Overview

overview

8

Static

static

GeForceNOW...se.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    678s
  • max time network
    685s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2022 10:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GeForceNOW-release.exe

  • Size

    138.1MB

  • MD5

    502efa1c0f0f15bedf4175f3fd9b4c11

  • SHA1

    b9fff4322ef45d86bd29af4759177b470ebd3cf0

  • SHA256

    b0b0e1ed10167552a486c71b4de452209026003f5f293d0e42363230ce801427

  • SHA512

    6284bb8f0a6de415151fa6885e5aee58258039213cb9d2c8f85e3c437937848c8f69a17a8204af5d480228f265b7ee08b24495d8b25d4a2ec3c98188577c0828

  • SSDEEP

    3145728:VOmX/cWwMJHCqgLMjOzwUYhEnwFaK5sR1aEUP1/Th:XvL/4LhwUYBB5sR1aJN

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 32 IoCs
  • Registers COM server for autorun 1 TTPs 64 IoCs
    persistence
  • Sets file execution options in registry 2 TTPs 4 IoCs
    persistence
  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 64 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 11 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 41 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 15 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 58 IoCs
  • Suspicious use of SendNotifyMessage 53 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\GeForceNOW-release.exe
    "C:\Users\Admin\AppData\Local\Temp\GeForceNOW-release.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1788
    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\setup.exe" -log:"C:\Users\Admin\AppData\Local\NVIDIA\logs\GeForceNOW\Installer" -loglevel:6 -showProgressBar:false
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4484
      • C:\Windows\SysWOW64\RunDll32.EXE
        C:\Windows\SysWOW64\RunDll32.EXE C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\GeforceNOW\GfnPcExt.dll,LaunchUACTasks C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\GeforceNOW
        3⤵
        • Loads dropped DLL
        PID:2596
      • C:\Windows\system32\Rundll32.exe
        C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\GeforceNOW\NvConfigGenerator.dll ,GenerateConfigs "PACKAGE_ID|GeForceNOW;SOURCE|C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\GeforceNOW\configs\messagebus.conf;TARGET|C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\nvc\localuser\messagebus.conf;NVCONTAINER_INSTALL_ROOT|C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\dependencies;NV_LOG_PATH|C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\logs\NvContainer"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2140
        • C:\Windows\SysWOW64\rundll32.exe
          C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\GeforceNOW\NvConfigGenerator.dll ,GenerateConfigs "PACKAGE_ID|GeForceNOW;SOURCE|C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\GeforceNOW\configs\messagebus.conf;TARGET|C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\nvc\localuser\messagebus.conf;NVCONTAINER_INSTALL_ROOT|C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\dependencies;NV_LOG_PATH|C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\logs\NvContainer"
          4⤵
          • Loads dropped DLL
          PID:4808
      • C:\Windows\system32\Rundll32.exe
        C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\GeforceNOW\NvConfigGenerator.dll ,GenerateConfigs "PACKAGE_ID|GeForceNOW;SOURCE|C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\GeforceNOW\configs\x86\messagebus.conf;TARGET|C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\dependencies\x86\messagebus.conf;NVCONTAINER_INSTALL_ROOT|C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\dependencies\x86;NV_LOG_PATH|C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\logs\NvContainer"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1292
        • C:\Windows\SysWOW64\rundll32.exe
          C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\GeforceNOW\NvConfigGenerator.dll ,GenerateConfigs "PACKAGE_ID|GeForceNOW;SOURCE|C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\GeforceNOW\configs\x86\messagebus.conf;TARGET|C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\dependencies\x86\messagebus.conf;NVCONTAINER_INSTALL_ROOT|C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\dependencies\x86;NV_LOG_PATH|C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\logs\NvContainer"
          4⤵
          • Loads dropped DLL
          PID:3040
      • C:\Windows\system32\Rundll32.exe
        C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\GeforceNOW\NvConfigGenerator.dll ,GenerateConfigs "PACKAGE_ID|GeForceNOW;SOURCE|C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\GeforceNOW\configs\NvMessageBusBroadcast.json;TARGET|C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\nvc\localuser\NvMessageBusBroadcast.json;NVCONTAINER_INSTALL_ROOT|C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\\dependencies"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3616
        • C:\Windows\SysWOW64\rundll32.exe
          C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\GeforceNOW\NvConfigGenerator.dll ,GenerateConfigs "PACKAGE_ID|GeForceNOW;SOURCE|C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\GeforceNOW\configs\NvMessageBusBroadcast.json;TARGET|C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\nvc\localuser\NvMessageBusBroadcast.json;NVCONTAINER_INSTALL_ROOT|C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\\dependencies"
          4⤵
          • Loads dropped DLL
          PID:3208
      • C:\Windows\system32\Rundll32.exe
        C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\GeforceNOW\NvConfigGenerator.dll ,GenerateConfigs "PACKAGE_ID|GeForceNOW;SOURCE|C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\GeforceNOW\configs\GfnSdkHost.json;TARGET|C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\nvc\localuser\GfnSdkHost.json;NVCONTAINER_INSTALL_ROOT|C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\\dependencies"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4876
        • C:\Windows\SysWOW64\rundll32.exe
          C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\GeforceNOW\NvConfigGenerator.dll ,GenerateConfigs "PACKAGE_ID|GeForceNOW;SOURCE|C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\GeforceNOW\configs\GfnSdkHost.json;TARGET|C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\nvc\localuser\GfnSdkHost.json;NVCONTAINER_INSTALL_ROOT|C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\\dependencies"
          4⤵
          • Loads dropped DLL
          PID:3544
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c mklink /H "C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\nvc\localuser\NvTelemetry.json" "C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\data\configs\NvTelemetry.json"
        3⤵
          PID:2480
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c mklink /H "C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\nvc\localuser\NvTelemetry64.dll" "C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\NvTelemetry\NvTelemetry64.dll"
          3⤵
            PID:1660
          • C:\Windows\system32\RunDll32.EXE
            C:\Windows\system32\RunDll32.EXE "C:\Users\Admin\AppData\Local\NVIDIA Corporation\Installer2\CoreTemp.{7ABAE886-8A83-4EC8-B157-B7B21C98EDF2}\NVPrxy64.DLL",Proxy {1D305E2C-F717-4527-ADB1-BC5650254C26} true
            3⤵
            • Loads dropped DLL
            • Suspicious behavior: EnumeratesProcesses
            PID:4964
          • C:\Windows\system32\RunDll32.EXE
            C:\Windows\system32\RunDll32.EXE "C:\Users\Admin\AppData\Local\NVIDIA Corporation\Installer2\CoreTemp.{7ABAE886-8A83-4EC8-B157-B7B21C98EDF2}\NVPrxy64.DLL",Proxy {027C2C2C-60B5-46D2-9D34-4EF78AB93F04} true
            3⤵
            • Loads dropped DLL
            PID:3464
          • C:\Windows\SysWOW64\RunDll32.EXE
            C:\Windows\SysWOW64\RunDll32.EXE C:\Users\Admin\AppData\Local\Temp\NVI2_29.DLL,DeferredDelete {E6E32229-0299-4EF2-8690-609F918CC469} 4484 C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\setup.exe -noUAC
            3⤵
            • Loads dropped DLL
            • Suspicious use of AdjustPrivilegeToken
            PID:2200
      • C:\Windows\system32\taskmgr.exe
        "C:\Windows\system32\taskmgr.exe" /0
        1⤵
        • Checks SCSI registry key(s)
        • Checks processor information in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:2128
      • C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\GeForceNOW.exe
        "C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\GeForceNOW.exe"
        1⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Loads dropped DLL
        • Modifies system certificate store
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3216
        • C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\GeForceNOWContainer.exe
          "C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\GeForceNOWContainer.exe" -r -d "C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\nvc/localuser" -f "C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\logs\NvContainer\GeForceNOWContainer.log" -l 3
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          PID:3460
        • C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\GeForceNOW.exe
          "C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\GeForceNOW.exe" --type=gpu-process --no-sandbox --log-severity=info --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=UAAAAAAAAADgAgAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\debug.log" --mojo-platform-channel-handle=2200 --field-trial-handle=2252,i,8421612323652577700,4512506017218035414,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:3384
        • C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\GeForceNOW.exe
          "C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\GeForceNOW.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --no-sandbox --log-severity=info --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\debug.log" --mojo-platform-channel-handle=3180 --field-trial-handle=2252,i,8421612323652577700,4512506017218035414,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:420
        • C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\GeForceNOW.exe
          "C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\GeForceNOW.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=info --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\debug.log" --mojo-platform-channel-handle=3492 --field-trial-handle=2252,i,8421612323652577700,4512506017218035414,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:3532
        • C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\GeForceNOW.exe
          "C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\GeForceNOW.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3692 --field-trial-handle=2252,i,8421612323652577700,4512506017218035414,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
          2⤵
          • Executes dropped EXE
          • Checks computer location settings
          PID:3104
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://login.nvidia.com/authorize?response_type=code&device_id=084ed6552eb9d3f3634f223c5f6a8856d42264077e13b3601771c4f6cfa83892&scope=openid%20consent%20email%20tk_client&client_id=ZU7sPN-miLujMD95LfOQ453IB0AtjM8sMyvgJ9wCXEQ&redirect_uri=http%3A%2F%2Flocalhost%3A2259&ui_locales=en_US&nonce=ff96ce51-db7e-4e3b-bc19-e13d91561ac9&prompt=select_account&code_challenge=cckXJpdVXecqTKouxeYVEIjJCgW4ijvdZcAagB27rLs&code_challenge_method=S256&idp_id=PDiAhv2kJTFeQ7WOPqiQ2tRZ7lGhR2X11dXvM4TZSxg
          2⤵
          • Adds Run key to start application
          • Enumerates system info in registry
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:5364
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd89df46f8,0x7ffd89df4708,0x7ffd89df4718
            3⤵
              PID:5384
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
              3⤵
                PID:5568
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
                3⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:5592
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
                3⤵
                  PID:5712
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
                  3⤵
                    PID:5848
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
                    3⤵
                      PID:5892
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 /prefetch:8
                      3⤵
                        PID:6048
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5732 /prefetch:8
                        3⤵
                          PID:1796
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
                          3⤵
                            PID:4232
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
                            3⤵
                              PID:2548
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
                              3⤵
                                PID:4808
                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                                3⤵
                                • Drops file in Program Files directory
                                PID:5224
                                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff62a825460,0x7ff62a825470,0x7ff62a825480
                                  4⤵
                                    PID:4564
                                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
                                  3⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1436
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5140 /prefetch:8
                                  3⤵
                                    PID:6132
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3544 /prefetch:8
                                    3⤵
                                      PID:1620
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
                                      3⤵
                                        PID:5352
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
                                        3⤵
                                          PID:1404
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
                                          3⤵
                                            PID:5072
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6288 /prefetch:8
                                            3⤵
                                              PID:5248
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
                                              3⤵
                                                PID:700
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6568 /prefetch:8
                                                3⤵
                                                  PID:3896
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6100 /prefetch:2
                                                  3⤵
                                                    PID:5212
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5616 /prefetch:8
                                                    3⤵
                                                      PID:4904
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5068 /prefetch:8
                                                      3⤵
                                                        PID:1540
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5712 /prefetch:8
                                                        3⤵
                                                          PID:2360
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1528 /prefetch:8
                                                          3⤵
                                                            PID:5764
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3952 /prefetch:8
                                                            3⤵
                                                              PID:1220
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1464,2169284923861033487,6826060490735983895,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5688 /prefetch:8
                                                              3⤵
                                                                PID:4236
                                                            • C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\GeForceNOW.exe
                                                              "C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\GeForceNOW.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --no-sandbox --log-severity=info --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\debug.log" --mojo-platform-channel-handle=3496 --field-trial-handle=2252,i,8421612323652577700,4512506017218035414,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                              2⤵
                                                              • Executes dropped EXE
                                                              PID:2284
                                                            • C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\GeForceNOW.exe
                                                              "C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\GeForceNOW.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --log-severity=info --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=UAAAAAAAAADoAgAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\NVIDIA Corporation\GeForceNOW\debug.log" --mojo-platform-channel-handle=3612 --field-trial-handle=2252,i,8421612323652577700,4512506017218035414,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2
                                                              2⤵
                                                              • Executes dropped EXE
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              PID:5216
                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                            1⤵
                                                              PID:5732
                                                            • C:\Windows\system32\AUDIODG.EXE
                                                              C:\Windows\system32\AUDIODG.EXE 0x314 0x424
                                                              1⤵
                                                                PID:5260
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
                                                                1⤵
                                                                • Drops file in Program Files directory
                                                                PID:2476
                                                                • C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir2476_1363503560\msedgerecovery.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir2476_1363503560\msedgerecovery.exe" --appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062} --browser-version=92.0.902.67 --sessionid={905ab23b-3400-40e7-b438-573060106b45} --system
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  PID:872
                                                                  • C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir2476_1363503560\MicrosoftEdgeUpdateSetup.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir2476_1363503560\MicrosoftEdgeUpdateSetup.exe" /install "runtime=true&needsadmin=true" /installsource chromerecovery /silent
                                                                    3⤵
                                                                    • Executes dropped EXE
                                                                    • Drops file in Program Files directory
                                                                    PID:5692
                                                                    • C:\Program Files (x86)\Microsoft\Temp\EU63F0.tmp\MicrosoftEdgeUpdate.exe
                                                                      "C:\Program Files (x86)\Microsoft\Temp\EU63F0.tmp\MicrosoftEdgeUpdate.exe" /install "runtime=true&needsadmin=true" /installsource chromerecovery /silent
                                                                      4⤵
                                                                      • Executes dropped EXE
                                                                      • Sets file execution options in registry
                                                                      • Drops file in Program Files directory
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      PID:5812
                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                        5⤵
                                                                        • Executes dropped EXE
                                                                        • Modifies registry class
                                                                        PID:2424
                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                        5⤵
                                                                        • Executes dropped EXE
                                                                        • Modifies registry class
                                                                        PID:1320
                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.169.31\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.169.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                          6⤵
                                                                          • Executes dropped EXE
                                                                          • Registers COM server for autorun
                                                                          • Modifies registry class
                                                                          PID:5172
                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.169.31\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.169.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                          6⤵
                                                                          • Executes dropped EXE
                                                                          • Registers COM server for autorun
                                                                          • Modifies registry class
                                                                          PID:2308
                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.169.31\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.169.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                          6⤵
                                                                          • Executes dropped EXE
                                                                          • Registers COM server for autorun
                                                                          • Modifies registry class
                                                                          PID:1948
                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNjkuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNjkuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTM0MTk4Q0QtOTMwNC00NkQ2LTg0MTAtQ0FCRDkwRDE4MDUwfSIgdXNlcmlkPSJ7NDAzOThCMzItOEJEQS00NDQwLUI1RDUtOTVCM0M5NUM1NTJBfSIgaW5zdGFsbHNvdXJjZT0iY2hyb21lcmVjb3ZlcnkiIHJlcXVlc3RpZD0ie0I1NEMyMjFELUMzMjQtNDAzRi1CN0FELTUzMzhDNkUyRDI0RH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSIyIiBwaHlzbWVtb3J5PSI0IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7bTQ2SzVLNXoxdnZrTkxIcjRjMXgvaENqZTdaUUxkcUt5WjVOd2d6VjNBOD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE2OS4zMSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTk2NTY3Nzg3NyIgaW5zdGFsbF90aW1lX21zPSI3NjAiLz48L2FwcD48L3JlcXVlc3Q-
                                                                        5⤵
                                                                        • Executes dropped EXE
                                                                        PID:4300
                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /machine /installsource chromerecovery
                                                                    3⤵
                                                                    • Executes dropped EXE
                                                                    PID:176
                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                1⤵
                                                                • Executes dropped EXE
                                                                • Modifies data under HKEY_USERS
                                                                PID:6104
                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNjkuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNjkuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTY5MzE5RjYtQUE1OC00QkUzLUI4OEQtOEFCQ0Q4MDNCOUFCfSIgdXNlcmlkPSJ7NDAzOThCMzItOEJEQS00NDQwLUI1RDUtOTVCM0M5NUM1NTJBfSIgaW5zdGFsbHNvdXJjZT0iY2hyb21lcmVjb3ZlcnkiIHJlcXVlc3RpZD0ie0U0NEQ3RjUyLTlDRTMtNEZGMS05M0YyLTcxQjcxNjI4N0FEQ30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSIyIiBwaHlzbWVtb3J5PSI0IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7cVdKU3pXd1BmZGNMUitYR0l2NnhyWmZpWU94aFBVMnMxTldtaldjYUZQZz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iODkuMC40Mzg5LjExNCIgbmV4dHZlcnNpb249Ijg5LjAuNDM4OS4xMTQiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NDE4NzI4MjIyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  PID:3392
                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C4D3FB4E-01C6-43F9-AAF2-FB394C11DD6D}\MicrosoftEdgeUpdateSetup_X86_1.3.171.37.exe
                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C4D3FB4E-01C6-43F9-AAF2-FB394C11DD6D}\MicrosoftEdgeUpdateSetup_X86_1.3.171.37.exe" /update /sessionid "{569319F6-AA58-4BE3-B88D-8ABCD803B9AB}"
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Drops file in Program Files directory
                                                                  PID:4192
                                                                  • C:\Program Files (x86)\Microsoft\Temp\EU27DC.tmp\MicrosoftEdgeUpdate.exe
                                                                    "C:\Program Files (x86)\Microsoft\Temp\EU27DC.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{569319F6-AA58-4BE3-B88D-8ABCD803B9AB}"
                                                                    3⤵
                                                                    • Executes dropped EXE
                                                                    • Sets file execution options in registry
                                                                    PID:6052
                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                      4⤵
                                                                      • Executes dropped EXE
                                                                      PID:6096
                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                      4⤵
                                                                      • Executes dropped EXE
                                                                      • Modifies registry class
                                                                      PID:5816
                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                        5⤵
                                                                        • Executes dropped EXE
                                                                        • Registers COM server for autorun
                                                                        • Modifies registry class
                                                                        PID:5072
                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                        5⤵
                                                                        • Executes dropped EXE
                                                                        • Registers COM server for autorun
                                                                        • Modifies registry class
                                                                        PID:2788
                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                        5⤵
                                                                        • Executes dropped EXE
                                                                        • Registers COM server for autorun
                                                                        • Modifies registry class
                                                                        PID:4056
                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNjkuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTY5MzE5RjYtQUE1OC00QkUzLUI4OEQtOEFCQ0Q4MDNCOUFCfSIgdXNlcmlkPSJ7NDAzOThCMzItOEJEQS00NDQwLUI1RDUtOTVCM0M5NUM1NTJBfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7QzU3MDNGMzQtOUVFNS00Q0VBLUFDMTAtOENDODdFM0VCMzIyfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtxV0pTeld3UGZkY0xSK1hHSXY2eHJaZmlZT3hoUFUyczFOV21qV2NhRlBnPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTY5LjMxIiBuZXh0dmVyc2lvbj0iMS4zLjE3MS4zNyIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjaHJvbWVyZWMzPTIwMjI1M1IiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRldGltZT0iMTY3MjQ4Nzc3MCI-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjQ2Njg1ODA4MCIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                      4⤵
                                                                      • Executes dropped EXE
                                                                      PID:4924
                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNjkuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNjkuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTY5MzE5RjYtQUE1OC00QkUzLUI4OEQtOEFCQ0Q4MDNCOUFCfSIgdXNlcmlkPSJ7NDAzOThCMzItOEJEQS00NDQwLUI1RDUtOTVCM0M5NUM1NTJBfSIgaW5zdGFsbHNvdXJjZT0iY2hyb21lcmVjb3ZlcnkiIHJlcXVlc3RpZD0iezcxMTBENjUzLUVBQzItNDI0NS04Qjg0LTFGMEY4QTg2M0FBRX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSIyIiBwaHlzbWVtb3J5PSI0IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE2OS4zMSIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzciIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iUHJvZHVjdHNUb1JlZ2lzdGVyPSU3QkYzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNSU3RDtjaHJvbWVyZWMzPTIwMjI1M1IiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY0MjkwNTgxODEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjQyOTQ1NzY3NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjQzNzIyNzgzNiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzU3YmQ0YjNiLWZkMDItNGUyNy04NWRkLTVhOGU2YzQwN2I2Nj9QMT0xNjczMDg5MDIyJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUR1c0hKQVNNa2tGUzE3ZXRrSVM0bWowMGQ2d0ZGdVBmbk1rJTJiR0g4alpWc0dhV1dOWENnV0d5RjNKMCUyZlVGcHNaakV5VFVMRjVLd05jOU43VUdnSWJjQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSI2Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY0MzcyNzc3NzMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzU3YmQ0YjNiLWZkMDItNGUyNy04NWRkLTVhOGU2YzQwN2I2Nj9QMT0xNjczMDg5MDIyJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUR1c0hKQVNNa2tGUzE3ZXRrSVM0bWowMGQ2d0ZGdVBmbk1rJTJiR0g4alpWc0dhV1dOWENnV0d5RjNKMCUyZlVGcHNaakV5VFVMRjVLd05jOU43VUdnSWJjQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2MDYxMDQiIHRvdGFsPSIxNjA2MTA0IiBkb3dubG9hZF90aW1lX21zPSI0OTEiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjQzNzQxNzc0MSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NDQyOTQ3Nzk4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iMTQwIiByZD0iNTcwMyIgcGluZ19mcmVzaG5lc3M9IntCMDQ2NTY0Qy03NkRBLTRCMDctQjVFMy0yNzUxNEJFOTk3NTF9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkyLjAuOTAyLjY3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzE2OTYxMjYxODIzNDU4MCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSIxNDAiIGFkPSItMSIgcmQ9IjU3MDMiIHBpbmdfZnJlc2huZXNzPSJ7NDE4MEYxNjEtMTY1OS00MDJDLUJCQ0UtMTVCNDFFQzE1NTdCfSIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  PID:6080
                                                              • C:\Windows\system32\AUDIODG.EXE
                                                                C:\Windows\system32\AUDIODG.EXE 0x314 0x424
                                                                1⤵
                                                                  PID:3432
                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                                  1⤵
                                                                  • Executes dropped EXE
                                                                  PID:560
                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                  1⤵
                                                                  • Executes dropped EXE
                                                                  PID:4168
                                                                • C:\Windows\system32\werfault.exe
                                                                  werfault.exe /h /shared Global\834927ca88fa479c9450e1fb56c90be6 /t 2216 /p 3216
                                                                  1⤵
                                                                    PID:5640
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                                                                    1⤵
                                                                    • Adds Run key to start application
                                                                    • Enumerates system info in registry
                                                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                    • Suspicious use of FindShellTrayWindow
                                                                    PID:1884
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd89df46f8,0x7ffd89df4708,0x7ffd89df4718
                                                                      2⤵
                                                                        PID:5024
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,8429779610444452933,6360224653108712107,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
                                                                        2⤵
                                                                          PID:3952
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,8429779610444452933,6360224653108712107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
                                                                          2⤵
                                                                            PID:1908
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,8429779610444452933,6360224653108712107,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
                                                                            2⤵
                                                                              PID:3948
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,8429779610444452933,6360224653108712107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
                                                                              2⤵
                                                                                PID:5544
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,8429779610444452933,6360224653108712107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
                                                                                2⤵
                                                                                  PID:5308
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2196,8429779610444452933,6360224653108712107,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4228 /prefetch:8
                                                                                  2⤵
                                                                                    PID:208
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2196,8429779610444452933,6360224653108712107,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4304 /prefetch:8
                                                                                    2⤵
                                                                                      PID:5472
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,8429779610444452933,6360224653108712107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
                                                                                      2⤵
                                                                                        PID:6112
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,8429779610444452933,6360224653108712107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
                                                                                        2⤵
                                                                                          PID:5876
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,8429779610444452933,6360224653108712107,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
                                                                                          2⤵
                                                                                            PID:5412
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,8429779610444452933,6360224653108712107,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
                                                                                            2⤵
                                                                                              PID:5928
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,8429779610444452933,6360224653108712107,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
                                                                                              2⤵
                                                                                                PID:5808
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,8429779610444452933,6360224653108712107,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:4316
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,8429779610444452933,6360224653108712107,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:5880
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,8429779610444452933,6360224653108712107,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:4220
                                                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                    1⤵
                                                                                                      PID:5656
                                                                                                    • C:\Windows\system32\mspaint.exe
                                                                                                      "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\CloseFind.jpeg" /ForceBootstrapPaint3D
                                                                                                      1⤵
                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                      PID:432
                                                                                                    • C:\Windows\System32\svchost.exe
                                                                                                      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
                                                                                                      1⤵
                                                                                                      • Drops file in System32 directory
                                                                                                      PID:2924
                                                                                                    • C:\Windows\system32\OpenWith.exe
                                                                                                      C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                      1⤵
                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                      PID:1304

                                                                                                    Network

                                                                                                    MITRE ATT&CK Enterprise v6

                                                                                                    Replay Monitor

                                                                                                    Loading Replay Monitor...

                                                                                                    Downloads

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0000.ui.forms
                                                                                                      Filesize

                                                                                                      59KB

                                                                                                      MD5

                                                                                                      3aafce189f3992a58c8d31c961cd988f

                                                                                                      SHA1

                                                                                                      5a14a41969d31477492db29d086eb342e75cd853

                                                                                                      SHA256

                                                                                                      b9890936cff08e12dea5149b5e42f19f4ab8cd6e1bef19d0e22726bc4ae0644d

                                                                                                      SHA512

                                                                                                      e1c6455b4598d951fea5baad13084454867966803e8ba080fb8d17cdcbc080e4c7c3046acc23c67baa3da67d3463ecceab1acb61cb29eec946ce0c693fe02021

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0000.ui.strings
                                                                                                      Filesize

                                                                                                      909B

                                                                                                      MD5

                                                                                                      8da5bcd7f20228fc0c81eb6fb16fed47

                                                                                                      SHA1

                                                                                                      7ff9baeb7e1ca32a95869f57b2a8818203875a90

                                                                                                      SHA256

                                                                                                      128f802f1738531c04eb386b9d6f7baa52d39162e17a317d6aeda831feb8b3e2

                                                                                                      SHA512

                                                                                                      6f03014ea02e2f1922500abc206f2825058d4f6da8d6014853bd82828c9e51140e9e23916389ea071f78488ae095468dc5f8be138f2c50f660447478a645731d

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0401.ui.forms
                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      cbbc529887e943e8a949e8aed2eef816

                                                                                                      SHA1

                                                                                                      6c2dbbf164ae02a771ee3334732d39a32a775ba8

                                                                                                      SHA256

                                                                                                      d699296ee3a3c69fec4361ad3e985f657b27f131dffa4a251afe7a0e94674c5b

                                                                                                      SHA512

                                                                                                      e1c15e289dfaf5aae9864ec0f08eedb43ea065d52c0ef5f5e1938b8edf3f60bdc7febb93274d46579e1e6c940d2d7eabb9699b1c386bf94005ddbd6d4aab2440

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0401.ui.strings
                                                                                                      Filesize

                                                                                                      11KB

                                                                                                      MD5

                                                                                                      cb9d66c5df2ae3ad2524ee608775152a

                                                                                                      SHA1

                                                                                                      345861692b2450a77dc078978daa3ac2b73f9581

                                                                                                      SHA256

                                                                                                      5c24ab18a9fad7a73fb1ffe649d34cb03c2bf1d24ea83b9fbcd9e36c8953ee98

                                                                                                      SHA512

                                                                                                      b825b9ddc9644ede5021000b227c55fcac1c0c255b548cfef62c8a0c10b694c87aec56f78d8c65320db5b5de7d98a356cb90e4542194db288643df6fc378b448

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0404.ui.forms
                                                                                                      Filesize

                                                                                                      3KB

                                                                                                      MD5

                                                                                                      69180a173c2dafae169dad3b0de0735f

                                                                                                      SHA1

                                                                                                      ba65470681d85bda3676b3e3f647a33a183dd795

                                                                                                      SHA256

                                                                                                      498a062671ae9c1733038a307a0545a5c0d648c5393de848231c44d90c3a3718

                                                                                                      SHA512

                                                                                                      a9d7e301ce7f843d835eade5e574a59d5deceaeb3055b82709b15c73657e69f301d7cab423e6a4ac5543e3ebbcd0d7c0bb039983e8592e661b8e25d0d6ed6c4c

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0404.ui.strings
                                                                                                      Filesize

                                                                                                      9KB

                                                                                                      MD5

                                                                                                      98302c1a23ad15ce6265c6353f114d0a

                                                                                                      SHA1

                                                                                                      1719c5698e297dec1c31a6f72f955b465ae2595a

                                                                                                      SHA256

                                                                                                      673c752874b02427975d2f45e4b4bc013f289684cde9d76461730fd2d68a7c86

                                                                                                      SHA512

                                                                                                      70d7820f233a1f78059d05d43a6b72ebcdc4c8360de4e0fc4ce6afa442f7dc58fc8994af0928d8e1517f5c62ad2079878a21268ff0b9e0ca3fd71c2b46a11431

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0405.ui.forms
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      2f96bd445b3b1f9dd9dbc08721d8fe4b

                                                                                                      SHA1

                                                                                                      53b504ee3117979971f6ff01cd489df4973c0364

                                                                                                      SHA256

                                                                                                      6a3195b90fc3c581b4fb555808e2f293033d7b2dadf44e819ecb038256313cdc

                                                                                                      SHA512

                                                                                                      024a3295b0e4d048f773c3e77b0ca494a82d730211fd372625d8692a26d6e3546cc51be8a437d4c6ad0974cb0b075b334795be764fe148f812f755c6367171dd

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0405.ui.strings
                                                                                                      Filesize

                                                                                                      10KB

                                                                                                      MD5

                                                                                                      b28a78a0d2e47e8c291e68bdd3d91ac6

                                                                                                      SHA1

                                                                                                      4580130d8d90297c4bf9ba6db8776ce106654d9b

                                                                                                      SHA256

                                                                                                      385823a9c35b57a4f647b45c4781656216c8f7c315c75eaf74b89f33905d016f

                                                                                                      SHA512

                                                                                                      5cb6f7d453143a5dcb123354148e38accae016eb49c2d2321c1178672ce8824c8e9bf88fd90d678cdc679cb5024884680c731a112d4873f0eadb05fbce66d90e

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0406.ui.forms
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      dd8461328a26a103e74dc1b85785e4a7

                                                                                                      SHA1

                                                                                                      fa27d2a8ad3c4653fd3c2ff42d396181244caa15

                                                                                                      SHA256

                                                                                                      723a86b03f52112aa9921e9bbacb38b781fc2e3a5bf96d6fc1ccfa598b037fe1

                                                                                                      SHA512

                                                                                                      961a4aed7445fe096e2391449b16fb0f252db5dd1893ea149a16a994ae2a7987c4a63ec06e014fffeaca27c9fceae37a0f4fa04749f14a8264fb75e6ffe7f6d8

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0406.ui.strings
                                                                                                      Filesize

                                                                                                      10KB

                                                                                                      MD5

                                                                                                      0bc80f6dbd8e55385e5c32121d960358

                                                                                                      SHA1

                                                                                                      4937edc766c7b97f2018359b4828de728cf18b32

                                                                                                      SHA256

                                                                                                      9468c2677837dcc36928a301cc4f14fa5467fdece3f615d07d94dca08b32c14a

                                                                                                      SHA512

                                                                                                      f655d0b0d682d853a88303893106e640af8a747479f7b1ee2798f10a53ae460c4aa8e7ba79e63205bad27f37cd826fecfb01bd243554c8c89544f7b5183749d2

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0407.ui.forms
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      6910b25e6260652ffa692c5398fd9ff0

                                                                                                      SHA1

                                                                                                      7ccefcde763da8962c855bf6c2da9ddb2954e7e3

                                                                                                      SHA256

                                                                                                      86ae5d9b006321cf673f8cd2a0adf8c4e32c74725b5bd6f50e61bc5b3ba85242

                                                                                                      SHA512

                                                                                                      86f5428da89d5b35a2466386906f39d8d5eb21d48638d1a5590b54d58e7e56e49694ac0317653804e517862478f010f2892097389c74d2de3968999247761068

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0407.ui.strings
                                                                                                      Filesize

                                                                                                      11KB

                                                                                                      MD5

                                                                                                      9822a77f8cdea05e481558b77e6dc34c

                                                                                                      SHA1

                                                                                                      0183dd53dd38ec43e77173d2fa97bb8ff6bc1a6a

                                                                                                      SHA256

                                                                                                      9f03201779ae43b5ed99de6c1284f7dd47246ca483216fcd9f7afddf151b1415

                                                                                                      SHA512

                                                                                                      6c22a1ce43540780c437d37aee9513f006e94f489b7eea0a47137e92ee8ab639b0ba88ece08a3cacfc1f5164c75de0289114aa388ee9d6470316c99c2b9d510c

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0408.ui.forms
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      4a2c8fb002590664b61c667a67cade69

                                                                                                      SHA1

                                                                                                      e49541014338ec5c7ee1158072214a101b7cd3ca

                                                                                                      SHA256

                                                                                                      fcee16845b6858aacbd13de9f38e33a85096caf6db0414cbc04a601bc76398d5

                                                                                                      SHA512

                                                                                                      f684937e13b8144a2200b9775fb09312bb650b92bf310adb04f88bcf563537e99fcdf766bc45af9403aa4d183c492e3a312631ed846586b908cd95f37fcd0dbb

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0408.ui.strings
                                                                                                      Filesize

                                                                                                      14KB

                                                                                                      MD5

                                                                                                      226c605629babdb948eb695c49300084

                                                                                                      SHA1

                                                                                                      c24bc5aa38ae25eaa3410f3c7dce2ab67eb2cd98

                                                                                                      SHA256

                                                                                                      697035f886a98863de94d676006495fc8f3483d50670332a14c2b192e32935f6

                                                                                                      SHA512

                                                                                                      66f4c887fb0e454cfd2c32a0171489e07638bcb3655baec69718b1cb23eeb7a14afe2f3947b1bf70d36bd21b9c129f4beca28984f2d52a075ae2ab53ba8223fd

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0409.ui.forms
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      32bc7d4032b1eaff45478097ea11b681

                                                                                                      SHA1

                                                                                                      4942e686e50ea4cec72a270195c497c7b621b2e1

                                                                                                      SHA256

                                                                                                      faaf2ff83d6703027645e8c35d8b69b04c3d8ea0d7e38ac36323cc13c11e5c1c

                                                                                                      SHA512

                                                                                                      1cbba92da294b465daf3a483fd8396c324268253ed7e8cd33df9b17056fe6ca553dbcee212f481f2ba9d4f6191e2e40d8223b7b86af5593af01408a59a9a97cc

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0409.ui.strings
                                                                                                      Filesize

                                                                                                      9KB

                                                                                                      MD5

                                                                                                      f511e9512be0f6c486445fe25f93a397

                                                                                                      SHA1

                                                                                                      72f435f48b8769a78a84fc3b90e64056bac169fb

                                                                                                      SHA256

                                                                                                      b6930df4f2c4e255c0db36900da903474697d5e13fd95215c9aa47a828943c86

                                                                                                      SHA512

                                                                                                      db24c585fc5f552cd87f4e365afed88ea0b7bb173b0cfa2b34ac96366d900c251279f7515607815b47e8840a49f2f17361182b0223225f3e7c057e54c653978b

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\040a.ui.forms
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      8949b90feeb57bc047d67a8cb92b180a

                                                                                                      SHA1

                                                                                                      b639dab833856433f4e468ac5bf98761a4c027a9

                                                                                                      SHA256

                                                                                                      16ebd60b015fb384ae98f1f1e6ad91cc694c2c5086fd2c101d2fd45bf549bd11

                                                                                                      SHA512

                                                                                                      74f9f3d22400c3eba877bce1f72528744eb5a1a6bad796301f9d0b1acc10fbf269120fbc1d0f3481b4161f165bb455cfe00249f3ff991a905625644b9700e15b

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\040a.ui.strings
                                                                                                      Filesize

                                                                                                      10KB

                                                                                                      MD5

                                                                                                      74f1140e288cc7b9f52cb22c864151fa

                                                                                                      SHA1

                                                                                                      a2054fee86beeba036ee997682a327e86a527812

                                                                                                      SHA256

                                                                                                      6086ea5d3744d1f16c8920d74df59e8cf609031975a60a4232e27b135567d8da

                                                                                                      SHA512

                                                                                                      5e35d8eaaa85545b889bc1f384d0b10a3ca739f9476a9a966eb14326fc000ea817cd0d3ae734f0a3b9db93ff58d19808e5ac842d87ddb40db65b702765f9ecb3

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\040b.ui.forms
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      f0e086d0dedc296db050e016c611d067

                                                                                                      SHA1

                                                                                                      4dcc64f06372d554c0fa8357ee833b3472085bea

                                                                                                      SHA256

                                                                                                      4b0909c40187e50036e0f6b2d97a524d548eb0264e310e7d2fe49f2663852339

                                                                                                      SHA512

                                                                                                      bb43a962ddc3b9b05deebb23ae208bcd1f519e789eaa4724af5d8f7c4fec6ec1b54c10a4db9ade200e0019b610765dd7e08ebdf9ca80529fa219d2982dae7ce4

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\040b.ui.strings
                                                                                                      Filesize

                                                                                                      10KB

                                                                                                      MD5

                                                                                                      9b9803dfd61df3d7d068b8484fbbb5e0

                                                                                                      SHA1

                                                                                                      0f32a99141a3034ea9e964d365d70f9668614156

                                                                                                      SHA256

                                                                                                      ad6589d8efd1c18d70ace8e713f66ea1f3d6df8d0c80b38d9b3e26f9f2f7da67

                                                                                                      SHA512

                                                                                                      3c07e6e15d3ff955d71b5722deab2d6532425aa744616484cd5cd9d7fd46d2861fffbb3c93563b558201e4a285f43649a1eca695a9194359bf06fa6ff8e848ed

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\040c.ui.forms
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      ab2555d742e57bf6727f5ce0cd52e518

                                                                                                      SHA1

                                                                                                      cb0a496f39d7be38677c75fb7dd6f5a0fdfa7d02

                                                                                                      SHA256

                                                                                                      18a82fcba664ce9bbf26d108d3d80add020364eaaf3f20e9f58604605226890f

                                                                                                      SHA512

                                                                                                      f36e5b83bb1f8902045769a43774bd592e56145f5497fd5ab63e3feaa99ae7bc33875e1c86426ee7b4af67bcdd815d62ab9edf695e591af1f1981feac51b4fb5

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\040c.ui.strings
                                                                                                      Filesize

                                                                                                      10KB

                                                                                                      MD5

                                                                                                      d22e7e53b9bc7cf617bd651adfbea8e9

                                                                                                      SHA1

                                                                                                      479a48fc0e5f9e74b0094acc1c2999e2fbff0cd8

                                                                                                      SHA256

                                                                                                      19b004f476d1acd14ec3134ef634bde4e154a1b5879df8e9bedb5c0629048ee4

                                                                                                      SHA512

                                                                                                      793503782afcf78dc1a13333ad33e352c8a9db9ad150fb5f09ff58e158a414fe67b08edbd1e7129f0fa76f7f6a5599ef584cf420141222c5bcb358546a47b3e3

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\040d.ui.forms
                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      4576567fd5fafaa3ac36742b226a35f0

                                                                                                      SHA1

                                                                                                      76952b84dc806aaed267efbe4862abdc8952e40f

                                                                                                      SHA256

                                                                                                      612bfebac27bbf0efda2f26021ba6f7f81f67e8829a234c4b25c5efb005567f3

                                                                                                      SHA512

                                                                                                      f39b5521d5fc8c104d500a2f3efd1430056170700f762969cd79b09b245e77d72721baf84e21d2bd801f6f8800a75de5a68253effb31b801aaf90943ffc5cb59

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\040d.ui.strings
                                                                                                      Filesize

                                                                                                      11KB

                                                                                                      MD5

                                                                                                      d9faa3a4aad6532a96a8db184aa4d940

                                                                                                      SHA1

                                                                                                      bb21188f311ce91a0f097045831266c9f1bd99eb

                                                                                                      SHA256

                                                                                                      2d30997468f63fb80da83642c3fa4ea7b40a7a2dbf1abbda5decf169735873fd

                                                                                                      SHA512

                                                                                                      fdb627ebf8e2b78ffd61e521c3a1f47aff0ba5e03bf2d0f09ae5dbb3bf00e5728e67292e717b556e6e0a95f3583a93629b07705032f3dec816f23e8ee2cb1173

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\040e.ui.forms
                                                                                                      Filesize

                                                                                                      3KB

                                                                                                      MD5

                                                                                                      4787cbaf634ac454c8e569c29359f36c

                                                                                                      SHA1

                                                                                                      9e495bde0dafa7e776f2a18650a696ee0f1d0800

                                                                                                      SHA256

                                                                                                      eb953b18d16530a1764d821c7ae494bcabc0335db24468095fc2d5a4ed5e3bcf

                                                                                                      SHA512

                                                                                                      6292e41f0597e38bab6db7ee09e3b053120a4ebc9fe8bfb78774e2677fbc6a3bb829f1a12539670422340fbadc41aba79c1da9941eaf97effa5f615d8ddc70e6

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\040e.ui.strings
                                                                                                      Filesize

                                                                                                      10KB

                                                                                                      MD5

                                                                                                      fd3788a10b27747ebc49495bd8810836

                                                                                                      SHA1

                                                                                                      3bbf8e8f98bf4ca08b17cb791c994f74ea4965c4

                                                                                                      SHA256

                                                                                                      459121222fe1e10a092222a56e5b925c413e8af59dea08140534c0dd7f87ec02

                                                                                                      SHA512

                                                                                                      2b13afffbb1e0d724b8bc8280dbccf37103622444afe87c4010c834fe35e27ddc16a29c4dd70fb74fdaab592df80f25e4c7269e0654b305dcdc5f2a906121bbe

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0410.ui.forms
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      98a4cd34bba936f03a97be0293c2188b

                                                                                                      SHA1

                                                                                                      b7b4d2ed8f54c71b30795aba0b3bf875ad1a08db

                                                                                                      SHA256

                                                                                                      abdf34427a9aab30a0195ef05332aa23fdd5fca7791a664b9d38a75613b6bd26

                                                                                                      SHA512

                                                                                                      4cde014675d9adf130cbd992dc71eb2bafc9fdf86b594f12e9869d98902d4eb7e2e8e0764788fdd05b3d82f8f43164320433bc3c4db9294a49f34b76a1bf20e1

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0410.ui.strings
                                                                                                      Filesize

                                                                                                      10KB

                                                                                                      MD5

                                                                                                      5434a41f44ae5f2f4361a23acb4b2d5c

                                                                                                      SHA1

                                                                                                      78326768a42e34bd99ade1fbee5034dcc8485ff3

                                                                                                      SHA256

                                                                                                      70c567f7cc109d56e0e8aac6e9c32094a81a150d46e8436fc4df3e0937b3c6fb

                                                                                                      SHA512

                                                                                                      266e8bbe8b6064cf13f4b5fbfbd19e86b688084e17cb7dd3138c92275bcce0426d6ef4f511fff77e5ea3d10d63ce7861f0369698651251992ae4a0b3858a544d

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0411.ui.forms
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      5704cf4a0e81aa548b9e6ea0b181f842

                                                                                                      SHA1

                                                                                                      e594a8a373e12cd13215bc5fc5f98fef56da7ecc

                                                                                                      SHA256

                                                                                                      5b85ef78a5f0e9a2f536029f4fceeaccfe72225d3986ec99153eb1543dff48ec

                                                                                                      SHA512

                                                                                                      79aaa438f0ceed648f4053ca1f01d4e8bc67df72c49a8e057ec8e0b8ae532ceb5354d67385d231ee02d2f1ade21be203b48fe31a3288c28f64ddfc2a478edcaa

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0411.ui.strings
                                                                                                      Filesize

                                                                                                      11KB

                                                                                                      MD5

                                                                                                      c9e0be8a472b534cd013c73ecae16f6d

                                                                                                      SHA1

                                                                                                      274b8c9d9b9e68701379db6ec820608001927915

                                                                                                      SHA256

                                                                                                      c1046b20ffce5eea7feb9b021af32663eda2b11f1d938b9cbed779f13029706b

                                                                                                      SHA512

                                                                                                      dd5d025a3a0395370198e20d5d8ebf212f976857b29b5a777e173f99548f756d1b4e78ab73dca52540833b0c553e777cb5b21a23c40963f9f77009ac7098114a

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0412.ui.forms
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      a73d4c075883f1fd08c1d7829e58ebd6

                                                                                                      SHA1

                                                                                                      0019254187abdda373ad5d6a7613618e8a72d4d6

                                                                                                      SHA256

                                                                                                      1d57dc87be1bf8094173e71ef5ef8110a81a98d56edf7e4c9b7fd64dcfc3140f

                                                                                                      SHA512

                                                                                                      35561a83bd3b3cc0b5ac9b8b8f2ad4c7d8407988cf60d7eeb5fd0c0bee547de6e8c3a7861aada99a623949135790ee313f10103365f987157b033a5769dabf08

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0412.ui.strings
                                                                                                      Filesize

                                                                                                      10KB

                                                                                                      MD5

                                                                                                      a43a8c95e21abd644d4e8ce9f6e3c3d4

                                                                                                      SHA1

                                                                                                      81c0bdd0af4c29239f27d43f92eb50d9eed5419f

                                                                                                      SHA256

                                                                                                      b699439dfb8d3a389b6e51d6da91a60fb0f9c7a460a8a771a579c9a7382e63cb

                                                                                                      SHA512

                                                                                                      9f61b0bf7c228d9d2ca064e56d87c6af5824219c43ec4c35bd97ebdda3d435e60e137bdb650cbdae03da37f3f0106b9322926bfd81b142541b02315ee1528d1b

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0413.ui.forms
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      325817a823f9b8195af24a3722a449cb

                                                                                                      SHA1

                                                                                                      0cb532388c7823fc9319748286ccf7393d4e77fd

                                                                                                      SHA256

                                                                                                      2a24672580ab6af525b04767c72e4f333371ca4f830fbcd904864ec248320e44

                                                                                                      SHA512

                                                                                                      5e8ddbf1934d309d8aa3caf1fcc6f0bd95c4124b806e3d148ae3d6bc172b6b60bd042170ec4451b5a93253657bf9939855d796c42a79b2feae69f7369e75f179

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0413.ui.strings
                                                                                                      Filesize

                                                                                                      10KB

                                                                                                      MD5

                                                                                                      6cbd3d0877fd05082b91397a0a864a21

                                                                                                      SHA1

                                                                                                      c770f7c28149764e48b0c681293f72686f61f14c

                                                                                                      SHA256

                                                                                                      2595210c1a5dedf86056f5ab535deeab54a6a5b486fa8d612802b0bd026fe950

                                                                                                      SHA512

                                                                                                      6b921185d7dac064ad14f5fb315c1e5041a60053de382b64e6967e4869c8b9f8aef9c0b37351697c138f613c5f9f8be64a3bcb786e77b963e0e9e38ac66355f8

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0414.ui.forms
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      0ade3ce6aa4d8f21aa62b8ac0d635bc4

                                                                                                      SHA1

                                                                                                      0a47dffca2c3d3fb1f2290d5483391a8a87d7333

                                                                                                      SHA256

                                                                                                      c191e3275de5984547b5155cc9d16b981d0f6d3dbd6cc2d22da74b5a3f1744ce

                                                                                                      SHA512

                                                                                                      aee68e09b24b49412db410f1a7f539a7c2b2ff8209949efe8f87c97fc820b4061c3aa9ae45964533438ad85eda111b8e94c603827708c2bc16c2259b9fad0d3d

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0414.ui.strings
                                                                                                      Filesize

                                                                                                      10KB

                                                                                                      MD5

                                                                                                      d7230603b5b514d21bdfc3bf10dd0c65

                                                                                                      SHA1

                                                                                                      8b67fa374f61743b5dbecc21ccb7d2d0044db46a

                                                                                                      SHA256

                                                                                                      3c46590e59ef05c2f80ca7f61c3243647035c2d92e9992c1df5126f67d631369

                                                                                                      SHA512

                                                                                                      9e15dde2faf07e0686fd7e1fcec4d2884da0bd68f1af1f656061459de540bd9de8379dc3ad3f72a2a0dc17a010fef47d084aa0deb7dd2273a861b26ee1750bbb

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0415.ui.forms
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      6920ca24df5f26a2588c0fe4dd4505b7

                                                                                                      SHA1

                                                                                                      f44b01faf2f221a6a91429d34fef6d3f87d18d56

                                                                                                      SHA256

                                                                                                      97de013bc97a0bea8f34ef19d92baf872ca2e58cf6caeefd4802e5f41c71ef9e

                                                                                                      SHA512

                                                                                                      c5692be9dcedcde80948c6dd1bc49ec8275073572a24566621fb7c59779f4f6298566b66c26a6d1821a98d0fad3cb89f1b455f826f787125fd2951f621379e8a

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0415.ui.strings
                                                                                                      Filesize

                                                                                                      10KB

                                                                                                      MD5

                                                                                                      b47ad3c8df8000225ba2ecc02a1509c4

                                                                                                      SHA1

                                                                                                      b45c0331d6f6796488da449816ddd1e67e3ee292

                                                                                                      SHA256

                                                                                                      51d7752d00618416d344e7b3ab8ec763f58bcaa46513223a5f7625f2ad8b26b1

                                                                                                      SHA512

                                                                                                      db9a6e84ef5c0ce20b6bdf437edab1d6f77ca02b27cf1e4d17f86d54b4da41e75f22a5bd12307f1b7492a3acb0bbdd482df85f39a2b668d6f4dbd63e4c39318b

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0416.ui.forms
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      84050c6d2c47c44caa914df553c7df23

                                                                                                      SHA1

                                                                                                      c1fb32c181254658dd34b6170422d4fc2703321a

                                                                                                      SHA256

                                                                                                      bd5de1cdaac1542b2b350db073206189b45872ded7ec0ee7482679cc1da294e7

                                                                                                      SHA512

                                                                                                      f140f02c9de769d6712f74e5ce3a27e98aa7f35f4728ac8672de4342e840dca79a6efa0777528f9da6ea39c81b273c3f557435d8a47de06e41016e9bcf926515

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0416.ui.strings
                                                                                                      Filesize

                                                                                                      10KB

                                                                                                      MD5

                                                                                                      c09b08645af85f2a08e620440c951063

                                                                                                      SHA1

                                                                                                      07c04b0ce9478aac5224c9a166e072e3c054db9f

                                                                                                      SHA256

                                                                                                      f48d4798cfffe7cb5dcc6de06556269c70b1592aea748b7e6400b061ad87bd13

                                                                                                      SHA512

                                                                                                      e81080bb104cac98ea82cf6c6b6953430aa7981de1cb59bea5c08a1a87d134c07d4a24f9a8fdc44663114c65b9f64e18959604f379357129d773c89389b3d764

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0419.ui.forms
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      064ba400ad7b408c6fab99c210fcfa6a

                                                                                                      SHA1

                                                                                                      99b0c55c6dc0761973d871da506fac1feb0e4c59

                                                                                                      SHA256

                                                                                                      2902a77d6290532256ab8eb50fdfe9655b356ade4781f5f90bb206f85d476136

                                                                                                      SHA512

                                                                                                      7ee00bd973b6df058f751d54df9764be5261963553e61b91c2c1a40b9b87c9a833eb6312f13a8b8823ef68e1ee9f9a9c8dfe4283e74a1c3735126b68e797fd48

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0419.ui.strings
                                                                                                      Filesize

                                                                                                      13KB

                                                                                                      MD5

                                                                                                      b43e7dee5141230579aa0f2dec46c862

                                                                                                      SHA1

                                                                                                      8530fad499f95422211cac4db2aa87a658a594d5

                                                                                                      SHA256

                                                                                                      8e44d8570a8f285cb3b29e40b389fe7782925880cb33579e0fb8713c28b79b15

                                                                                                      SHA512

                                                                                                      7e9efb0c61e2b9d6938809298c067029ce80a1f92910e31f0cbe292ac6fc6d2aa7e7d10b0d07fc2ef5ef5a2f386d2c20e1268f6e744f11d194cf95b2a03d23aa

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\041b.ui.forms
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      400c43cccfed25a60ddd69463b584e89

                                                                                                      SHA1

                                                                                                      7d99002c397c12eb7d7d97d94ff90fe61ac0830d

                                                                                                      SHA256

                                                                                                      ad52d930a005c3917671158d5d99ab7d4687b9c2118f5dfe24131fca35ade635

                                                                                                      SHA512

                                                                                                      b41f31075c653449e79b887482c49a670ce20e76d3a1d41eb6f0d18956546ce350c7580fc774763fdd2031c0c2f2d260a3e3791d8a170f342312571d2d063af0

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\041b.ui.strings
                                                                                                      Filesize

                                                                                                      10KB

                                                                                                      MD5

                                                                                                      4c615cfef7a04a3f8d927b5159dfdd48

                                                                                                      SHA1

                                                                                                      5a8e955dc66b6068c2731a6f0f3f48f487542e91

                                                                                                      SHA256

                                                                                                      8b12a11203931e6ec76040722b68b3b776fa3393117ff516b5e202d35b11d2e2

                                                                                                      SHA512

                                                                                                      06b05acaaae212ae9ffa31a6b56559e836521b4574f387afe5d1f2d7654efc232af508bf1f5a314d8c8adc6a3ed92e3e84d7806f7dcf39a4138a7439234dac90

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\041d.ui.forms
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      4872f9a1ad05ba286cb37c6766ef11e8

                                                                                                      SHA1

                                                                                                      27c6253bcfa84d759b84f43241d593cc797e0a77

                                                                                                      SHA256

                                                                                                      76fb1ab42c8a51a80a98a215e9424c43d3fe2a30c97b57275d2ef8e24f702b5b

                                                                                                      SHA512

                                                                                                      18037a7e75b7d1eb19a7d56ca9628a5221503ea634eb66bf137f731ba38c6d4a49123d72e6e9f9d877a9079cfeac4ae544d097de6adde63e4ee3edebd47e218f

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\041d.ui.strings
                                                                                                      Filesize

                                                                                                      10KB

                                                                                                      MD5

                                                                                                      7d6f06c912b426a4d27fe3f130f86930

                                                                                                      SHA1

                                                                                                      01f9082e850570e033fb86d899b64854ea17a1d9

                                                                                                      SHA256

                                                                                                      639e8b6268b2900a6f600380fa72ed115238b6a811533b81d01bfb23a4be43d1

                                                                                                      SHA512

                                                                                                      34fc3a5e8900a9b34397adce1279c35f1b2c7594a630ee7b2f5d3f6ab8c28543b8fa9a40b4555ef2768a5f1862d83ef257fec07bcf15f5abf03680933e7f6749

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\041e.ui.forms
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      f867a8cc3ef2cf5b0640ad1c17060914

                                                                                                      SHA1

                                                                                                      1c7c41274fbd12ba5ccacfe7e83617ac1b89044a

                                                                                                      SHA256

                                                                                                      dcf8ec7cc142cbefc20dc281f6e3a0f36ebf7e75916812bd885c3762f3483f39

                                                                                                      SHA512

                                                                                                      be4f6681d0d0c67882cf330f197bfca44b538e26bf8587210c60e9d7deca35b4ebf6870ae8575673d09ae744b2d5f870fcfca662c34d293867cb5387f1e71af3

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\041e.ui.strings
                                                                                                      Filesize

                                                                                                      16KB

                                                                                                      MD5

                                                                                                      ebfcf7d25553fade0d29d56f1b2b654c

                                                                                                      SHA1

                                                                                                      6f37190c1e25c3b40abb2afa606052b990600353

                                                                                                      SHA256

                                                                                                      4160177f0731b8adc35b4d3b5951ffab723fc19282f5d75b7037904e7aba4a34

                                                                                                      SHA512

                                                                                                      74609b3dcc69c663c3be54ebc05234ffcb1054dd8d69aab2cdfb8daf5dcca3c47dbdecc920527b3b5c6464a71676facc96869fa60a16e5587e57a8d6c33f537e

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\041f.ui.forms
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      a8ab4e1c991b898b52501b68c93e90e0

                                                                                                      SHA1

                                                                                                      8c84a7139a5e07e36c61154630ee79e6efa4aa02

                                                                                                      SHA256

                                                                                                      8863966eed94e00285ccff00ac1ddaa29dab648ad2a372391c657223baca4560

                                                                                                      SHA512

                                                                                                      28ba514424f4765cbda79bd6aeba047c3b9b17b63101cdf87d405b3f357f2efa8b7419f50d8361b605c688378e6a860dc85e2a333377452cebc8c0a92f19fcd8

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\041f.ui.strings
                                                                                                      Filesize

                                                                                                      10KB

                                                                                                      MD5

                                                                                                      a6db1a7bee55aa547bcb5533b029ab04

                                                                                                      SHA1

                                                                                                      2b82e6c10f7fe07366e4f534ae3e6e227bc8c34e

                                                                                                      SHA256

                                                                                                      0e6b6cf5cfefaa4b6d32e13a4e2363bb7a069d4c5c54bbbb2afd459d0e509fd9

                                                                                                      SHA512

                                                                                                      d55f59c1d76fb3c5e0e7e0039c63468a3d63cf1b24922096f6e4cf754a348d84ce94a72bd01854d74f9377adce373c013ece55aafa6fcb2e31517fdc334fba7e

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0424.ui.forms
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      42b7935ddaf09b3a303a6477ac99a126

                                                                                                      SHA1

                                                                                                      a5a4203dd42e55190407f3780364b5918a5f36b3

                                                                                                      SHA256

                                                                                                      9ad6a7dbdd657f90eacce8faf5d7cd0299154aba43ec6aa82a5d0b9251d4c65c

                                                                                                      SHA512

                                                                                                      312368d788816dc3f0d270610dcaab5c29352e2cfecf6b3915060839f775a3567f8898f1c9d23249e6328d7b0f18691dd1fbc42101210e25e06775cffad46e4c

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0424.ui.strings
                                                                                                      Filesize

                                                                                                      10KB

                                                                                                      MD5

                                                                                                      bfe52982e5c7a46dbc9710dd8ed1a9af

                                                                                                      SHA1

                                                                                                      bb3e8213bdb96c0d21b6aae16399132e5307e38b

                                                                                                      SHA256

                                                                                                      d25c8d6c9d71f448778150ae6301e5838db4ad43abbca278eb2dee6712b1c521

                                                                                                      SHA512

                                                                                                      59c122569c5a0dfca95585809598d9e5fa096d8f6b3f81e4bd8e07210840cfa040b25c0cccab83a674b1c94b2683f084384b0a56e28e00bd907403505d61659d

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0804.ui.strings
                                                                                                      Filesize

                                                                                                      9KB

                                                                                                      MD5

                                                                                                      0330aaed7d27ecb5acaf0eb44ecf3fa6

                                                                                                      SHA1

                                                                                                      64f5e8d0dceca82dac61b8714bea77be1e30bff3

                                                                                                      SHA256

                                                                                                      ac551ee1fa474d2e8e3f63dae29a8bcbcfb28116c5551601046e13392dee93dd

                                                                                                      SHA512

                                                                                                      b004058e0802167763bd86a59468601f8f7c28e63b44544ee642336d6860d54b8b9337dbfa05e0a945e0a97bc0c1afdb35497892550dbaa859db43beabbbc765

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0809.ui.strings
                                                                                                      Filesize

                                                                                                      9KB

                                                                                                      MD5

                                                                                                      93c61b33a4c9c1c70e70b198d13c537d

                                                                                                      SHA1

                                                                                                      39425177f5ed7f32cf21fd7f17b39f32145e4413

                                                                                                      SHA256

                                                                                                      b223ee6a21da162c22424f1d9c6cef64ab1e0b6c7b150411ff211c5847e40df8

                                                                                                      SHA512

                                                                                                      fc24ce4276f2a391893d9af123534e8291138dc2e54033af84ca9cad936a8bee0deee2e1fffc822e14bf56d16c5811c416a723fc4e2706d56bc1fdd47df6c90d

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\080a.ui.strings
                                                                                                      Filesize

                                                                                                      10KB

                                                                                                      MD5

                                                                                                      4c371795014c068008bf2f10c99451ae

                                                                                                      SHA1

                                                                                                      984d56cdf283f78266a09d8dc43989d7f9535139

                                                                                                      SHA256

                                                                                                      93f43d075621d05ea412ab284543baaa495385015f2bdb0a63e6c4417faad285

                                                                                                      SHA512

                                                                                                      d813ea407d0dc60d05a5e35614ffcd2e7c18129b6c44d4f03f058d693995f49ab641da589acaba225897479666f70898d1ed563aee4f8dd7d0cac5845756fd01

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0816.ui.forms
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      a1507dc29615b1e5cde268c4e1977891

                                                                                                      SHA1

                                                                                                      d8d3b8ba25921c43d7ad5af7e3842923327b9972

                                                                                                      SHA256

                                                                                                      b124fe31d5a91d949aa3e27c005fbb1884462a4b5ade7f6b6112b99b0bda1c31

                                                                                                      SHA512

                                                                                                      fdb5546d2925e7e8c19f40c5fca72881392040ea0b0154c190fedeed1c5d9eda333be911d80485644e85b8f0d812bf39ad75a9690cf8a62d5c5797ba24adc421

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\0816.ui.strings
                                                                                                      Filesize

                                                                                                      10KB

                                                                                                      MD5

                                                                                                      14f9bb9d2351e47d60b99b0ad271017c

                                                                                                      SHA1

                                                                                                      28aebdc294ac854a6e4c147044c7f3cdb5a90694

                                                                                                      SHA256

                                                                                                      7dcccd0099fda6d63ebeda443ec78e7a76d051c21687bd40eb3d41865e0b4d14

                                                                                                      SHA512

                                                                                                      2b7ece0a1258e13a57c4820063ecdc893fd3ca11c51073608bf3c8a5c57cbee18612ade75845c9ca624b5e5b5c9f814cfb98c7dbb679c5c634594615490a72a9

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\NVI2.DLL
                                                                                                      Filesize

                                                                                                      6.2MB

                                                                                                      MD5

                                                                                                      22bf53e3bb3d4f9bd9077deb74960341

                                                                                                      SHA1

                                                                                                      3100ad3f4bfcc2af2fdc8b6e5003c5bcc3ffe40b

                                                                                                      SHA256

                                                                                                      d3c37f48b7b88ad63e07bdb82a74c1e90368c8ffdee5daabef22ad95ede7a320

                                                                                                      SHA512

                                                                                                      32857e64e3bdc6334788c35ca365ebb44a8de0acecf375f75563b2e8bfee94bae7f42b5c6f33c44290aecc5a5dadacdf7dec68e9a478f0e063fdac2fd77347ee

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\NVI2.dll
                                                                                                      Filesize

                                                                                                      6.2MB

                                                                                                      MD5

                                                                                                      22bf53e3bb3d4f9bd9077deb74960341

                                                                                                      SHA1

                                                                                                      3100ad3f4bfcc2af2fdc8b6e5003c5bcc3ffe40b

                                                                                                      SHA256

                                                                                                      d3c37f48b7b88ad63e07bdb82a74c1e90368c8ffdee5daabef22ad95ede7a320

                                                                                                      SHA512

                                                                                                      32857e64e3bdc6334788c35ca365ebb44a8de0acecf375f75563b2e8bfee94bae7f42b5c6f33c44290aecc5a5dadacdf7dec68e9a478f0e063fdac2fd77347ee

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\alert-circle.png
                                                                                                      Filesize

                                                                                                      402B

                                                                                                      MD5

                                                                                                      f4f73ea358898c5962bf5a3ca758c5be

                                                                                                      SHA1

                                                                                                      4763e063ded479884abcef4113796fbf27efc500

                                                                                                      SHA256

                                                                                                      137c14a4ce476ce4cf7954ec2c0a609e7456d987b30d51c1041123d5596ce0ee

                                                                                                      SHA512

                                                                                                      fc95de2018a951bf9f7e76daf7d9ada3ad964bb335f9f070f840227422438ec65a61ed3708dc4a2f52e44a4d7e6a3b404b54a0c16f6360c026570a4afc72d900

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\NVI2\theme.cfg
                                                                                                      Filesize

                                                                                                      8KB

                                                                                                      MD5

                                                                                                      e3f864d3989922f7f09ae031a8f4f25a

                                                                                                      SHA1

                                                                                                      2a60d456fdbdc72b103eba8a53e91ced77c7dd4a

                                                                                                      SHA256

                                                                                                      43b814a050ec952f02db1c8936380fc4378b9ee203249233e10f5a5e871f18ee

                                                                                                      SHA512

                                                                                                      a4d0fb8c9464dddd750e56bdcda0157041408e398206e0cb27254e77151557d82fa2f5b682375fab700db664ab391fdb11dbb06b6da49966d9941e695e775f87

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\setup.CFG
                                                                                                      Filesize

                                                                                                      3KB

                                                                                                      MD5

                                                                                                      7198f94b1e1e6f75bffed8e2d3359006

                                                                                                      SHA1

                                                                                                      4c2054f4e71d0d429c4488774a3d6f7a8a7deec2

                                                                                                      SHA256

                                                                                                      a5a625b408b0f5274ef79c83f8b8086d548e0d62c610e7a2668d88b243faf562

                                                                                                      SHA512

                                                                                                      69abb27436a168e7f700a050d7ee5261210d9de8bc359df32fa1dfa40881de62e00cef8d815c368883d0ffb8d1eb1e7c420984eb32803695bc8535dc9eb79127

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\setup.exe
                                                                                                      Filesize

                                                                                                      499KB

                                                                                                      MD5

                                                                                                      9c21eff6c3c63b3aa2efc84c14de304d

                                                                                                      SHA1

                                                                                                      958564f848b44c44ef04ed8f96632e7aecd979a3

                                                                                                      SHA256

                                                                                                      6bd422da77f1c37a3cce6f41367de61512815256df75dd0b767d1617fea3b251

                                                                                                      SHA512

                                                                                                      a590c1ef55f30565a279dfc1bdbf1a1e13c80ec98e2433b648b54c05313af0ae64f2d2cfac7aaff2654928000a252a3cd4025df7d4b137e035d1c0be6694eecc

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\GeForceNOWInstallerTemp\setup.exe
                                                                                                      Filesize

                                                                                                      499KB

                                                                                                      MD5

                                                                                                      9c21eff6c3c63b3aa2efc84c14de304d

                                                                                                      SHA1

                                                                                                      958564f848b44c44ef04ed8f96632e7aecd979a3

                                                                                                      SHA256

                                                                                                      6bd422da77f1c37a3cce6f41367de61512815256df75dd0b767d1617fea3b251

                                                                                                      SHA512

                                                                                                      a590c1ef55f30565a279dfc1bdbf1a1e13c80ec98e2433b648b54c05313af0ae64f2d2cfac7aaff2654928000a252a3cd4025df7d4b137e035d1c0be6694eecc

                                                                                                      Download Submit

                                                                                                    • memory/176-265-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/420-213-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/700-253-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/872-256-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/1292-200-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/1320-260-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/1404-247-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/1436-237-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/1620-243-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/1660-207-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/1796-230-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/1948-263-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/2140-198-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/2200-210-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/2284-238-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/2308-262-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/2424-259-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/2480-206-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/2548-234-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/2596-197-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/2788-276-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/2924-294-0x0000024F33D60000-0x0000024F33D70000-memory.dmp

                                                                                                      Filesize

                                                                                                      64KB

                                                                                                      Download

                                                                                                    • memory/2924-295-0x0000024F33DA0000-0x0000024F33DB0000-memory.dmp

                                                                                                      Filesize

                                                                                                      64KB

                                                                                                      Download

                                                                                                    • memory/3040-201-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/3104-215-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/3208-203-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/3384-212-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/3392-269-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/3460-211-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/3464-209-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/3532-214-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/3544-205-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/3616-202-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/3896-255-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/4192-270-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/4232-232-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/4300-264-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/4484-132-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/4564-236-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/4808-199-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/4876-204-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/4904-268-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/4964-208-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/5072-249-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/5072-275-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/5172-261-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/5212-266-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/5216-239-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/5224-235-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/5248-251-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/5352-245-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/5364-216-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/5384-217-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/5568-219-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/5592-220-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/5692-257-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/5712-222-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/5812-258-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/5816-274-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/5848-224-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/5892-226-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/6048-228-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/6052-272-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/6080-271-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/6096-273-0x0000000000000000-mapping.dmp

                                                                                                      Download

                                                                                                    • memory/6132-241-0x0000000000000000-mapping.dmp

                                                                                                      Download