21be0a068d7d1b57578bfb2ed850b3f3b1cfe4a4c47981ead95abdb8c20278fe

Analysis

max time kernel
94s
max time network
151s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
15-01-2024 17:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup-v-5y8kcnm.exe
Size

704KB
MD5

d1fc9e6d71a4867ab71af5566e525ba0
SHA1

593b10280a926134839feb8e2f9d0da9ee9c0593
SHA256

21be0a068d7d1b57578bfb2ed850b3f3b1cfe4a4c47981ead95abdb8c20278fe
SHA512

c82a23e5e0e3a38e32fc08401890852a71ec90640bbfb944ed7d45812493a53d2be2c0e4373692e52c77d666b8ae72cd0d15c3dc4bc3cc52887ad4589820658d
SSDEEP

12288:iOIVD3gyucpjRKaDPNKT1zH3ptaR1sDfOQSvJqFZ6rOIIzVFA4+M:iOIyyuUjMaDu173pG1szLSvJwSOZBv

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 64 IoCs

Processes:

Setup-v-5y8kcnm.exe

description	ioc	process
File created	C:\Windows\NvOptimizerLog\locales\ca.pak	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\locales\he.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\zh-CN.pak	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\webpack\chmod.js	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\d3dcompiler_47.dll	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\locales\en-GB.pak	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\icudtl.dat	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\bn.pak	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\locales\id.pak	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\LICENSE	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\ja.pak	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\MacOS\applet	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\vlc\installer.exe	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\Elevate	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\chrome_200_percent.pak	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\locales\cs.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\sl.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\Resources\applet.icns	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\libgksu2.so.0	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\libgksu2.so.0.0.2	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\es.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\he.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\id.pak	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\locales\ta.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources\applet.rsrc	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\locales\en-US.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\regedit\vbs\regList.wsf	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\vk_swiftshader_icd.json	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\sw.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources\applet.icns	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\index.js	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\locales\bg.pak	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\locales\bn.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\fi.pak	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\locales\uk.pak	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\Resources\applet.rsrc	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\Resources\Scripts\main.scpt	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\package.json	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\ar.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\mr.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\MacOS\applet	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\libgksu2.so.0.0.2	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\regedit\vbs\ArchitectureSpecificRegistry.vbs	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\resources\elevate.exe	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\swiftshader\libGLESv2.dll	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\LICENSE.electron.txt	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\locales\fr.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\sr.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\index.js.map	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\en-GB.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\gu.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\ko.pak	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\locales\nb.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\tr.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\.babelrc	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\index.js	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\resources\regedit\vbs\ArchitectureAgnosticRegistry.vbs	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\vulkan-1.dll	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\locales\et.pak	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\locales\zh-CN.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\LICENSE	Setup-v-5y8kcnm.exe

Executes dropped EXE 1 IoCs

Processes:

VLC.exe

pid process

5024 VLC.exe

pid	process
5024	VLC.exe

Loads dropped DLL 11 IoCs

Processes:

Setup-v-5y8kcnm.exeVLC.exe

pid	process
224	Setup-v-5y8kcnm.exe
224	Setup-v-5y8kcnm.exe
224	Setup-v-5y8kcnm.exe
224	Setup-v-5y8kcnm.exe
224	Setup-v-5y8kcnm.exe
224	Setup-v-5y8kcnm.exe
224	Setup-v-5y8kcnm.exe
224	Setup-v-5y8kcnm.exe
224	Setup-v-5y8kcnm.exe
224	Setup-v-5y8kcnm.exe
5024	VLC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exe

pid process

1624 schtasks.exe
Gathers system information 1 TTPs 1 IoCs
Runs systeminfo.exe.

System Information Discovery
T1082

Processes:

systeminfo.exe

pid process

3668 systeminfo.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

Setup-v-5y8kcnm.exe

pid process

224 Setup-v-5y8kcnm.exe
224 Setup-v-5y8kcnm.exe
224 Setup-v-5y8kcnm.exe
224 Setup-v-5y8kcnm.exe
224 Setup-v-5y8kcnm.exe
224 Setup-v-5y8kcnm.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Setup-v-5y8kcnm.exe

description pid process

Token: SeSecurityPrivilege 224 Setup-v-5y8kcnm.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

VLC.exe

pid process

5024 VLC.exe

pid	process
1624	schtasks.exe

pid	process
3668	systeminfo.exe

description	pid	process
Token: SeSecurityPrivilege	224	Setup-v-5y8kcnm.exe

pid	process
5024	VLC.exe

C:\Users\Admin\AppData\Local\Temp\Setup-v-5y8kcnm.exe
"C:\Users\Admin\AppData\Local\Temp\Setup-v-5y8kcnm.exe"
1⤵
- Drops file in Windows directory
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:224

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:5024

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=gpu-process --field-trial-handle=1440,8552518066799050557,6541889452366244909,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1448 /prefetch:2
2⤵
PID:1008

C:\Windows\NvOptimizerLog\resources\vlc\installer.exe
resources/vlc/installer.exe
2⤵
PID:868

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1440,8552518066799050557,6541889452366244909,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1824 /prefetch:8
2⤵
PID:4652

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=renderer --field-trial-handle=1440,8552518066799050557,6541889452366244909,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Windows\NvOptimizerLog\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:1
2⤵
PID:3864

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "chcp"
3⤵
PID:2336

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
3⤵
PID:4480

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
3⤵
PID:1056

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
3⤵
PID:4168

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "SCHTASKS /Create /TN "NvOptimizerTaskUpdater_V2" /SC HOURLY /TR "powershell -File C:/Windows/System32/NvWinSearchOptimizer.ps1" /RL HIGHEST /MO 4 /RU System /ST 17:10"
3⤵
PID:4824

C:\Windows\system32\schtasks.exe
SCHTASKS /Create /TN "NvOptimizerTaskUpdater_V2" /SC HOURLY /TR "powershell -File C:/Windows/System32/NvWinSearchOptimizer.ps1" /RL HIGHEST /MO 4 /RU System /ST 17:10
4⤵
- Creates scheduled task(s)
PID:1624

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted"
3⤵
PID:4604

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ExecutionPolicy"
3⤵
PID:4312

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "systeminfo"
3⤵
PID:3216

C:\Windows\system32\cscript.exe
cscript.exe
3⤵
PID:1640

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "start chrome "https://mediatrackerr.com/track-install?s=vlc&u=a24fa040-fb55-4683-8fee-f12ed8d246ed&f=Setup-v-5y8kcnm.exe""
3⤵
PID:3188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mediatrackerr.com/track-install?s=vlc&u=a24fa040-fb55-4683-8fee-f12ed8d246ed&f=Setup-v-5y8kcnm.exe"
4⤵
PID:4612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xe8,0xec,0xf0,0xc4,0xf4,0x7ff85e559758,0x7ff85e559768,0x7ff85e559778
5⤵
PID:504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=2044,i,16107776907164279787,13379003102185130896,131072 /prefetch:1
5⤵
PID:2584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=2044,i,16107776907164279787,13379003102185130896,131072 /prefetch:1
5⤵
PID:4616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1704 --field-trial-handle=2044,i,16107776907164279787,13379003102185130896,131072 /prefetch:8
5⤵
PID:4544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=2044,i,16107776907164279787,13379003102185130896,131072 /prefetch:8
5⤵
PID:4312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=2044,i,16107776907164279787,13379003102185130896,131072 /prefetch:2
5⤵
PID:4804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4488 --field-trial-handle=2044,i,16107776907164279787,13379003102185130896,131072 /prefetch:1
5⤵
PID:5840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3776 --field-trial-handle=2044,i,16107776907164279787,13379003102185130896,131072 /prefetch:8
5⤵
PID:5200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=2044,i,16107776907164279787,13379003102185130896,131072 /prefetch:8
5⤵
PID:6076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=2044,i,16107776907164279787,13379003102185130896,131072 /prefetch:8
5⤵
PID:5312

C:\Windows\system32\cscript.exe
cscript.exe //Nologo resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\NvOptimizer
3⤵
PID:2208

C:\Windows\system32\chcp.com
chcp
1⤵
PID:648

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted
1⤵
PID:3764

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ExecutionPolicy
1⤵
PID:308

C:\Windows\system32\systeminfo.exe
systeminfo
1⤵
- Gathers system information
PID:3668

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
PID:644

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:1208

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5204

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5336

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5468

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5568

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5764

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5200

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:2488

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
27fdc31897c5f1ab058d9fe1f28bddf7

SHA1
3422e0742bb67720955b3231af5c25a693a37743

SHA256
a798baad260a499662be5cfbe0100cdbd355e549f46326328edf4568b8cf15aa

SHA512
312fae498ddd3c0bc61480e96f2d9dc8b7bfe3cfd43112db1275f5e164f9bdf10816f1bf84716ae53bc4728e59f9755aec0b7e18cf96bdd01033b16a7c7ef855

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
2613e146de7f35e0f47bf7f23ccd2805

SHA1
76d6cb5708ef9853452f7e5c5e035a8ddd40d868

SHA256
b6765d4e28d3caa1349cfa8cc02b86dd245f18473b1c14bd3a6435d97ef48f97

SHA512
f5259b6d57657a5b8590b766b7ef7e60f65e24064a6917a82b5e5148bf8e298ebc7433f7a0775da74e3b44d17c30660ba1e331db520eb10e5d4d68b5c4726e78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
392B

MD5
a4508fa4e676192bc48c17950f0957ab

SHA1
237e45e586ab6266289f72af2ef543d5a13a0f73

SHA256
947ca1b5a78d9405562cf2429243b5838945e4af5d608c3a782c4606c4664909

SHA512
283078179cb2f61a2a1f840fef7eabaf5256070f405e1523d767db2ae8ccca6d3a5d3c0dc821e94e6cb3ba0bb76ed1c024a4c7598d53eced02033769bbca3253

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
ad278e335b79e63df6308f4a45935898

SHA1
8e6f68ec82e6e3b8b38525aafcb0f55119ae374b

SHA256
e34c1eade62c5a3b3b167eec6d3690ec300719a2255dfe2b8bd52f7f1a7c0dcc

SHA512
c5acfb38a08268701e473eec334527cf31813bb118b21f4b2650ce033998b83ad32559b2fbde26a212d5a64f9263c84756c65ff37810eb7c76fec44a6bcce9c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
e473ca7cc71596432bf61156e8083f00

SHA1
9e3aae8709ab9dba727de5a4963bce5a46a74454

SHA256
701af43a3a153957594c4e3639983b2d2421eaf4cd48878627f59d03d29e3ad6

SHA512
c46bba521ea2c453c75c1fd36e906518a57f927f21343ee51c0cdbc7422de1a630caf240a96b7b6fc4da4cd2d5247c61ffe3b3f153822d32f01eef82a30bab36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b710b63cb85c93722e432c573df4915f

SHA1
fc00f85baca10fd72e17445fa620384df7e64eeb

SHA256
17dad90c50bf9cb95d100e0e7368469c0e5bac981fcff4dd18c15f86f5deed11

SHA512
621273adddf029a28dfe053477918a6ed40a8161846ac0f1085ed28c82217a228ea164ca8ec77511c85ced61267f067607a978382e974bbc01b7ff1134be807c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
776c42ec9c7783f02ab49c7b6e59a998

SHA1
67d6fbc40149bcceb47c4fceeb40432ab3519c74

SHA256
ec15c0076d86329ad02f5be605d6dec820cdfdea22147ad1b26dd8219576b395

SHA512
aa0ee91bc6584ac038ce1e6e5283e3c6768d347862d66b18d3f527529944a844b0c5d5289cd5b5f43f9598a7b21278379ec1f7177d8343755f5d120ee74e3b9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
12KB

MD5
2f8d5f97bd42bde0291f99e0d5f9e288

SHA1
e5705a1fd44fb7a27c727c90850c860e5f1bcd25

SHA256
1fb08a63f81657caccd7c1e3f5ab4b2fe817a0396cb58cc6b380ffa78be65aba

SHA512
48b5b97639b66c6ed1b5fa4eeccde2021d16a2c4c6f682edc37d7d081484927581561512a916097e0362d74e0ef4ce50467344c0fb5e1dc250ec4e67d6624185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
Filesize
3KB

MD5
c2774a561b138e14a0ead90bcc1611da

SHA1
5cfdb1bcd7a8afceca596cd89386f78298cfbece

SHA256
82b64ab5698a627bc8e4113ec8013729ab83f7d2495451cc250a0388b5eebbf5

SHA512
6767e69bee6a60074b686a16c96f66a80c8b5388657300b4e2678c24ac8db28db9283402e157e05e33431edf409ee015da6d6464aaec0e3e7d29680a664703ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NTGHBTSJ\edgecompatviewlist[1].xml
Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
Filesize
2KB

MD5
c373cdb8236bb363319af570bd628dfc

SHA1
4f756c7d4a6f6e8494bd884bb9e00646e84e119b

SHA256
68d7a477b2bc5a4bf0f3894860999fa442a5b8653579f8173391dcc43dcbaf47

SHA512
cf8b041f6bfa9608191750a577bd86573656a017af61882db73f3e1f639411855038e3b761965cf04b26a0c0bbec1b6320482e787b7d667e0450c8ffb9ef1ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
Filesize
2KB

MD5
57eacaf5a745815e3774bca21f0b1428

SHA1
d3da3de14daee6fbe3743ff9633b13428f061ef2

SHA256
918a4e53988a0039a5d0a3015da68d749ae768130248b3a7cb40476197fc420b

SHA512
608647776982cb63a3e390adf08d0e2429e741f20c50d0d96c915b11d6a23dfe88d79eaf9d3530f77300ce96cd3428840e59cb241ef5ddcda3c81fc0d31601df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1KB

MD5
b2cf538d84c661c130e87eea6c21f9ec

SHA1
65484a9abd14515129d2187fc410c2659c0540c0

SHA256
b3a934b4e061c6d29b51d3c7f70fdaa1c7c5a3b9f6da94c5879da21391f297e3

SHA512
217d27d2936660a7b5d4ca76a10ad62a6ba5ededf65184d6fdde47b89e7b59f6c56afb62020b1ebd52f4c4bad3448b9f316a45e12d1d5daae6e517f6e7141273

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\8Q8HYX6P\favicon[1].ico
Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kaocxxfo.fpv.ps1
Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm7D5F.tmp\package.7z
Filesize
4.0MB

MD5
a19b3c7c236a883b2bc94514102f0377

SHA1
26f6f7d17da41b77cbc0c326a739dcbeb7e5b020

SHA256
8218ea51850e49dd75c70dfaeb8f79cde06a96bb76b5fafdca92aa7d2ce79886

SHA512
8cc677c273bff435444ff0f8b39442f03599b981106a12feb213c0b889554d10bd465971b92cd5a5db132682bfe7378396bd3cbef10cd95276380d6c3f9cb58b

Download Submit
C:\Windows\NvOptimizerLog\D3DCompiler_47.dll
Filesize
382KB

MD5
690dc797e0ffc30e351da4fa44d56dd9

SHA1
bbb1f13b335acef63e3f82360814a829023de30f

SHA256
8d2cf648523c0c8c629e0b9362fceb359a3698c373ced5a553ded8df31d7442e

SHA512
7a751b9ccf36a87c8fe11cc5a5386b4465157057702ae2b96a408721fb2a9622e92e73e33e13a0e57843ffecd70fc244a541aafc8674a76b463599a0487ab469

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe
Filesize
2.9MB

MD5
cab3332f8677f45ec31365c0e4b95556

SHA1
dd47bb56317300148f1c44561240f030f457403c

SHA256
9bff776d1d7a912f3d9f59d8ae8b64ed72174005a21df8d0f0f08298348d02ac

SHA512
caf0846115e62cf3eb9e2cca2ed0a730769a23891b68c65358da7cd53d609244d2e0667766414abeacda72ca088cfbe31e546642feb2aaa2414b057dfaafab91

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe
Filesize
596KB

MD5
214308be378f2e33a4e2674a99415f27

SHA1
c59ce3b9c88cfcd6f5a8fd96df4ae60a81cf717f

SHA256
9fd4b973fd74f0d2eee3b7899cec5cdecde531dcebfff4029d3b0982f7016ee5

SHA512
0043002b18d9521e62b443751f89179a3bce2f611d4b69ea81007cb61df01cf602d1599222239b9a02c574a9511b58cac7f1d5d5891d382a7d65487cea277436

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe
Filesize
560KB

MD5
dd9a871d2a188286c14248e6de184eec

SHA1
d90b5c96edf0cc4707cb274375f8fa901efd9587

SHA256
a08d2025771e203334488963ad909df05362f532c9561445f3a932c05f5d463a

SHA512
c4a38b1afee58ae22774252331cf4ec57717e8175c7be033c0e6e342f63b418eccec686ceaa435c24494dc283b94cbdf2018492c052e2fb5d5119e8d2c9abe12

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe
Filesize
207KB

MD5
0db3cd554feeae09fa87010ae6238afa

SHA1
4f26903e0d80149e25393b56d2070decb0d379cf

SHA256
15407fbcb553d3d2f0ea534edd1561a59f1b7035d9e864a6b4065f856488a05d

SHA512
ee31a4ce46f71bc34c0385c6098aa2446b6fa8c9a94ecc99cb0bc7bcfcd8cd093a2bb2d86c9ec9e04b92ec30eba53142976b22587d594c1ada8ffe47c695850e

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe
Filesize
268KB

MD5
20fc624ef153be38f785246b6466abc7

SHA1
17358ab979425a45954a1e05975a18eb2899b0fb

SHA256
97ef9e8cfb8772252d2319a53dfcc7e25be5186ce0e5b061456db2247f4ba6de

SHA512
e163f489b29f2bd920b91420dae4ec2b03055aebb8fd256be0894105078372e073e88b0aa46ed03ae071207adfc727b450850b3ed04fa8ddbd8f42c033464be5

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe
Filesize
64KB

MD5
da3b894237d0dfb46a3701267972b589

SHA1
d2a7148fa4288333ce49d078b4769c77e783a50a

SHA256
c5a6644ddae66303188aaef0d7b5f2e7891b30a91d4a2de51f61027e33901f58

SHA512
a823f0274f6f9cca188d185993b9aa5230e8d336eaa8a16644f01542cadc1a87be1b009a400ee7525ec6f14a6111cb045b214304d4530a99fab8cf72c7f6a650

Download Submit
C:\Windows\NvOptimizerLog\chrome_100_percent.pak
Filesize
123KB

MD5
a59ea69d64bf4f748401dc5a46a65854

SHA1
111c4cc792991faf947a33386a5862e3205b0cff

SHA256
f1a935db8236203cbc1dcbb9672d98e0bd2fa514429a3f2f82a26e0eb23a4ff9

SHA512
12a1d953df00b6464ecc132a6e5b9ec3b301c7b3cefe12cbcad27a496d2d218f89e2087dd01d293d37f29391937fcbad937f7d5cf2a6f303539883e2afe3dacd

Download Submit
C:\Windows\NvOptimizerLog\chrome_200_percent.pak
Filesize
183KB

MD5
1985b8fc603db4d83df72cfaeeac7c50

SHA1
5b02363de1c193827062bfa628261b1ec16bd8cf

SHA256
7f9ded50d81c50f9c6ed89591fa621fabbd45cef150c8aabcceb3b7a9de5603b

SHA512
27e90dd18cbce0e27c70b395895ef60a8d2f2f3c3f2ca38f48b7ecf6b0d5e6fefbe88df7e7c98224222b34ff0fbd60268fdec17440f1055535a79002044c955b

Download Submit
C:\Windows\NvOptimizerLog\ffmpeg.dll
Filesize
518KB

MD5
fcf64d3f2dc7c045352dddef6efd335a

SHA1
1ea667010cde8116afec6bcb7e95ced9d97d0a1b

SHA256
4673b0cfcb70f703645155b6f652f9fc15475ef8f96ada913375f650606c132c

SHA512
950bdfa84f864222a666a7cb8371854ee7fc830f5db05965df394cd643e9bf3160d806bffa8d8aaa8f76d057093f7715ec42a013c972d3186818a041ed08198d

Download Submit
C:\Windows\NvOptimizerLog\icudtl.dat
Filesize
440KB

MD5
35ff443d5c6fcdd909e6c8ae3417915e

SHA1
323d37ff89279f812efb8b60756ea35f8106806d

SHA256
e3a91a92386b3ca813be0d6d94d1af445a00dcb3bef5d060813f85f84a2ffae4

SHA512
71283a653b79ad50e232d18dbaa6e685d3e09979b9e41a0dc3e4667a0d40f9de54d4311778c9c49027dd1f374a6da19d18c5d31f210b1d1cad68ee25728aac01

Download Submit
C:\Windows\NvOptimizerLog\libegl.dll
Filesize
204KB

MD5
db045fb328fd57fd4f2792056a54646b

SHA1
a84d4f1f69c57ecbb3972fb6f90a973320e3ea46

SHA256
ee9c2351406c6f73ad75071691b4812f1f98f95b6fff05ecf469f20fde97e516

SHA512
86855ee6e171bf3a9a45ab95876a8cb3fad1a26b2769829aaeb04b6354a54f4182c412b7bba03b62e32e7f7f7a8931cb878e3b9119b6a0e33c95df1e9d297802

Download Submit
C:\Windows\NvOptimizerLog\libglesv2.dll
Filesize
228KB

MD5
2da79d83b5a819b70ff812758aea854a

SHA1
b86301d31e8a29ad9cab087c42c61b7ddfebbb55

SHA256
238129f8470d749f7a419b389124122023a9f065ed8c82427ef578817ec5fb07

SHA512
d65ca080b24d3f47c09b286f12e829448fdb2cdfcb627b7849b487f0bf9c36b2f5a92f44cb7ae2fd32f285f12ac301d2431438dae50c76973ac1e3a15dae037d

Download Submit
C:\Windows\NvOptimizerLog\locales\en-US.pak
Filesize
85KB

MD5
6bbeeb72daebc3b0cbd9c39e820c87a9

SHA1
bd9ebec2d3fc03a2b27f128cf2660b33a3344f43

SHA256
ac1cdb4fb4d9fb27a908ed0e24cc9cc2bd885bc3ffba7e08b0b907fd4d1a8c4b

SHA512
66944fb1abcc2a7e08e5fd8a2cee53eb9da57653d7880aea226f25879e26379f7d745ebf62a3518378fa503f3a31b3ea3716f49fe4c7db4f4af0228b81b53a10

Download Submit
C:\Windows\NvOptimizerLog\resources.pak
Filesize
321KB

MD5
faa5c35a07f98670db74f2338507b700

SHA1
38cc68ac7de0ce48b69bff323dfcd5268384bd9e

SHA256
5f118e723ff1fa9901849f18bb56583540e0fa4972e87f3e10f66eff96c030b4

SHA512
82f676e8dd36d3da73e415c0b4e62404b4c023e250f7932ab70b876aafc95163f06a6445c2d2712309c4e37e36aa5cc05d8d6b7a8743cbdc4498eb6d51e65c05

Download Submit
C:\Windows\NvOptimizerLog\resources\app.asar
Filesize
621KB

MD5
d9e5474cece0b89b4f5e0300eb2256ea

SHA1
aa07b7950e83fa5c28b5668658af4d3e71ca9be2

SHA256
217fc140b86c60856aa113d3e2c7036fad1b4056006071ef59613626cc328879

SHA512
5459a6b9b145760b0a1642947ff3bea4534d5a075baabb2592720d9c80f0e8c51afd207402a637f4abcee297dfc43a5df47552fe0d1c648cdd015015a75f00ba

Download Submit
C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\libgksu2.so.0
Filesize
68KB

MD5
6dbc4226a62a578b815c4d4be3eda0d7

SHA1
eb23f90635a8366c5c992043ccf2dfb817cf6512

SHA256
0eb70bd4b911c9af7c1c78018742cadb0c5f9b6d394005eaeaa733da4b5766e5

SHA512
3a2836f712ad7048dbeb5b6eec8e163652f97bea521eafcff5c598cbedf062baefaa7079d3a614470ef99ec954dac518224cb3515ca14757721f96412443c7c4

Download Submit
C:\Windows\NvOptimizerLog\resources\regedit\vbs\ArchitectureAgnosticRegistry.vbs
Filesize
2KB

MD5
310a042dca2144c9cda556e9bc4b0c02

SHA1
d2032af7eea0dbd027a36e577567e85486496949

SHA256
caa82e59ca92629057791cb1e0ba0b74c90f561fac81b029033fc081a83431b0

SHA512
843d9f6f300caba8df41511473c43f4d5029fa0012e593677c83f196c8d595194d1409069fb4b8616e0118f37ba943bbe656b29de40f0ad70997ab610fd98db8

Download Submit
C:\Windows\NvOptimizerLog\resources\regedit\vbs\regList.wsf
Filesize
985B

MD5
cae7db4194de43346121a463596e4f4f

SHA1
f72843fa7e2a8d75616787b49f77b4380367ff26

SHA256
b65c5af7dbeb43c62f6a5528af6db3cb1ca2a71735a8e7a1451796f834e355c2

SHA512
ccee660cc4878301c743d3ebde4557dc180d8b6f77c97de5e36c95f6e4d2446ef7be28ebc787fdea2f2d817890ac7bdb713196c755a51677dc127cce77670026

Download Submit
C:\Windows\NvOptimizerLog\resources\regedit\vbs\regUtil.vbs
Filesize
7KB

MD5
77e85aa761f75466e78ce420fdf67a31

SHA1
4470bd4d215d7682828cbc5f7f64993c078b2caa

SHA256
350dea3d6c8e65372f8d12a5fd92a3a46a7519610c69564e8185a2ed66b00d59

SHA512
50af664777545ced78c34a6ea35dae542fdb85b8b307a4a4a95db25a808a695d3fe8840edb36325279c2381fbae071f6b509f7491185cef2f42afcb7672cfd13

Download Submit
C:\Windows\NvOptimizerLog\resources\regedit\vbs\util.vbs
Filesize
4KB

MD5
e2be267c02d51df566fa726fc8aa075a

SHA1
c9b9ae17f36e23d5d3cbbf2d6f17a954bfa87d24

SHA256
b2efd5e0c2f695063a8bce40c8182aa70f33c4b1b77d232b7530d89fb9646f0c

SHA512
b6f80622a9f61f636f7786d91a1b9e06a64602f0898425e90a1a696d0a4855c8c08cbd6e6b98b9a3a1a24de354b26260247953b5273f7d57ea87294b4b142e8a

Download Submit
C:\Windows\NvOptimizerLog\resources\vlc\installer.exe
Filesize
250KB

MD5
359e1d2222d43f13edf693a3cc49a62a

SHA1
29a02bbca164a055b945a57bd2dc18d98824d97c

SHA256
8447719ad836b1c3285660270d188caf74988ad39212cbd691e8e0e4b16abacf

SHA512
13e4bd6854ce23c0fcea5d4bbb06a5a6391c89e6d98d5f47f26e5dce3df30a5766f19417b03eef86e444dd2cc4614bb48af5776f1d058e8a69e89d23b6cdeb61

Download Submit
C:\Windows\NvOptimizerLog\resources\vlc\installer.exe
Filesize
347KB

MD5
5b89dd41ec6e89760df75d8ecb80a189

SHA1
028593502f6098e03da74bcbb57bc63e214950fb

SHA256
2f3d1163dbd8136ea66317746045b3f33d0eabe9ad691f8911325d987f0373ba

SHA512
dfc26576b28d8f2a48968b90eea01a5e2da447bd0eacab67720a4a350f607ba9d19bb95f1fe7bcef941bab3c86cffb1d113538b576a1a87aaf5e17f6518f7e8a

Download Submit
C:\Windows\NvOptimizerLog\v8_context_snapshot.bin
Filesize
160KB

MD5
b64c1fc7d75234994012c86dc5af10a6

SHA1
d0d562b5735d28381d59d0d86078ff6b493a678e

SHA256
31c3aa5645b5487bf484fd910379003786523f3063e946ef9b50d257d0ee5790

SHA512
6218fcb74ef715030a2dd718c87b32f41e976dd4ce459c54a45341ee0f5ca5c927ad507d3afcffe7298b989e969885ed7fb72030ea59387609e8bd5c4b8eb60a

Download Submit
\??\pipe\crashpad_4612_CTKAZFDBUUCMSXLA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\nsjF2E9.tmp\LangDLL.dll
Filesize
7KB

MD5
20850d4d5416fbfd6a02e8a120f360fc

SHA1
ac34f3a34aaa4a21efd6a32bc93102639170e219

SHA256
860b409b065b747aab2a9937f02d08b6fd7309993b50d8e4b53983c8c2b56b61

SHA512
c8048b9ae0ced72a384c5ab781083a76b96ae08d5c8a5c7797f75a7e54e9cd9192349f185ee88c9cf0514fc8d59e37e01d88b9c8106321c0581659ebe1d1c276

Download Submit
\Users\Admin\AppData\Local\Temp\nsjF2E9.tmp\System.dll
Filesize
26KB

MD5
4f25d99bf1375fe5e61b037b2616695d

SHA1
958fad0e54df0736ddab28ff6cb93e6ed580c862

SHA256
803931797d95777248dee4f2a563aed51fe931d2dd28faec507c69ed0f26f647

SHA512
96a8446f322cd62377a93d2088c0ce06087da27ef95a391e02c505fb4eb1d00419143d67d89494c2ef6f57ae2fd7f049c86e00858d1b193ec6dde4d0fe0e3130

Download Submit
\Users\Admin\AppData\Local\Temp\nsm7D5F.tmp\INetC.dll
Filesize
238KB

MD5
38caa11a462b16538e0a3daeb2fc0eaf

SHA1
c22a190b83f4b6dc0d6a44b98eac1a89a78de55c

SHA256
ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a

SHA512
777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1

Download Submit
\Users\Admin\AppData\Local\Temp\nsm7D5F.tmp\SpiderBanner.dll
Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsm7D5F.tmp\StdUtils.dll
Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsm7D5F.tmp\System.dll
Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsm7D5F.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsm7D5F.tmp\nsProcess.dll
Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsm7D5F.tmp\nsis7z.dll
Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
\Windows\NvOptimizerLog\d3dcompiler_47.dll
Filesize
189KB

MD5
0b6ed16eb0aae498038b9d6139bc250b

SHA1
6a346d1e9e64b3925adbfad553e457e6d5a6d5b2

SHA256
76f24564cb4f1004678df12edf8b78a91e16bc52d2cd0840056971d640fd0f5f

SHA512
da5e026eeb8debacb6bcffccad9e13681614576c7187598576d586397d2e0e9f5ed8bb1fd05f82b2afc70c5b19c9f77e99918b5333f1f7198f0f3fe8de5f1a85

Download Submit
\Windows\NvOptimizerLog\ffmpeg.dll
Filesize
556KB

MD5
189a79ad816cccbb1586750a21d2dd2a

SHA1
59e0e9b3c055548eec8b84e6a42f77f6220bb4fd

SHA256
40432ab6635df70f92ff280e7639b9546dd996ad3e77d9b3ef676e2117543146

SHA512
462a47fc41f02c17bb26a64a509c91e558e3f11b139253bfcd5fc17f375fba86e2bb564aad50bcfceec02c64ad20bae621e99cf36a15275eb6be17c49508ab76

Download Submit
\Windows\NvOptimizerLog\ffmpeg.dll
Filesize
372KB

MD5
ef4bb23dded8069c2b7c69c94e9df01c

SHA1
8ca627511a4c98d5e5263854d09289729e487204

SHA256
316aa9b8a93c2f5568180d6638ff92c42951519edc40ce5e7fa03385c17460d5

SHA512
482578e7d375530e0c8f3e59b8d13e959c823ee3b9a8f755a979f374209e8d8d20d21730efae435e8bff12d5292af4574d84f1ffbb266aa3a6ab3b6b43182f86

Download Submit
\Windows\NvOptimizerLog\ffmpeg.dll
Filesize
143KB

MD5
eaf5ef012ed48ae5824d7da6686a9755

SHA1
75d19699e056e8e1d94ea24ffd5cdb096b122c8b

SHA256
195f38d8447a7709cb0b087fc42b28c791a06803b26e23efe79e6fe759cbed9d

SHA512
c34d54fde3067252813ac30e67527b837feb8ec0a0ce70289b2229a6fcec98cee642eb606abc4d547472a281d65662cb5ab3d776cefc18081392d573d0e94269

Download Submit
\Windows\NvOptimizerLog\ffmpeg.dll
Filesize
304KB

MD5
35eebe17d010b528ed605e5f1b60ccd4

SHA1
b76876450bfa6117056729e21d52b8b6333c878c

SHA256
018fcdb4696cc2eae9446b1a736b223e493fdebf687609d4ad1c43968cd6c511

SHA512
3476f1a7a4b8a4e4fbca208bf5c9d3a7849ca28daeea555a014b45bfba34209f067c68abf54ef66512a2080498e6ae79a5d90d443bcca0ab57ec2e666e7f41c3

Download Submit
\Windows\NvOptimizerLog\libEGL.dll
Filesize
306KB

MD5
f339099602fda907df72e8673141274d

SHA1
43182fc01a303ef5b475b599b16b4b7dab14a506

SHA256
397cd4771c3d2fad891f5482866344d99f0ea1b22a247ac9aa503a5cc8081b4d

SHA512
0cc507969450a79b50d74e5cc3180010d48c4815f68462db239bd5787566de2f9eea5bfa579d4b005ee6d24df399c701610501d4623b796d8b0bfd902add5283

Download Submit
\Windows\NvOptimizerLog\libGLESv2.dll
Filesize
174KB

MD5
4a35f2e13ad710e135be7f258a6d7f5c

SHA1
8694dd5ade6dbbe1798a2af1a3bf1dfc3c059e35

SHA256
3a239598c6a4b8c9051ce46ba2ce939d56e20d99a9c8562d04013e4ea4f868a2

SHA512
82cb85ca9a1157f6fcce365f7b9ea3bc89ef30a8b50529ff23a6080fb382368cfe09a34909af0601e29cddc15dd5484aea25fc6e32573d8e60d5faa98a7af2c9

Download Submit
memory/308-1232-0x000001E4B1120000-0x000001E4B1130000-memory.dmp

Filesize
64KB

Download
memory/308-1231-0x00007FF85E730000-0x00007FF85F11C000-memory.dmp

Filesize
9.9MB

Download
memory/308-1251-0x000001E4B1120000-0x000001E4B1130000-memory.dmp

Filesize
64KB

Download
memory/308-1256-0x00007FF85E730000-0x00007FF85F11C000-memory.dmp

Filesize
9.9MB

Download
memory/308-1233-0x000001E4B1120000-0x000001E4B1130000-memory.dmp

Filesize
64KB

Download
memory/644-1462-0x0000018AFED00000-0x0000018AFED01000-memory.dmp

Filesize
4KB

Download
memory/644-1291-0x0000018AFC540000-0x0000018AFC550000-memory.dmp

Filesize
64KB

Download
memory/644-1310-0x0000018AFD080000-0x0000018AFD082000-memory.dmp

Filesize
8KB

Download
memory/644-1461-0x0000018AFE8F0000-0x0000018AFE8F1000-memory.dmp

Filesize
4KB

Download
memory/644-1275-0x0000018AFBD20000-0x0000018AFBD30000-memory.dmp

Filesize
64KB

Download
memory/868-1408-0x0000000073870000-0x000000007387E000-memory.dmp

Filesize
56KB

Download
memory/868-1411-0x0000000073A10000-0x0000000073A19000-memory.dmp

Filesize
36KB

Download
memory/868-1407-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/1008-1405-0x0000023F7D640000-0x0000023F7D66D000-memory.dmp

Filesize
180KB

Download
memory/1008-357-0x00007FF87D410000-0x00007FF87D411000-memory.dmp

Filesize
4KB

Download
memory/1056-691-0x0000018E46B30000-0x0000018E46B40000-memory.dmp

Filesize
64KB

Download
memory/1056-935-0x00007FF85E730000-0x00007FF85F11C000-memory.dmp

Filesize
9.9MB

Download
memory/1056-931-0x0000018E46B30000-0x0000018E46B40000-memory.dmp

Filesize
64KB

Download
memory/1056-692-0x0000018E46B30000-0x0000018E46B40000-memory.dmp

Filesize
64KB

Download
memory/1056-690-0x00007FF85E730000-0x00007FF85F11C000-memory.dmp

Filesize
9.9MB

Download
memory/3764-1222-0x00007FF85E730000-0x00007FF85F11C000-memory.dmp

Filesize
9.9MB

Download
memory/3764-1221-0x000001FCBD2D0000-0x000001FCBD2E0000-memory.dmp

Filesize
64KB

Download
memory/3764-1197-0x00007FF85E730000-0x00007FF85F11C000-memory.dmp

Filesize
9.9MB

Download
memory/3764-1202-0x000001FCBD2D0000-0x000001FCBD2E0000-memory.dmp

Filesize
64KB

Download
memory/3764-1201-0x000001FCBD2D0000-0x000001FCBD2E0000-memory.dmp

Filesize
64KB

Download
memory/3764-1523-0x000001FCBD2D0000-0x000001FCBD2E0000-memory.dmp

Filesize
64KB

Download
memory/4168-942-0x0000021D9B8A0000-0x0000021D9B8B0000-memory.dmp

Filesize
64KB

Download
memory/4168-1184-0x0000021D9B8A0000-0x0000021D9B8B0000-memory.dmp

Filesize
64KB

Download
memory/4168-1188-0x00007FF85E730000-0x00007FF85F11C000-memory.dmp

Filesize
9.9MB

Download
memory/4168-943-0x0000021D9B8A0000-0x0000021D9B8B0000-memory.dmp

Filesize
64KB

Download
memory/4168-941-0x00007FF85E730000-0x00007FF85F11C000-memory.dmp

Filesize
9.9MB

Download
memory/4480-633-0x0000024850350000-0x000002485037A000-memory.dmp

Filesize
168KB

Download
memory/4480-652-0x0000024850350000-0x0000024850372000-memory.dmp

Filesize
136KB

Download
memory/4480-458-0x000002484FF90000-0x000002484FFCC000-memory.dmp

Filesize
240KB

Download
memory/4480-666-0x000002484FD10000-0x000002484FD20000-memory.dmp

Filesize
64KB

Download
memory/4480-433-0x000002484FD10000-0x000002484FD20000-memory.dmp

Filesize
64KB

Download
memory/4480-428-0x000002484FD20000-0x000002484FD42000-memory.dmp

Filesize
136KB

Download
memory/4480-680-0x00007FF85E730000-0x00007FF85F11C000-memory.dmp

Filesize
9.9MB

Download
memory/4480-431-0x00007FF85E730000-0x00007FF85F11C000-memory.dmp

Filesize
9.9MB

Download
memory/4480-432-0x000002484FD10000-0x000002484FD20000-memory.dmp

Filesize
64KB

Download
memory/4480-469-0x00000248503D0000-0x0000024850446000-memory.dmp

Filesize
472KB

Download
memory/5568-1413-0x0000028C77BF0000-0x0000028C77BF2000-memory.dmp

Filesize
8KB

Download
memory/5568-1393-0x0000028475300000-0x0000028475400000-memory.dmp

Filesize
1024KB

Download
memory/5568-1456-0x0000028C78240000-0x0000028C78242000-memory.dmp

Filesize
8KB

Download
memory/5568-1415-0x0000028C77C00000-0x0000028C77C02000-memory.dmp

Filesize
8KB

Download
memory/5568-1389-0x0000028C77590000-0x0000028C77592000-memory.dmp

Filesize
8KB

Download
memory/5568-1417-0x0000028C77E20000-0x0000028C77E22000-memory.dmp

Filesize
8KB

Download
memory/5568-1419-0x0000028C77E40000-0x0000028C77E42000-memory.dmp

Filesize
8KB

Download
memory/5568-1425-0x0000028C7A9A0000-0x0000028C7A9C0000-memory.dmp

Filesize
128KB

Download
memory/5568-1421-0x0000028C77E80000-0x0000028C77E82000-memory.dmp

Filesize
8KB

Download
memory/5568-1387-0x0000028C77570000-0x0000028C77572000-memory.dmp

Filesize
8KB

Download
memory/5568-1409-0x0000028C77B90000-0x0000028C77B92000-memory.dmp

Filesize
8KB

Download
memory/5568-1403-0x0000028C78530000-0x0000028C78550000-memory.dmp

Filesize
128KB

Download
memory/5568-1391-0x0000028C775B0000-0x0000028C775B2000-memory.dmp

Filesize
8KB

Download