FindNextFileW,FindClose,FindClose,4_2_00007FF741020A20
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF741011D10 FindClose,FindFirstFileExW,GetLastError,4_2_00007FF741011D10
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF741011D84 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,4_2_00007FF741011D84
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF2D8B0 wsprintfW,FindFirstFileW,wsprintfW,DeleteFileW,FindNextFileW,FindClose,10_2_00007FF6DAF2D8B0
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF7DAF8 FindFirstFileExW,FindNextFileW,FindClose,FindClose,10_2_00007FF6DAF7DAF8
Source: C:\Users\user\PCAppStore\Watchdog.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeThread delayed: delay time: 60000
Source: C:\Users\user\PCAppStore\Watchdog.exeThread delayed: delay time: 60000
Source: C:\Users\user\PCAppStore\Watchdog.exeThread delayed: delay time: 300000
Source: C:\Users\user\PCAppStore\Watchdog.exeThread delayed: delay time: 60000
Source: C:\Users\user\PCAppStore\Watchdog.exeThread delayed: delay time: 300000
Source: C:\Users\user\PCAppStore\Watchdog.exeThread delayed: delay time: 60000
Source: AutoUpdater.exe, 0000000A.00000002.3883349819.00000281F6EB5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(( H
Source: PcAppStore.exe, 00000009.00000002.3790492188.0000016310314000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000009.00000003.3789385816.0000016310313000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000009.00000003.3789217093.0000016310309000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWmRbWJ
Source: Watchdog.exe, 0000000B.00000003.4249797700.000001E913E4D000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000002.5454522713.000001E913E4D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%\System32\wuaueng.dll,-400
Source: Watchdog.exe, 0000000F.00000002.5454257799.00000205B3E68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`w
Source: AutoUpdater.exe, 0000000E.00000002.4124786793.000001B678847000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
Source: Setup.exe, 00000000.00000002.3694361478.0000000002C1C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.3694361478.0000000002C10000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000002.4595228236.0000020196582000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000003.00000002.4595228236.00000201964DF000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 00000004.00000002.5454156624.00000176A27C3000.00000004.00000020.00020000.00000000.sdmp, AutoUpdater.exe, 0000000A.00000002.3883349819.00000281F6F1D000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000002.5455040187.000001E913F0C000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000002.5454522713.000001E913E76000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000003.4249260331.000001E913F0C000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000003.4249797700.000001E913E76000.00000004.00000020.00020000.00000000.sdmp, AutoUpdater.exe, 0000000E.00000002.4124786793.000001B678893000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Watchdog.exe, 0000000F.00000002.5454257799.00000205B3E3E000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4954502025.0000021B9F485000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.4896734431.0000021B9F484000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5390515434.0000021B9F484000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5063151284.0000021B9F485000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000002.5454704918.0000021B9F485000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000011.00000003.5171067122.0000021B9F484000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWF
Source: Watchdog.exe, 00000004.00000002.5454156624.00000176A2740000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-USn
Source: Setup.exe, 00000000.00000002.3694361478.0000000002C1C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW=
Source: Watchdog.exe, 00000004.00000002.5454156624.00000176A276A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
Source: AutoUpdater.exe, 0000000A.00000002.3883349819.00000281F6EB5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW03
Source: PcAppStore.exe, 00000009.00000002.3790256980.0000016310309000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000009.00000003.3789217093.0000016310309000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000D.00000003.4031200637.000001CB68529000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000D.00000002.4033527029.000001CB68529000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000D.00000003.4031718463.000001CB68529000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\Setup.exeAPI call chain: ExitProcess graph end nodegraph_0-3519
Source: C:\Users\user\Desktop\Setup.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A63C58 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF6B9A63C58
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9803BF4 LoadLibraryW,GetProcAddress,GetLastError,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,GetLastError,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,GetProcAddress,FreeLibrary,3_2_00007FF6B9803BF4
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B98B28D0 RoGetActivationFactory,LoadLibraryW,GetProcAddress,RoGetActivationFactory,GetErrorInfo,LoadLibraryW,GetProcAddress,3_2_00007FF6B98B28D0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B981FA50 GetProcessHeap,3_2_00007FF6B981FA50
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A63C58 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF6B9A63C58
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A5E178 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF6B9A5E178
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF741012B78 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00007FF741012B78
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF7410136CC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF7410136CC
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF741018598 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF741018598
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF7410138B0 SetUnhandledExceptionFilter,4_2_00007FF7410138B0
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF5DC8C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00007FF6DAF5DC8C
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF5E060 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00007FF6DAF5E060
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF63028 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00007FF6DAF63028
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: 10_2_00007FF6DAF5DE70 SetUnhandledExceptionFilter,10_2_00007FF6DAF5DE70
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A20C70 URLDownloadToFileW,ShellExecuteExW,3_2_00007FF6B9A20C70
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9844A00 keybd_event,keybd_event,3_2_00007FF6B9844A00
Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pcapp.store/installing.php?guid=00000000-0000-0000-0000-D05099DB2397&winver=19042&version=fa.2009&nocache=20250311185930.728&_fcid=1741726344365755Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeProcess created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PcAppStore.exe" /init default /restartJump to behavior
Source: PcAppStore.exe, 00000003.00000002.4598633668.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678634675.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791283394.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: o@C:\Build\Build_2009_D20250220T163010\fa_rss\engine\packages\Microsoft.Windows.ImplementationLibrary.1.0.240803.1\include\wil\resource.hC:\Build\Build_2009_D20250220T163010\fa_rss\engine\packages\Microsoft.Windows.ImplementationLibrary.1.0.240803.1\include\wil\resource.hC:\Build\Build_2009_D20250220T163010\fa_rss\engine\packages\Microsoft.Windows.ImplementationLibrary.1.0.240803.1\include\wil\resource.hC:\Build\Build_2009_D20250220T163010\fa_rss\engine\packages\Microsoft.Windows.ImplementationLibrary.1.0.240803.1\include\wil\resource.hC:\Build\Build_2009_D20250220T163010\fa_rss\engine\packages\Microsoft.Windows.ImplementationLibrary.1.0.240803.1\include\wil\resource.hC:\Build\Build_2009_D20250220T163010\fa_rss\engine\packages\Microsoft.Windows.ImplementationLibrary.1.0.240803.1\include\wil\resource.hShell_TrayWndWilError_03C:\Build\Build_2009_D20250220T163010\fa_rss\engine\packages\Microsoft.Windows.ImplementationLibrary.1.0.240803.1\include\wil\resource.hC:\Build\Build_2009_D20250220T163010\fa_rss\engine\packages\Microsoft.Windows.ImplementationLibrary.1.0.240803.1\include\wil\resource.hC:\Build\Build_2009_D20250220T163010\fa_rss\engine\packages\Microsoft.Windows.ImplementationLibrary.1.0.240803.1\include\wil\resource.hC:\Build\Build_2009_D20250220T163010\fa_rss\engine\packages\Microsoft.Windows.ImplementationLibrary.1.0.240803.1\include\wil\resource.hC:\Build\Build_2009_D20250220T163010\fa_rss\engine\packages\Microsoft.Windows.ImplementationLibrary.1.0.240803.1\include\wil\resource.hC:\Build\Build_2009_D20250220T163010\fa_rss\engine\packages\Microsoft.Windows.ImplementationLibrary.1.0.240803.1\include\wil\resource.h{"action":"direction_changed","data":{"direction":"%c", "withTopbar":false}}{"action":"screen_size_changed","data":{"withTopbar":false,"t":%d,"l":%d,"b":%d,"r":%d}}{"action":"locale_layout_changed","data":{"localeLayout": "%ws"}}
Source: PcAppStore.exeBinary or memory string: Shell_TrayWnd
Source: PcAppStore.exe.0.drBinary or memory string: eM=%ws&eC=%deM=%wshttps://pcapp.store/pixel.gifShell_SecondaryTrayWndtype must be string, but is Shell_TrayWndcreate_directory_faileddelete_file_failedcreate_directory_after_file_deletion_failedproductdirectory_creation_error\*0e+000e+00RoGetActivationFactorycombase.dllCoIncrementMTAUsagecombase.dll.dllDllGetActivationFactoryparamsnameRoGetActivationFactorycombase.dllCoIncrementMTAUsagecombase.dll.dllDllGetActivationFactory^(https?://(?:www\.)?([^/]+))(/.*)?$URL format is not valid : %wsWinHTTP 1.0handle initialization failuretimeout init failurehandle connection failureGEThandle request creation failurehandle request or response failurefile creation failurequery data not availableproductr_binErreCode=%dproductcreate_shortcutshortcut_erroroid=%luSHGetFolderPath_error_code=%X&oid=%luQueryInterface_error_code=%X&oid=%luCoCreateInstance_error_code=%X&oid=%lu.lnkShell_TrayWndnfinityanindsnannfinityanindsnan0p+00p+0type must be string, but is infnan(ind)nannan(snan)unknowninfnan(ind)nannan(snan)menu_storemenu_searchinfnan(ind)nannan(snan)infnan(ind)nannan(snan)https://pcapp.storeinfnan(ind)nannan(snan)%02Xinfnan(ind)nannan(snan)\/unknownLTRRTLLTRSoftware\PCAppStoreAppParamdefaultC++/WinRT version:2.0.220110.5\\\HKEY_CLASSES_ROOTHKEY_CURRENT_USERHKEY_LOCAL_MACHINEHKEY_USERSHKEY_CURRENT_CONFIGCurrentBuildBuildNumberSOFTWARE\Microsoft\Windows NT\CurrentVersionSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon%lu%us%5B%5D=\u@N+@
Source: PcAppStore.exe, 00000003.00000002.4598633668.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000003.00000000.3678634675.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmp, PcAppStore.exe, 00000009.00000002.3791283394.00007FF6B9AAA000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: eM=%ws&eC=%deM=%wshttps://pcapp.store/pixel.gifShell_SecondaryTrayWndtype must be string, but is Shell_TrayWndcreate_directory_faileddelete_file_failedcreate_directory_after_file_deletion_failedproductdirectory_creation_error\*0e+000e+00RoGetActivationFactorycombase.dllCoIncrementMTAUsagecombase.dll.dllDllGetActivationFactoryparamsnameRoGetActivationFactorycombase.dllCoIncrementMTAUsagecombase.dll.dllDllGetActivationFactory^(https?://(?:www\.)?([^/]+))(/.*)?$URL format is not valid : %wsWinHTTP 1.0handle initialization failuretimeout init failurehandle connection failureGEThandle request creation failurehandle request or response failurefile creation failurequery data not availableproductr_binErreCode=%dproductcreate_shortcutshortcut_erroroid=%luSHGetFolderPath_error_code=%X&oid=%luQueryInterface_error_code=%X&oid=%luCoCreateInstance_error_code=%X&oid=%lu.lnkShell_TrayWndnfinityanindsnannfinityanindsnan0p+00p+0type must be string, but is infnan(ind)nannan(snan)unknowninfnan(ind)nannan(snan)menu_storemenu_searchinfnan(ind)nannan(snan)infnan(ind)nannan(snan)https://pcapp.storeinfnan(ind)nannan(snan)%02Xinfnan(ind)nannan(snan)\/unknownLTRRTLLTRSoftware\PCAppStoreAppParamdefaultC++/WinRT version:2.0.220110.5\\\HKEY_CLASSES_ROOTHKEY_CURRENT_USERHKEY_LOCAL_MACHINEHKEY_USERSHKEY_CURRENT_CONFIGCurrentBuildBuildNumberSOFTWARE\Microsoft\Windows NT\CurrentVersionSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon%lu%us%5B%5D=\u@N
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 4_2_00007FF741026EC0 cpuid 4_2_00007FF741026EC0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: GetLocaleInfoEx,GetLocaleInfoEx,3_2_00007FF6B98BD240
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: GetLocaleInfoW,3_2_00007FF6B9A7DDA0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: EnumSystemLocalesW,3_2_00007FF6B9A89304
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: EnumSystemLocalesW,3_2_00007FF6B9A89234
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: GetLocaleInfoEx,FormatMessageA,3_2_00007FF6B9A3D5F0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,3_2_00007FF6B9A89920
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: EnumSystemLocalesW,3_2_00007FF6B9A7D808
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_00007FF6B9A8973C
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: GetLocaleInfoEx,3_2_00007FF6B9A5CC88
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,3_2_00007FF6B9A88ED8
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: GetLocaleInfoEx,FormatMessageA,4_2_00007FF741011A78
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,10_2_00007FF6DAF81C94
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: GetLocaleInfoW,10_2_00007FF6DAF81B3C
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: EnumSystemLocalesW,10_2_00007FF6DAF77BF4
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: GetLocaleInfoW,10_2_00007FF6DAF78134
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,10_2_00007FF6DAF81E78
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: GetLocaleInfoW,10_2_00007FF6DAF81D44
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,10_2_00007FF6DAF81430
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: EnumSystemLocalesW,10_2_00007FF6DAF8185C
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,10_2_00007FF6DAF818F4
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: GetLocaleInfoEx,10_2_00007FF6DAF5C73C
Source: C:\Users\user\PCAppStore\AutoUpdater.exeCode function: EnumSystemLocalesW,10_2_00007FF6DAF8178C
Source: C:\Users\user\Desktop\Setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A427E0 GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime,3_2_00007FF6B9A427E0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 3_2_00007FF6B9A83164 GetTimeZoneInformation,3_2_00007FF6B9A83164
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiSpywareProduct
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiVirusProduct
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from FirewallProduct

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts141
Windows Management Instrumentation		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Deobfuscate/Decode Files or Information		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		24
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts2
Native API		1
DLL Search Order Hijacking		1
DLL Side-Loading		1
Obfuscated Files or Information		LSASS Memory1
Network Service Discovery		Remote Desktop Protocol2
Clipboard Data		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts2
Command and Scripting Interpreter		1
Windows Service		1
DLL Search Order Hijacking		1
DLL Side-Loading		Security Account Manager1
System Network Connections Discovery		SMB/Windows Admin SharesData from Network Shared Drive4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron111
Registry Run Keys / Startup Folder		1
Access Token Manipulation		1
DLL Search Order Hijacking		NTDS2
File and Directory Discovery		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
Windows Service		3
Masquerading		LSA Secrets165
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
Process Injection		141
Virtualization/Sandbox Evasion		Cached Domain Credentials261
Security Software Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items111
Registry Run Keys / Startup Folder		1
Access Token Manipulation		DCSync141
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
Process Injection		Proc Filesystem3
Process Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
Application Window Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1635751 Sample: Setup.exe Startdate: 11/03/2025 Architecture: WINDOWS Score: 48 44 pcapp.store 2->44 46 d74queuslupub.cloudfront.net 2->46 66 Multi AV Scanner detection for submitted file 2->66 8 Setup.exe 13 55 2->8         started        13 AutoUpdater.exe 15 2->13         started        15 Watchdog.exe 2->15         started        17 4 other processes 2->17 signatures3 process4 dnsIp5 56 pcapp.store 209.222.21.115, 443, 49747, 49748 AS-CHOOPAUS United States 8->56 36 C:\Users\user\PCAppStore\Watchdog.exe, PE32+ 8->36 dropped 38 C:\Users\user\PCAppStore\Uninstaller.exe, PE32 8->38 dropped 40 C:\Users\user\PCAppStore\PcAppStore.exe, PE32+ 8->40 dropped 42 7 other files (1 malicious) 8->42 dropped 70 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 8->70 72 Creates multiple autostart registry keys 8->72 19 PcAppStore.exe 19 8->19         started        22 Watchdog.exe 13 8->22         started        25 chrome.exe 2 8->25         started        74 Multi AV Scanner detection for dropped file 13->74 58 18.164.116.125, 443, 49868 MIT-GATEWAYSUS United States 15->58 file6 signatures7 process8 dnsIp9 68 Multi AV Scanner detection for dropped file 19->68 27 PcAppStore.exe 19->27         started        48 d74queuslupub.cloudfront.net 18.164.116.25, 443, 49761, 49850 MIT-GATEWAYSUS United States 22->48 50 192.168.11.10 unknown unknown 25->50 52 192.168.11.20, 137, 138, 1900 unknown unknown 25->52 54 239.255.255.250, 1900 unknown Reserved 25->54 29 chrome.exe 25->29         started        32 chrome.exe 25->32         started        34 chrome.exe 6 25->34         started        signatures10 process11 dnsIp12 60 analytics.google.com 142.250.65.174, 443, 49797, 49831 GOOGLEUS United States 29->60 62 td.doubleclick.net 142.250.80.66, 443, 49789, 49790 GOOGLEUS United States 29->62 64 12 other IPs or domains 29->64

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.