21be0a068d7d1b57578bfb2ed850b3f3b1cfe4a4c47981ead95abdb8c20278fe

Analysis

max time kernel
68s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
15-01-2024 17:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup-v-5y8kcnm.exe
Size

704KB
MD5

d1fc9e6d71a4867ab71af5566e525ba0
SHA1

593b10280a926134839feb8e2f9d0da9ee9c0593
SHA256

21be0a068d7d1b57578bfb2ed850b3f3b1cfe4a4c47981ead95abdb8c20278fe
SHA512

c82a23e5e0e3a38e32fc08401890852a71ec90640bbfb944ed7d45812493a53d2be2c0e4373692e52c77d666b8ae72cd0d15c3dc4bc3cc52887ad4589820658d
SSDEEP

12288:iOIVD3gyucpjRKaDPNKT1zH3ptaR1sDfOQSvJqFZ6rOIIzVFA4+M:iOIyyuUjMaDu173pG1szLSvJwSOZBv

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 64 IoCs

Processes:

Setup-v-5y8kcnm.exe

description	ioc	process
File created	C:\Windows\NvOptimizerLog\locales\th.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\MacOS\applet	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\regedit\vbs\ArchitectureAgnosticRegistry.vbs	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\locales\nb.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\fa.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\Elevate\main.c	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\locales\ja.pak	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\Resources\applet.icns	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\libgksu2.so.0	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\resources\regedit\vbs\regListStream.wsf	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\VLC.exe	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\LICENSES.chromium.html	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\Elevate\Elevate.vcproj	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\locales\ko.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\mr.pak	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\MacOS\applet	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources\Scripts\main.scpt	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\elevate.exe	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\ja.pak	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\locales\mr.pak	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\resources\regedit\vbs\regDeleteKey.wsf	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\lt.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\Elevate\Elevate.vcproj	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\locales\te.pak	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\locales\uk.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\v8_context_snapshot.bin	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\assets	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\locales\es-419.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\LICENSE.md	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\fr.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\ms.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\Elevate\Elevate.vcxproj.filters	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\vi.pak	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\resources.pak	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\locales\da.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\zh-TW.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources\Scripts\main.scpt	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\libGLESv2.dll	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\locales\id.pak	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\locales\ru.pak	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\gksudo	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\regedit\vbs\regDeleteKey.wsf	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\chrome_200_percent.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\gu.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\libgksu2.so.0	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\elevate.exe	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\assets\linux.png	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\te.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\lib\utils.js	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\Elevate\stdafx.h	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\bn.pak	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\locales\it.pak	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\fi.pak	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\gksudo	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\lib\sudoer.js	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\regedit\vbs\regList.wsf	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\elevate.exe	Setup-v-5y8kcnm.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\MacOS	Setup-v-5y8kcnm.exe
File created	C:\Windows\NvOptimizerLog\locales\cs.pak	Setup-v-5y8kcnm.exe

Executes dropped EXE 1 IoCs

Processes:

VLC.exe

pid process

3488 VLC.exe

pid	process
3488	VLC.exe

Loads dropped DLL 11 IoCs

Processes:

Setup-v-5y8kcnm.exeVLC.exe

pid	process
3408	Setup-v-5y8kcnm.exe
3408	Setup-v-5y8kcnm.exe
3408	Setup-v-5y8kcnm.exe
3408	Setup-v-5y8kcnm.exe
3408	Setup-v-5y8kcnm.exe
3408	Setup-v-5y8kcnm.exe
3408	Setup-v-5y8kcnm.exe
3408	Setup-v-5y8kcnm.exe
3408	Setup-v-5y8kcnm.exe
3408	Setup-v-5y8kcnm.exe
3488	VLC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exe

pid process

912 schtasks.exe
Gathers system information 1 TTPs 1 IoCs
Runs systeminfo.exe.

System Information Discovery
T1082

Processes:

systeminfo.exe

pid process

4712 systeminfo.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

Setup-v-5y8kcnm.exe

pid process

3408 Setup-v-5y8kcnm.exe
3408 Setup-v-5y8kcnm.exe
3408 Setup-v-5y8kcnm.exe
3408 Setup-v-5y8kcnm.exe
3408 Setup-v-5y8kcnm.exe
3408 Setup-v-5y8kcnm.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Setup-v-5y8kcnm.exe

description pid process

Token: SeSecurityPrivilege 3408 Setup-v-5y8kcnm.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

VLC.exe

pid process

3488 VLC.exe

pid	process
912	schtasks.exe

pid	process
4712	systeminfo.exe

description	pid	process
Token: SeSecurityPrivilege	3408	Setup-v-5y8kcnm.exe

pid	process
3488	VLC.exe

C:\Users\Admin\AppData\Local\Temp\Setup-v-5y8kcnm.exe
"C:\Users\Admin\AppData\Local\Temp\Setup-v-5y8kcnm.exe"
1⤵
- Drops file in Windows directory
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3408

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3488

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=gpu-process --field-trial-handle=1596,8267999371599429475,10675009616766766359,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1584 /prefetch:2
2⤵
PID:4020

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1596,8267999371599429475,10675009616766766359,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1928 /prefetch:8
2⤵
PID:4556

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=renderer --field-trial-handle=1596,8267999371599429475,10675009616766766359,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Windows\NvOptimizerLog\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:1
2⤵
PID:4844

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "chcp"
3⤵
PID:3968

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
3⤵
PID:1476

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
3⤵
PID:2168

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
3⤵
PID:364

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "SCHTASKS /Create /TN "NvOptimizerTaskUpdater_V2" /SC HOURLY /TR "powershell -File C:/Windows/System32/NvWinSearchOptimizer.ps1" /RL HIGHEST /MO 4 /RU System /ST 17:10"
3⤵
PID:3788

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted"
3⤵
PID:1444

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted
4⤵
PID:3008

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ExecutionPolicy"
3⤵
PID:4192

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "systeminfo"
3⤵
PID:3624

C:\Windows\system32\cscript.exe
cscript.exe
3⤵
PID:1880

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "start chrome "https://mediatrackerr.com/track-install?s=vlc&u=2dc65cae-fa75-4c23-b893-7794cd4c8033&f=Setup-v-5y8kcnm.exe""
3⤵
PID:3216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mediatrackerr.com/track-install?s=vlc&u=2dc65cae-fa75-4c23-b893-7794cd4c8033&f=Setup-v-5y8kcnm.exe"
4⤵
PID:4232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1984,i,15037209104005572074,12243867868406614053,131072 /prefetch:8
5⤵
PID:5248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2136 --field-trial-handle=1984,i,15037209104005572074,12243867868406614053,131072 /prefetch:8
5⤵
PID:5260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1984,i,15037209104005572074,12243867868406614053,131072 /prefetch:1
5⤵
PID:5348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1984,i,15037209104005572074,12243867868406614053,131072 /prefetch:1
5⤵
PID:5300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1984,i,15037209104005572074,12243867868406614053,131072 /prefetch:2
5⤵
PID:5172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3972 --field-trial-handle=1984,i,15037209104005572074,12243867868406614053,131072 /prefetch:1
5⤵
PID:5960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1984,i,15037209104005572074,12243867868406614053,131072 /prefetch:8
5⤵
PID:5484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1984,i,15037209104005572074,12243867868406614053,131072 /prefetch:8
5⤵
PID:5708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1984,i,15037209104005572074,12243867868406614053,131072 /prefetch:8
5⤵
PID:3132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mediatrackerr.com/track-install?s=vlc&u=2dc65cae-fa75-4c23-b893-7794cd4c8033&f=Setup-v-5y8kcnm.exe
3⤵
PID:3548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,4831190685073584343,13874023753022252035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
4⤵
PID:1912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,4831190685073584343,13874023753022252035,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
4⤵
PID:4364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,4831190685073584343,13874023753022252035,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
4⤵
PID:3376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4831190685073584343,13874023753022252035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
4⤵
PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4831190685073584343,13874023753022252035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
4⤵
PID:408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4831190685073584343,13874023753022252035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
4⤵
PID:5748

C:\Windows\system32\cscript.exe
cscript.exe //Nologo resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\NvOptimizer
3⤵
PID:1700

C:\Windows\NvOptimizerLog\resources\vlc\installer.exe
resources/vlc/installer.exe
2⤵
PID:2888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4904

C:\Windows\system32\chcp.com
chcp
1⤵
PID:3788

C:\Windows\system32\schtasks.exe
SCHTASKS /Create /TN "NvOptimizerTaskUpdater_V2" /SC HOURLY /TR "powershell -File C:/Windows/System32/NvWinSearchOptimizer.ps1" /RL HIGHEST /MO 4 /RU System /ST 17:10
2⤵
- Creates scheduled task(s)
PID:912

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ExecutionPolicy
1⤵
PID:916

C:\Windows\system32\systeminfo.exe
systeminfo
1⤵
- Gathers system information
PID:4712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7fff43f946f8,0x7fff43f94708,0x7fff43f94718
1⤵
PID:3456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff43cc9758,0x7fff43cc9768,0x7fff43cc9778
1⤵
PID:4120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3916

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5420

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
27fdc31897c5f1ab058d9fe1f28bddf7

SHA1
3422e0742bb67720955b3231af5c25a693a37743

SHA256
a798baad260a499662be5cfbe0100cdbd355e549f46326328edf4568b8cf15aa

SHA512
312fae498ddd3c0bc61480e96f2d9dc8b7bfe3cfd43112db1275f5e164f9bdf10816f1bf84716ae53bc4728e59f9755aec0b7e18cf96bdd01033b16a7c7ef855

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
1782a53f627a01bc96c5b94c42f8c390

SHA1
38189daea486e53c19432399c2c73437da216ae5

SHA256
b8217f67870d0c38cbafd5cb5e9eacca6d7bd7d29d31625fb5d65a6440e84b76

SHA512
05e9e3744c2617d04275e65a691bc0339f1e3b21b3477084e7c7d68724eed959e8be1cabb98037dbaca25b52df02c6fb585d5faa909e972faa5f30ee8fb4c5d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
392B

MD5
c21b3fa9d42400e49e2aae8fd3ad885e

SHA1
2c295f3ecc2909db959d6906cd301bf75b1a35de

SHA256
fe2ac0705d467823b07c209d8db4a4da32a9aa9e9d223236e91e8217c79fff9c

SHA512
646592bf065b47ee1e396c71ffdb832e2bdd5c13e7008eb0d968bfa058a0c6db598df78cc262a1ab19bda4db289c4806d95f387414bf84bb0a8dc4af1c41d761

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
740f9687c80142c910ecf7a5ea7490d2

SHA1
2e587e1c65bd9d5753019d787eaefd02d2f9180e

SHA256
7a902cb58c4370dc44aa5ef520b568610f95f8178e21a9491e35277d9e9f2e82

SHA512
00e65e03df5f4c391374d78bb97dde2dc514478a144111f86f75f477167ca64671ad977586288c55ff56b575c261b37bd4c9620288310e7d9ba7c1dc10061954

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
75c82b6932af12d2b6f09381bc6faf5c

SHA1
55ba490ce1a42d6f5b3ea86d55d6587d58e1dffc

SHA256
c94025a1b8e13ef67e7d3287caa0be888be623f21c78e71373ba47400ca8c080

SHA512
d267c21e30e49293bd556cb17b61212dcbe430035d03a0d31b571dab13bdb9542189933a26606aabaf00299545d36e1eb989c4058b1b220add6d190704c05e07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
654adf07a86f89422c70ca9c23d6730e

SHA1
534275465676693e765dfc915d8100fd7b4df441

SHA256
35f4b3278cd798057552e3bd67d3ee6d56094dfcd86ee7b1cff5f8c6357154a9

SHA512
be0ab31a257fc84f299a5de8f9f15e773d071411776d09ae53a57df2916fad5f314d502d0e66a215fd8b026212dcb4818db16130ac82e71b6c534ef21e4a2aab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f060109c-cae7-4bef-9caf-438c28447101.tmp
Filesize
15KB

MD5
8553b51582cb4c9a7374236ee7203851

SHA1
5951b0d8ab74813f270b4fc0d8aaad42cee163bd

SHA256
31d9b35c7d86a023cb20458225ad712c684b8fd35db85d9cd748d67e44fb223f

SHA512
57b524b858481245f374fb57b88f0b6a76b105dbf5761dacdad20b00d32b9630deaadf6629e662705e64bc08076c754e4520316944af656b15b8537c40f44a04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
175KB

MD5
0d7adfc1f1a494549104cbf81f5c082b

SHA1
b34b9e6fca53286c9bd5957ef4840a6129ea8858

SHA256
4b71a3696b85f9ead3c19b5d55ef0f834644e0c9ab6bb594224404b5d9fb6f25

SHA512
608c176a3e3fb74e91fc8372e766df593684b5ffcbc768197fecc7adfefbd99ee71d78532b5fa0fecdbc4be2aed6188e77e418754ffb37f8d5c442675f32ce0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
Filesize
3KB

MD5
5c3cc3c6ae2c1e0b92b502859ce79d0c

SHA1
bde46d0f91ad780ce5cba924f8d9f4c175c5b83d

SHA256
5a48860ad5bdf15d7a241aa16124163ec48adc0f0af758e43561ac07e4f163b2

SHA512
269b79931df92c30741c9a42a013cb24935887272ed8077653f0b6525793da52c5004c70329d8e0e7b2776fc1aba6e32da5dadf237ae42f7398fdf35a930663e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
84381d71cf667d9a138ea03b3283aea5

SHA1
33dfc8a32806beaaafaec25850b217c856ce6c7b

SHA256
32dd52cc3142b6e758bd60adead81925515b31581437472d1f61bdeda24d5424

SHA512
469bfac06152c8b0a82de28e01f7ed36dc27427205830100b1416b7cd8d481f5c4369e2ba89ef1fdd932aaf17289a8e4ede303393feab25afc1158cb931d23a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
192B

MD5
3476b16eecf7b13e344e576d1414b3ab

SHA1
0f4a4a00cf6c7807d00b9301d8ab18540f668795

SHA256
09f8384ee0e6b5fe418f6ec7d4fe91ed085dca259fe0cec0c416f66c7e40ad66

SHA512
3dc2282d75be03e26bd4aac98e167522bcad4ce850d9da8ce97789862028dcee540dad4d7261b0f6b71a1947141da0f99bad9bd949fb51828522a60d8a18798a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
a541eed762e319ded399f647a1c59a8b

SHA1
d418ee7743e10aa11f9dc1f1695d4ae7bf381091

SHA256
b671448a9fab043e4d9b8a08145812869728baaab7e60a0bb54c6aa0739f0763

SHA512
101de1dea68254e82430a777ff5da62e0c31881ec2cfacb9abd485278810fb46a9079c86822701fa9c460a5f982622ba62ed07e8c225b6433a568db5bac26d27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
0ffd04bde733ce3e5914bd6a607e6deb

SHA1
0628da2654119bcc46252cfc6c7d0348e63156e2

SHA256
fe79269c9287158ee30b00f8665f79d470d08ed7d9e3904dc9b3f0df39921003

SHA512
6e47408d548a52fb8959ef93a203899917a5bcceb46ace21df5fdc8ce058e17ced315d035d620230b2cda78da98ded87675688a2f7b3c29ab6183ff8aa8b7643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
35f77ec6332f541cd8469e0d77af0959

SHA1
abaec73284cee460025c6fcbe3b4d9b6c00f628c

SHA256
f0be4c5c99b216083bd9ee878f355e1aa508f94feb14aeebcfba4648d85563a7

SHA512
e0497dbe48503ebbf6a3c9d188b9637f80bccf9611a9e663d9e4493912d398c6b2a9eab3f506e5b524b3dabbca7bb5a88f882a117b03a3b39f43f291b59870c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
fa091791c81ad2f27a9df7d1959c5d7b

SHA1
d463ed4d966cb9468af2863bb971e2e0dcc3ebef

SHA256
d654bf76d064661063791b40dcd0f20b515e250509c4a53f8a9be2f5a0e1f5bc

SHA512
915b0dfc72fab8761f3dadd458a0507ec6c1c3316d6e44a50f7ad1b8ce49f87f1d37e0f05c66264354200083cc45142e123e20bad8f85dde9e4a8bdcfaba50e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
Filesize
2KB

MD5
2f87410b0d834a14ceff69e18946d066

SHA1
f2ec80550202d493db61806693439a57b76634f3

SHA256
5422bc17b852ad463110de0db9b59ffa4219e065d3e2843618d6ebbd14273c65

SHA512
a313702f22450ceff0a1d7f890b0c16cf667dbcd668dbafa6dbecd0791236c0bc68e834d12113cc75352365c2a2b6cfcf30b6ef7c97ea53ed135da50de389db4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
Filesize
2KB

MD5
46d994ff932d9839bde2141e214718e6

SHA1
b1f8b9d1363edda6986dea109321e90bbeaf2070

SHA256
6dfa3a8ed3c87466f62b3fd6c253ca2e9b79a3d43fc8839a78f90f6a630a9b44

SHA512
118f71fea3c6f6072678ef6722d51fbca8d431c9ae03e2992895dac72118e3a0c9e831800c3fbb7f9c81ce96bbcbf8fbb86732a96897f1b099276dfbbacf6ffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
64B

MD5
50a8221b93fbd2628ac460dd408a9fc1

SHA1
7e99fe16a9b14079b6f0316c37cc473e1f83a7e6

SHA256
46e488628e5348c9c4dfcdeed5a91747eae3b3aa49ae1b94d37173b6609efa0e

SHA512
27dda53e7edcc1a12c61234e850fe73bf3923f5c3c19826b67f2faf9e0a14ba6658001a9d6a56a7036409feb9238dd452406e88e318919127b4a06c64dba86f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gidfegx4.mkg.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi7E36.tmp\LangDLL.dll
Filesize
7KB

MD5
20850d4d5416fbfd6a02e8a120f360fc

SHA1
ac34f3a34aaa4a21efd6a32bc93102639170e219

SHA256
860b409b065b747aab2a9937f02d08b6fd7309993b50d8e4b53983c8c2b56b61

SHA512
c8048b9ae0ced72a384c5ab781083a76b96ae08d5c8a5c7797f75a7e54e9cd9192349f185ee88c9cf0514fc8d59e37e01d88b9c8106321c0581659ebe1d1c276

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi7E36.tmp\System.dll
Filesize
26KB

MD5
4f25d99bf1375fe5e61b037b2616695d

SHA1
958fad0e54df0736ddab28ff6cb93e6ed580c862

SHA256
803931797d95777248dee4f2a563aed51fe931d2dd28faec507c69ed0f26f647

SHA512
96a8446f322cd62377a93d2088c0ce06087da27ef95a391e02c505fb4eb1d00419143d67d89494c2ef6f57ae2fd7f049c86e00858d1b193ec6dde4d0fe0e3130

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi7E36.tmp\nsDialogs.dll
Filesize
12KB

MD5
2029c44871670eec937d1a8c1e9faa21

SHA1
e8d53b9e8bc475cc274d80d3836b526d8dd2747a

SHA256
a4ae6d33f940a80e8fe34537c5cc1f8b8679c979607969320cfb750c15809ac2

SHA512
6f151c9818ac2f3aef6d4cabd8122c7e22ccf0b84fa5d4bcc951f8c3d00e8c270127eac1e9d93c5f4594ac90de8aff87dc6e96562f532a3d19c0da63a28654b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi7E36.tmp\nsProcess.dll
Filesize
35KB

MD5
764371d831841fe57172aa830d22149d

SHA1
680e20e9b98077dea32b083b5c746d8de35e0584

SHA256
93df9e969053ca77c982c6e52b7f2898d22777a8c50274b54303eaa0ef5ccded

SHA512
19076205eba08df978ad17f8176d3a5a17c4ea684460894b6a80cae7e48fcae5e9493ff745d88d62fd44fc17bcda838570add6c38bebe4962d575f060f1584f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn731E.tmp\INetC.dll
Filesize
238KB

MD5
38caa11a462b16538e0a3daeb2fc0eaf

SHA1
c22a190b83f4b6dc0d6a44b98eac1a89a78de55c

SHA256
ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a

SHA512
777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn731E.tmp\SpiderBanner.dll
Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn731E.tmp\StdUtils.dll
Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn731E.tmp\System.dll
Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn731E.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn731E.tmp\nsProcess.dll
Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn731E.tmp\nsis7z.dll
Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn731E.tmp\package.7z
Filesize
4.0MB

MD5
2b641e0a51816dd3e677b0314bf63d88

SHA1
a89c7e22943fa5c71c060456424be9845e65734c

SHA256
449b285a4b27d46d8ddb35d6f2091a76c5a4f236bd855389f85e01353b72a727

SHA512
79c721e44e8b683ad5336e6ee4c39835cc08cb8729e1de0a36c950ba392821d6b8d498864817f001fc31959c99f14cad70ca4e54341ccab3332678ff61de383d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Windows\NvOptimizerLog\D3DCompiler_47.dll
Filesize
479KB

MD5
3261e3eb23ba56c5acffa0ed6f5c8294

SHA1
6ae3aaaa5f3f87bfdef8809eba011f2b8c7f19f1

SHA256
40b1377f2d44d1e2bc09956ebf13c88415c7a8f9078689e2f75727a1253c8362

SHA512
6ed914f1b7c1b51fcf19658b9a465a4f3a725bceb5b4b3500cee2bda964f25261dbc0022e6dcee437fbb0e6c3bd7b0a0f6acb2cf5db469df98986f11eb02c23b

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe
Filesize
2.2MB

MD5
e9b84ff881e272096696b936260d165a

SHA1
b117fed1d5f89bbf6cfd5a7b721c6eb221b80031

SHA256
8a7bdb733ef28e86961259d77f90f2421faae9da931399a8868b850ac438bbf0

SHA512
d2f24e4adda22a1b77d6501a8c3d8f42422d1522d1a8595f52c585444f396494e7b33e5edc4b113802181250b7bd47e1e132ca4b18926becbf07ce56394fa55f

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe
Filesize
884KB

MD5
ec8cbddf1fc74eb7cd670bcdf0c76ffa

SHA1
86a9ce38dbc830ddd605b979b8b973e6967489b0

SHA256
1cc74b86f6f4ca553f192729cbe20460fbb4b914566169f56ae6fc664585d599

SHA512
5f97a4e11707043998bbd44fa52c5d8d717d27f60d4e69fb735759a80a4ff76da3f45129e2553e67bfc8194d5b0dca6c2471511122e90b3d5d0963d09b17670a

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe
Filesize
1.0MB

MD5
1f7cb7f45eb01c9d0b0aed159ca476ae

SHA1
27596d42667102f7cbb4e4717e6ba0f788adbb1f

SHA256
366475c49b3b37765d4e83960caea53f8cb09a81f8836faff8dde6882372aa33

SHA512
db444425ebfd904ff1d4a0b09eda538cb08e5127c0b56d8351462cdd2e7804d68d08b41997ae5b6f5a4fdb6d5bb5cec66fcafcbebab30b16b6ab832e434ace36

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe
Filesize
718KB

MD5
ee1fcdf0251571079fe8f6571c0df392

SHA1
a14f50a508df02bf6a490991f103476423ab04f4

SHA256
e70129e19bb434d961a0c166db062ef36472bfb37049f392594361aa6d6fa651

SHA512
8ddcc0774b0af18b133a64b70d34a6066d37b8774e856ba88b131530a2996237f54df463f1c2c8a08a286a6c4e3e1f902ee5570e0b343bfc206f6c912c9e2839

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe
Filesize
585KB

MD5
61abc67fab8341ab5357a60e36bf9438

SHA1
5009215a41dc88a2909310e6bd0b524d9c757d9d

SHA256
56bedc1e3e8ca6b16817e6df37f2c6e7aa158752d91343a396e63f6f0fd3dda1

SHA512
185714b7c7ed3962a40b269e31fcdeac88a42828d7854d7a819a7d924e9fd1dc46c55ac553f5c2fd6e89ce7f979041448d534eca6b37b012e53f6bb222f0767e

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe
Filesize
439KB

MD5
870b4dc43f44cb4e158eb12fc3d8920f

SHA1
4c32207e344cb728943ee73b92862e99f3e3d630

SHA256
e102c96e6221b8c402310425943cc37e6bd2171118a1ecc669120d1c538b110f

SHA512
c0cee9899a0ef3819d8377930a1816bb4a81980e69ebff2e10d1c7fdd07c0c23027d06490866a6d1f52984f56bc74f5e32594a34efd5f6d559d64dcc4d37bd1a

Download Submit
C:\Windows\NvOptimizerLog\chrome_100_percent.pak
Filesize
123KB

MD5
a59ea69d64bf4f748401dc5a46a65854

SHA1
111c4cc792991faf947a33386a5862e3205b0cff

SHA256
f1a935db8236203cbc1dcbb9672d98e0bd2fa514429a3f2f82a26e0eb23a4ff9

SHA512
12a1d953df00b6464ecc132a6e5b9ec3b301c7b3cefe12cbcad27a496d2d218f89e2087dd01d293d37f29391937fcbad937f7d5cf2a6f303539883e2afe3dacd

Download Submit
C:\Windows\NvOptimizerLog\chrome_200_percent.pak
Filesize
183KB

MD5
1985b8fc603db4d83df72cfaeeac7c50

SHA1
5b02363de1c193827062bfa628261b1ec16bd8cf

SHA256
7f9ded50d81c50f9c6ed89591fa621fabbd45cef150c8aabcceb3b7a9de5603b

SHA512
27e90dd18cbce0e27c70b395895ef60a8d2f2f3c3f2ca38f48b7ecf6b0d5e6fefbe88df7e7c98224222b34ff0fbd60268fdec17440f1055535a79002044c955b

Download Submit
C:\Windows\NvOptimizerLog\d3dcompiler_47.dll
Filesize
433KB

MD5
8de9fc31bfe6f3d12ebb4d87efbbb890

SHA1
2f099de3a97198aed8c7005e0fc81aa8f94f5967

SHA256
47fab3936fb30370f10d2cb2e397e0af030f09a5372953d48f9de6bccade381f

SHA512
32e131774545c84dc449488944c7dedbd337edfca9dffdac65014730bc8578720acd9c785cbc51cccdf25344e38f4a993c1f6479d5ace54bfe48b018a9cff979

Download Submit
C:\Windows\NvOptimizerLog\ffmpeg.dll
Filesize
1.1MB

MD5
940abdee982e8d931c3e15fb6e803f7c

SHA1
c94fdf440310c7d5ca937829c1b558298d3a894b

SHA256
82bbff5cb3c52af911b1faa8157097adae49b443aae51145582c199485a87e51

SHA512
8aacf5515967faefb4ad1154d24ed812cf6f11db83ee44caeddddd5675341647180ebcc88e351fb45baaaa4be1c2391fd00ecf1501dc6da1bef0c056b8b50098

Download Submit
C:\Windows\NvOptimizerLog\ffmpeg.dll
Filesize
954KB

MD5
ff7317b53f5f182f3b8e933021b69894

SHA1
b109ecfa2b81628469cd00e9bbbb615b8f4f0112

SHA256
5cbdd876681917cac1f6bef11da1c5d82129bef792059024a2054998832c4316

SHA512
1e5be2b0bf6e8ffc5539131a9838a461e752cba03bff076dc37734887225c7b3086dfcfa7cbd4691a4b611c89a8115f62310aad64d04123552c015f18b45820d

Download Submit
C:\Windows\NvOptimizerLog\ffmpeg.dll
Filesize
576KB

MD5
a775aeb718107e06c0b5740eea29e49e

SHA1
41e0a8dc1349e1a6c9a1a733d1188da2a96b3821

SHA256
dde53e6874ee5ba3630817a485e074649a695b4e323faafac310fb69214ea940

SHA512
cecbf4d990f95a3afeb2ff8f14d029d4d56069154fbe1f2e75bf1af066f2b49586205084dc8c45e31ed098a672f1ffcc28dad0b4a1c629c3cc21421e67685100

Download Submit
C:\Windows\NvOptimizerLog\ffmpeg.dll
Filesize
345KB

MD5
481cdfd81fb3dbff45866597348f0d1d

SHA1
d5810dfc0d8f51f0e495d6bd7facc0fc7fcc149d

SHA256
ba2ed9a87cd6cff98a9ca90c8ff41d687609882e666a37e5ef07245961a3ef04

SHA512
755d1ad6014fdf7f9cfc9835d4869be9ca58b2518625de06bccd065ef3225d378be1e38b2101dad63eaec06f9517db89005322625c2a94fc36b92929a13c9bf8

Download Submit
C:\Windows\NvOptimizerLog\ffmpeg.dll
Filesize
404KB

MD5
329f8a95f4d7703d3223d851ba1f31ac

SHA1
5b9dd47cf3d08fdb48a539607b5846af8fb20bde

SHA256
77a7566e25eff34bcdd887be2752bb77152ed37eb9511b937e680d8130e9f508

SHA512
ffe3b726532bce3059c75254a6f59908e3a0fc45f4a3c9c1d3a0227ef385e17dac2a453d239740bdf6d30e56635dc21ad8ef6168d2aa3034a7d152a059412e47

Download Submit
C:\Windows\NvOptimizerLog\icudtl.dat
Filesize
523KB

MD5
e558071e36026522f2413d9b8d4b09ed

SHA1
42b9c3f0da926acbe40e3124602251a5eeda2592

SHA256
c0f3ea0348338d91ecf3812cf7474318cadd9909797245058765fae82af55c27

SHA512
36a3d47ce53ff95697263dc2d7ffbcc236e1deb1dfb80da91a334ea2a77d6cd8bd1633e3f33363e84dd227aaf300a7dabf4d8eee407b194f276c703a7b80e144

Download Submit
C:\Windows\NvOptimizerLog\libEGL.dll
Filesize
344KB

MD5
c1fbdb5da2b421d6fa3ded26841da90a

SHA1
649e360dba683cdf14fb42adbc345a1eb4d12a25

SHA256
76dc37bff8291ae36b7dc88fd09375c7141f28e1ee39b769adbddba7deb4101e

SHA512
6ee51ccabb486fd07fdd047edc847413f0dbef4f35821ae518aa5a51e8041569bee325fa480e3ac71f04bd0073881e6f308c99ddcddccccc87fe1c02120243ba

Download Submit
C:\Windows\NvOptimizerLog\libGLESv2.dll
Filesize
156KB

MD5
cdc9291da0301b5e5de1cd09757c43c9

SHA1
2b39ec92ef43b1a95e693cfe1be14f28a14f4df6

SHA256
a212c181be4e23f2956f7d9b44d833a69cf888a6a629944f78b98df727b31417

SHA512
32098e0349206bfae94fd6a7f13fe647b2df8142d3f2c01a1c6db7677bded0baf9576eece71322878f9623307a86074408451b65089ec16df80693f622aa472d

Download Submit
C:\Windows\NvOptimizerLog\libegl.dll
Filesize
306KB

MD5
2c91a99705530f4fd01ae71bf9a27e72

SHA1
474096a21a17957ab4ebc24d50c482ab834c33bc

SHA256
a6b5ebda8c18e291a068738053fec7dbb07d2c777707bb0ff7a2cfc5fd8d2c19

SHA512
5d01110dad281c31ff6c4df6291e522dad77b5213f0181cf52f0c397190b17373434c933ed1fc0e426691bba675b0310e3b60632e3f6b14393f41720294a51cf

Download Submit
C:\Windows\NvOptimizerLog\libglesv2.dll
Filesize
139KB

MD5
ea88b30ccad552b6f01095b418e64c54

SHA1
88979d74dd5e6d3f3330dbcb9430068d9417e9e7

SHA256
963a208b9d5e5a20488be55f9b7c8a29684f7c4d27f66b29edb778de14c92121

SHA512
85a6409ec275f1b3fc82f46f3a2dec2535721d5f27af17c0ec830add057b1fa508f072e076677ae317dd200a79e866d3ed7e6869503438524fc1f72622c9f97f

Download Submit
C:\Windows\NvOptimizerLog\locales\en-US.pak
Filesize
85KB

MD5
6bbeeb72daebc3b0cbd9c39e820c87a9

SHA1
bd9ebec2d3fc03a2b27f128cf2660b33a3344f43

SHA256
ac1cdb4fb4d9fb27a908ed0e24cc9cc2bd885bc3ffba7e08b0b907fd4d1a8c4b

SHA512
66944fb1abcc2a7e08e5fd8a2cee53eb9da57653d7880aea226f25879e26379f7d745ebf62a3518378fa503f3a31b3ea3716f49fe4c7db4f4af0228b81b53a10

Download Submit
C:\Windows\NvOptimizerLog\resources.pak
Filesize
681KB

MD5
19f23ad4a3efeb0a1ff6234d32a81f50

SHA1
04fe32a6ef1fdc483f040e31e186c67a572c8bc0

SHA256
676f0261ebcb76ab02f53724ea955ff54b40dbc16b92c5faac7a78573b5de5aa

SHA512
bce72ceb5b4a1b9b9ba8db7d3adb1c6088cdffb223aa04232e7533eab5b6d634124d5627c304eb9bcfebddb5d6322e55db1e315aa9935842edee7f4f8d7a29c3

Download Submit
C:\Windows\NvOptimizerLog\resources\app.asar
Filesize
425KB

MD5
b48a52d9cc585dcd5bbd82cf5288816c

SHA1
1075a42c1aa0a85de58290453dbca0d04e039640

SHA256
ccd918fe4ed1d7bfec7b41650ac15a3626aa7afe6144f5f6f0129a7a22e98b46

SHA512
1fb434ce1431f04db94329f73386230d9cf1f3447d7ed144f14748e5ee2b576ee3b372595a3eda7455450286e77729d284e1518193c810ba3cbecb6732533c2c

Download Submit
C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\libgksu2.so.0
Filesize
68KB

MD5
6dbc4226a62a578b815c4d4be3eda0d7

SHA1
eb23f90635a8366c5c992043ccf2dfb817cf6512

SHA256
0eb70bd4b911c9af7c1c78018742cadb0c5f9b6d394005eaeaa733da4b5766e5

SHA512
3a2836f712ad7048dbeb5b6eec8e163652f97bea521eafcff5c598cbedf062baefaa7079d3a614470ef99ec954dac518224cb3515ca14757721f96412443c7c4

Download Submit
C:\Windows\NvOptimizerLog\resources\regedit\vbs\ArchitectureAgnosticRegistry.vbs
Filesize
2KB

MD5
310a042dca2144c9cda556e9bc4b0c02

SHA1
d2032af7eea0dbd027a36e577567e85486496949

SHA256
caa82e59ca92629057791cb1e0ba0b74c90f561fac81b029033fc081a83431b0

SHA512
843d9f6f300caba8df41511473c43f4d5029fa0012e593677c83f196c8d595194d1409069fb4b8616e0118f37ba943bbe656b29de40f0ad70997ab610fd98db8

Download Submit
C:\Windows\NvOptimizerLog\resources\regedit\vbs\regList.wsf
Filesize
985B

MD5
cae7db4194de43346121a463596e4f4f

SHA1
f72843fa7e2a8d75616787b49f77b4380367ff26

SHA256
b65c5af7dbeb43c62f6a5528af6db3cb1ca2a71735a8e7a1451796f834e355c2

SHA512
ccee660cc4878301c743d3ebde4557dc180d8b6f77c97de5e36c95f6e4d2446ef7be28ebc787fdea2f2d817890ac7bdb713196c755a51677dc127cce77670026

Download Submit
C:\Windows\NvOptimizerLog\resources\regedit\vbs\regUtil.vbs
Filesize
7KB

MD5
77e85aa761f75466e78ce420fdf67a31

SHA1
4470bd4d215d7682828cbc5f7f64993c078b2caa

SHA256
350dea3d6c8e65372f8d12a5fd92a3a46a7519610c69564e8185a2ed66b00d59

SHA512
50af664777545ced78c34a6ea35dae542fdb85b8b307a4a4a95db25a808a695d3fe8840edb36325279c2381fbae071f6b509f7491185cef2f42afcb7672cfd13

Download Submit
C:\Windows\NvOptimizerLog\resources\regedit\vbs\util.vbs
Filesize
4KB

MD5
e2be267c02d51df566fa726fc8aa075a

SHA1
c9b9ae17f36e23d5d3cbbf2d6f17a954bfa87d24

SHA256
b2efd5e0c2f695063a8bce40c8182aa70f33c4b1b77d232b7530d89fb9646f0c

SHA512
b6f80622a9f61f636f7786d91a1b9e06a64602f0898425e90a1a696d0a4855c8c08cbd6e6b98b9a3a1a24de354b26260247953b5273f7d57ea87294b4b142e8a

Download Submit
C:\Windows\NvOptimizerLog\resources\vlc\installer.exe
Filesize
305KB

MD5
8a652e4afb7f320d3633ccacc24877b4

SHA1
b9ed4aeaa537953e09c4152a8874f6ed1f25f72f

SHA256
be53296ae3bbf2328e782a6d3ac0098ea25f6ff725de104ff93ab060659938e8

SHA512
cc24465d14a60f5f28759f82749bbdcca1ad1f314478dfa58bb0e1302559ec1ebe72440235324f564b42ba73d2d8e3406ec86364342e3128c3aef5121b08b0e6

Download Submit
C:\Windows\NvOptimizerLog\resources\vlc\installer.exe
Filesize
537KB

MD5
2d7337cf3a55db987ecdfd6b704017ce

SHA1
35706becbfa64d78af12521732946222975e3887

SHA256
fb48c4738e3e0ce0de7f9d91b1e5c26ffe62f01239ef13f51eaf7a347a3805d8

SHA512
7c2abaab688ae2cf8a9793860f1ebb5230afb8650b53b4a37f0e6dd416ac7e8c00a82a3f5f9251732fe518a8dc3e8eaea6bb444a93a61a0d303f77a8649f6a08

Download Submit
C:\Windows\NvOptimizerLog\v8_context_snapshot.bin
Filesize
160KB

MD5
b64c1fc7d75234994012c86dc5af10a6

SHA1
d0d562b5735d28381d59d0d86078ff6b493a678e

SHA256
31c3aa5645b5487bf484fd910379003786523f3063e946ef9b50d257d0ee5790

SHA512
6218fcb74ef715030a2dd718c87b32f41e976dd4ce459c54a45341ee0f5ca5c927ad507d3afcffe7298b989e969885ed7fb72030ea59387609e8bd5c4b8eb60a

Download Submit
\??\pipe\LOCAL\crashpad_3548_EZLOXIBRWWVUSFUV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/364-489-0x00007FFF3F890000-0x00007FFF40351000-memory.dmp

Filesize
10.8MB

Download
memory/364-493-0x0000019C5EAB0000-0x0000019C5EAC0000-memory.dmp

Filesize
64KB

Download
memory/364-497-0x00007FFF3F890000-0x00007FFF40351000-memory.dmp

Filesize
10.8MB

Download
memory/364-490-0x0000019C5EAB0000-0x0000019C5EAC0000-memory.dmp

Filesize
64KB

Download
memory/364-491-0x0000019C5EAB0000-0x0000019C5EAC0000-memory.dmp

Filesize
64KB

Download
memory/916-527-0x000002BBDA6B0000-0x000002BBDA6C0000-memory.dmp

Filesize
64KB

Download
memory/916-532-0x00007FFF3F9B0000-0x00007FFF40471000-memory.dmp

Filesize
10.8MB

Download
memory/916-526-0x00007FFF3F9B0000-0x00007FFF40471000-memory.dmp

Filesize
10.8MB

Download
memory/916-529-0x000002BBDA6B0000-0x000002BBDA6C0000-memory.dmp

Filesize
64KB

Download
memory/916-528-0x000002BBDA6B0000-0x000002BBDA6C0000-memory.dmp

Filesize
64KB

Download
memory/1476-459-0x00007FFF3F890000-0x00007FFF40351000-memory.dmp

Filesize
10.8MB

Download
memory/1476-431-0x000002B644B70000-0x000002B644B92000-memory.dmp

Filesize
136KB

Download
memory/1476-441-0x00007FFF3F890000-0x00007FFF40351000-memory.dmp

Filesize
10.8MB

Download
memory/1476-442-0x000002B6449A0000-0x000002B6449B0000-memory.dmp

Filesize
64KB

Download
memory/1476-443-0x000002B6449A0000-0x000002B6449B0000-memory.dmp

Filesize
64KB

Download
memory/1476-444-0x000002B6450E0000-0x000002B645124000-memory.dmp

Filesize
272KB

Download
memory/1476-445-0x000002B6451B0000-0x000002B645226000-memory.dmp

Filesize
472KB

Download
memory/1476-455-0x000002B645130000-0x000002B645154000-memory.dmp

Filesize
144KB

Download
memory/1476-454-0x000002B645130000-0x000002B64515A000-memory.dmp

Filesize
168KB

Download
memory/2168-472-0x00007FFF3F890000-0x00007FFF40351000-memory.dmp

Filesize
10.8MB

Download
memory/2168-478-0x00007FFF3F890000-0x00007FFF40351000-memory.dmp

Filesize
10.8MB

Download
memory/2168-473-0x0000014DC7C90000-0x0000014DC7CA0000-memory.dmp

Filesize
64KB

Download
memory/2168-474-0x0000014DC7C90000-0x0000014DC7CA0000-memory.dmp

Filesize
64KB

Download
memory/2888-653-0x0000000074F40000-0x0000000074F4B000-memory.dmp

Filesize
44KB

Download
memory/2888-651-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/2888-654-0x00000000748F0000-0x00000000748FC000-memory.dmp

Filesize
48KB

Download
memory/2888-541-0x0000000074F40000-0x0000000074F4B000-memory.dmp

Filesize
44KB

Download
memory/2888-540-0x0000000074F50000-0x0000000074F5E000-memory.dmp

Filesize
56KB

Download
memory/2888-539-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/3008-511-0x000001ECFDED0000-0x000001ECFDEE0000-memory.dmp

Filesize
64KB

Download
memory/3008-512-0x000001ECFDED0000-0x000001ECFDEE0000-memory.dmp

Filesize
64KB

Download
memory/3008-510-0x00007FFF3F9B0000-0x00007FFF40471000-memory.dmp

Filesize
10.8MB

Download
memory/3008-514-0x00007FFF3F9B0000-0x00007FFF40471000-memory.dmp

Filesize
10.8MB

Download
memory/4020-538-0x0000015FFD150000-0x0000015FFD1F9000-memory.dmp

Filesize
676KB

Download
memory/4020-352-0x00007FFF60DD0000-0x00007FFF60DD1000-memory.dmp

Filesize
4KB

Download