Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-1703_x64 -
resource
win10-20231220-en -
resource tags
-
submitted
22-01-2024 18:45
General
-
Target
Setup-v-6dha1qC.exe
-
Size
704KB
-
MD5
d1fc9e6d71a4867ab71af5566e525ba0
-
SHA1
593b10280a926134839feb8e2f9d0da9ee9c0593
-
SHA256
21be0a068d7d1b57578bfb2ed850b3f3b1cfe4a4c47981ead95abdb8c20278fe
-
SHA512
c82a23e5e0e3a38e32fc08401890852a71ec90640bbfb944ed7d45812493a53d2be2c0e4373692e52c77d666b8ae72cd0d15c3dc4bc3cc52887ad4589820658d
-
SSDEEP
12288:iOIVD3gyucpjRKaDPNKT1zH3ptaR1sDfOQSvJqFZ6rOIIzVFA4+M:iOIyyuUjMaDu173pG1szLSvJwSOZBv
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Windows directory 64 IoCs
-
Executes dropped EXE 5 IoCs
-
Loads dropped DLL 21 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Gathers system information 1 TTPs 1 IoCs
Runs systeminfo.exe.
-
Modifies Internet Explorer settings 1 TTPs 2 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 42 IoCs
-
Suspicious behavior: MapViewOfSection 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 28 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 9 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Setup-v-6dha1qC.exe"C:\Users\Admin\AppData\Local\Temp\Setup-v-6dha1qC.exe"1⤵
- Drops file in Windows directory
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\NvOptimizerLog\VLC.exe"C:\Windows\NvOptimizerLog\VLC.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\NvOptimizerLog\resources\vlc\installer.exeresources/vlc/installer.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Windows\NvOptimizerLog\VLC.exe"C:\Windows\NvOptimizerLog\VLC.exe" --type=gpu-process --field-trial-handle=1472,4571652801475849759,9338210499349707055,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1480 /prefetch:22⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\NvOptimizerLog\VLC.exe"C:\Windows\NvOptimizerLog\VLC.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1472,4571652801475849759,9338210499349707055,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1808 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Windows\NvOptimizerLog\VLC.exe"C:\Windows\NvOptimizerLog\VLC.exe" --type=renderer --field-trial-handle=1472,4571652801475849759,9338210499349707055,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Windows\NvOptimizerLog\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:12⤵
- Checks computer location settings
- Drops file in System32 directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "powershell Get-ExecutionPolicy"3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "SCHTASKS /Create /TN "NvOptimizerTaskUpdater_V2" /SC HOURLY /TR "powershell -File C:/Windows/System32/NvWinSearchOptimizer.ps1" /RL HIGHEST /MO 4 /RU System /ST 18:49"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "systeminfo"3⤵
-
C:\Windows\system32\cscript.execscript.exe3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "start chrome "https://mediatrackerr.com/track-install?s=vlc&u=b9992673-4054-424f-b939-b1e991e6dc27&f=Setup-v-6dha1qC.exe""3⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mediatrackerr.com/track-install?s=vlc&u=b9992673-4054-424f-b939-b1e991e6dc27&f=Setup-v-6dha1qC.exe"4⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2596 --field-trial-handle=2520,i,4436673288724326233,8286451545947993098,131072 /prefetch:15⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1872 --field-trial-handle=2520,i,4436673288724326233,8286451545947993098,131072 /prefetch:85⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 --field-trial-handle=2520,i,4436673288724326233,8286451545947993098,131072 /prefetch:85⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=2520,i,4436673288724326233,8286451545947993098,131072 /prefetch:25⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2604 --field-trial-handle=2520,i,4436673288724326233,8286451545947993098,131072 /prefetch:15⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4508 --field-trial-handle=2520,i,4436673288724326233,8286451545947993098,131072 /prefetch:15⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=2520,i,4436673288724326233,8286451545947993098,131072 /prefetch:85⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=2520,i,4436673288724326233,8286451545947993098,131072 /prefetch:85⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=2520,i,4436673288724326233,8286451545947993098,131072 /prefetch:85⤵
-
C:\Windows\system32\cscript.execscript.exe //Nologo resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\NvOptimizer3⤵
-
C:\Windows\system32\chcp.comchcp1⤵
-
C:\Windows\system32\schtasks.exeSCHTASKS /Create /TN "NvOptimizerTaskUpdater_V2" /SC HOURLY /TR "powershell -File C:/Windows/System32/NvWinSearchOptimizer.ps1" /RL HIGHEST /MO 4 /RU System /ST 18:491⤵
- Creates scheduled task(s)
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted1⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Get-ExecutionPolicy1⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\systeminfo.exesysteminfo1⤵
- Gathers system information
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xe8,0xec,0xf0,0xc4,0xf4,0x7ff937739758,0x7ff937739768,0x7ff9377397781⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{7966B4D8-4FDC-4126-A10B-39A3209AD251}1⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAFilesize
1KB
MD561f6938fa1fa3df1b64463e21464c38e
SHA1d19ebf8cc5bd41cc7abff3f29ace3a972abc0440
SHA2569e28253dbd77d12d41292bca06bcf796ce922332804402b4096c6bba940cc0c0
SHA5129b25fd59c40604cdbe490683dd574b61a515ac79a4648fef478f8bd417e1c2344c7db4fd774d592cbe0ed399a1a646efddd65d4a59121f7cb900810636865e1f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAFilesize
724B
MD5ac89a852c2aaa3d389b2d2dd312ad367
SHA18f421dd6493c61dbda6b839e2debb7b50a20c930
SHA2560b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAFilesize
410B
MD5f13b2e7afa4c6a624e20d32556e3b835
SHA1ec41ad5fc11c07f9726bad9d4a3c4f16580013d9
SHA2563278374cffe71febe7e75e3ce811068a28dd952812620eec7b05daf7f10f1b54
SHA51227f8cfc9bbc9cfdc9845c37827f6fa657b35a3ba856aecebad2dab42a0712a2b498a1504c508986a048cc8ebe29ce10f15907f3156bb0237db43390a16aa5a7d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAFilesize
392B
MD525caf774769414cdf0af18eb47bfbf49
SHA1648429fab59b444e3c59d9c6f47534b17e04a78b
SHA25699f6856caea3cd9128dc37d321776a723a57b00b79d4b9cc459fd927fe38301f
SHA5123c98d9dabcb01e77245898e3a9e1dca5ff27f3bf7fa233dea3e56da51fa7082cadf5dc3a4e810747dc68f5ae45cb7a02ea33204deea3ab9266ad1b21b2206fb5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
216B
MD538f24bd63b13aa2d8f762ae1614aa043
SHA1a63553cdc2e649fe006c7b88d8eaee97c82344d3
SHA25642ffb0629c7965f54e785dc4025d7095ed6c8e76acfbdc64c6fe631aa1b357a1
SHA512515fbcf82b4e7aec46401b6647652f55e63dafbe3eeb7e63b4624aa25a7c2f59db322529f6ea36102679a21681029a405260122f3a37bccd4d3f5fe96f948571
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD5269dadd70bd3195eb88988a64dafe7fb
SHA19026cb4ec00bad3995c51050315ce260e0e4d2bf
SHA256de8404f2a0376adebc0809fa88b224be054c17662c44bdb4936cc56092562a80
SHA512db84f386516300761213de2efb1330f18ecf35f57e8f33922263f964488b10205f44e18a1dd78c0db82952a1937c36cd5254c1e5f242f42084d6a0be3ddad61e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
371B
MD53bfae6d7aa1e0acb0c14ad979cd75199
SHA175e753e161d067213ce03f62bb5187d751b4ec73
SHA25625b399c4b29869dc3a6f2159e8557acf4f2c8fd405309abd7a2fe5d3878028b8
SHA512eb09f6bdacbf43f7831a16ac9f895a42f3275d756c505b41e59cf185afa5225e5621327c83040a0759d65c5532d2df444976cff44f22328cf09e811c6de6e616
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5aa6f221b344de5916baa07c783c21343
SHA1ccf697f38f93009fa29a519a8b03df6357513332
SHA256f5ccf7481e11ede99c30150530ba28792c5f5f5d6a60a350d5c5aab3dd564a14
SHA5120f29d541f528c6a6d92d30a0da51a6322a1679191360d56029b718d613d75e22bd3a6ab190a361f9718d9c71eee7cecf8128300693240d3ccb2f2621cc9019c8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
15KB
MD5cf9af9bef559d7f09ab4d1805a0e5364
SHA13886fa673062068621295186805730a7047aa561
SHA256e6ec63d5bbe5a7ad0b2d7207615e3b37059a2ab173aa00745e9ac5e27ecc6490
SHA5129047094fb1e91bfbd2df4a8152592524017ada69d70d91f098774f1b7c167d688a3d1de2fc676a5ecb8030684859828231a0076d53cdb31e675a087cafb296cb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
229KB
MD58ba289e2e6252ce139ef64f478435e77
SHA151cb57823c17b9e0dbad34be9f2f8f9fde382eb6
SHA25670571042cf68b689492c702e2a632ab1984c93ef07c9d635b74a394691048cd1
SHA512dd8fdd8971c278513692e7a81d906f3ca3c1983a63a300a80860898b312686ea14baf93229cacf88308751a1921cd225efa9e1bf554e3eee91d8e9355335651d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.logFilesize
3KB
MD5b519c55a718fb543286b76ed34e1feb9
SHA157d0fa202e8e8b9ced4824ab1cf4f8bde86c213b
SHA256f105342dd5f019ff34a864610c196d155e03f278a25743aa4eda3b2719abbb06
SHA512e82faf00090f66065f7cf6bd3dd51b528b670d7eee5eafc198d76a24880e98de4fcab8891e5778ccf25245ff47a248bb8a0a4a5a75d8ab6f3a38a2e5bb7bff48
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JFN4LWJJ\edgecompatviewlist[1].xmlFilesize
74KB
MD5d4fc49dc14f63895d997fa4940f24378
SHA13efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-InteractiveFilesize
2KB
MD580ef418749393790b80930b9d1b1ed38
SHA1baae03cf53c24cb4b4e16618f69dd770e75b17f5
SHA256a9116390b696f61a4e6fb4887cc9e1cd896c2dbdc92693d247ccaa3ee590cfbb
SHA512935c42409d95d6e35082cdad292e85d938988c5957e05b81c7473ce7b149457b3d47047c1eeba985d4b1f87b240cdb426537989d4dbf2621143c2090df2abcd1
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-InteractiveFilesize
2KB
MD560a07e978cb85c72ca6e28085169bcd5
SHA1a5bc57a65c93199a60e2229c5e529dcd177027f1
SHA2565f1d7bb4e76941932d5dbcf2a04fdfdaf558f6942347cd58c260c6148405d446
SHA512f1ea4d395e8c33414287c77b85e7e7b9628a2fac41cab8e006dc84fe9d0951ec05876e7d463d14674f6da93c0101665f46b13480636b46a3625e97a25e6ae1ba
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
1KB
MD584a6ef76adbafd4e60ef423853db0d1a
SHA1260eb3d7475cd42c2f564932796e3a154eb10bba
SHA256a93a72f4bc34d645c3ef25562a1452f11723674c67678f70b6c1da19e126f220
SHA512aea4af386d5f6701f0418e6886e068220dfbd1b11e7f4ecfde0c41492693bd01a295c9e1159310bc1114db8830d1cc096f267bdd5bd933cc6bd89f72a8ee2a55
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4CXU3079\favicon[1].icoFilesize
758B
MD584cc977d0eb148166481b01d8418e375
SHA100e2461bcd67d7ba511db230415000aefbd30d2d
SHA256bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c
SHA512f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\8UR1N0IB\favicon[1].icoFilesize
5KB
MD5f3418a443e7d841097c714d69ec4bcb8
SHA149263695f6b0cdd72f45cf1b775e660fdc36c606
SHA2566da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA51282d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\SRMBH164\suggestions[1].en-USFilesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\WM2E80CM\favicon[2].pngFilesize
7KB
MD59e3fe8db4c9f34d785a3064c7123a480
SHA10f77f9aa982c19665c642fa9b56b9b20c44983b6
SHA2564d755ac02a070a1b4bb1b6f1c88ab493440109a8ac1e314aaced92f94cdc98e9
SHA51220d8b416bd34f3d80a77305c6fcd597e9c2d92ab1db3f46ec5ac84f5cc6fb55dfcdccd03ffdc5d5de146d0add6d19064662ac3c83a852f3be8b8f650998828d1
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_05s2y2ez.yyx.ps1Filesize
1B
MD5c4ca4238a0b923820dcc509a6f75849b
SHA1356a192b7913b04c54574d18c28d46e6395428ab
SHA2566b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA5124dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a
-
C:\Users\Admin\AppData\Local\Temp\nsm70AD.tmp\package.7zFilesize
10.3MB
MD574f423664fc57c74eed82636d65fd51b
SHA169a4ca14a53b7dbf599b32825a82a30d822d8dc9
SHA25651098ca81c1cb1fe2f81df699a42f003aabfcbda83caee0a306eb517269ea008
SHA512b7fb2b6e0bcd2277559cf7cc5860bf332b1574365d586e028d2b315c210b5ae1a1a5d79cfccc37a8a056cc9c2d5b09a6a344134739e7557304e70b5e896767aa
-
C:\Users\Admin\AppData\Roaming\VLC\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Roaming\VLC\Network Persistent State~RFe583a83.TMPFilesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
C:\Users\Admin\AppData\Roaming\VLC\Session Storage\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Roaming\VLC\Session Storage\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Windows\NvOptimizerLog\D3DCompiler_47.dllFilesize
566KB
MD566e77444f12f33f8f97fef6be8791a53
SHA1082a3112c3e3b70cd8640176bc90926fb6bab7a6
SHA25643824b383ab2651a29890a62fe2dc6a282de0629784e5e2afcd0cc70ddc33332
SHA512334aaaccd8fa76f08b09c4074e2c51a5bc5127705d645640382c19dde90c7f40126b55516a710e8b2a6db2d4ac41640bc3e4a850be3467cc907c2ee835ac690c
-
C:\Windows\NvOptimizerLog\VLC.exeFilesize
5.7MB
MD5280abaca54178cd47e79edd8bcdc4f22
SHA1aea9955ca481353316565c422a69022a20c528aa
SHA256f376159497ad24505e88b4ed639baba0bcf26ac4bb896d0a9e584a68f91fab1b
SHA5127ceb6e6998b2d7335cc5f66bc09bdadf2c00e8d650a4f46b979b7b6ee3a38b3c8fc601e0f5805a8335bc1b745f665cd2c44765bba5bc5ec46a3f3aca3eb6ed8a
-
C:\Windows\NvOptimizerLog\VLC.exeFilesize
1024KB
MD56b730afb213643eb5096adfd00c631cb
SHA164e36e0a618b960cd2de70225a1bdd63e2d3a14f
SHA256d13a618cc3611229f43f8fc0d4cda4eee560ecba556ad6e4dac415d57ace8ea8
SHA512acbc1d798bcf53efc34be0357ede73c72200cfa648b48c19ca0c54423f811a1337aa663af5f7a5811472c1903cdb6d8e934acc9db3590b5586dd17ada3e294e7
-
C:\Windows\NvOptimizerLog\VLC.exeFilesize
951KB
MD5fc2acaf62c1f234489fc15ac795ef971
SHA189277b29d8803b8f809dfb7e37a205b6882d22ac
SHA25603ade43b3d2100f4e88c9f64f7bc6acef60fb08e9abcfa0cbbe31ef8cea4ef8d
SHA512b99da78451e00f8b9d471583e3c7b98962025ee8078a6157cf546b75545b8e637249b34e4e39b2dfec25f72676bd40001daa861c91d6209ab992b1302daa221e
-
C:\Windows\NvOptimizerLog\VLC.exeFilesize
524KB
MD5f60cafc361665e23427007633e787fc4
SHA1e150d34c3657287707d733781a6de6b5531ace7b
SHA256613ccf31cdb9dc400ae3e4f48235f336e45c75f81664d2874c9d3ea6bbae096f
SHA51286c87323394f2db1643407e6d3c62589487c4a1e178f41e1f6bcce65965f6c76438af1e90233b126c7be5867200c2cf94cc1735bbc0f4c61e9dbbc48151ee065
-
C:\Windows\NvOptimizerLog\VLC.exeFilesize
337KB
MD5674fc942f1620559c58ac59f4aca215c
SHA1cadcd7a76e7c67805d6b79fbb06e5960e9b711ca
SHA2564eeb56be7aa5816b7085ca9153af2725cf7534f4a8f22f46f47d9cebc12709a3
SHA5128c133fb8e4ee2b61cffde7e4299932c6f71df2a4681132c44f479124e2e04e7c7fdb84cf4406ef8a07571af9acadf01eea4a93cacfa1753c1bb7224222fc872f
-
C:\Windows\NvOptimizerLog\VLC.exeFilesize
366KB
MD53a986a4758a85fa62830f06150f8eab6
SHA1b2db2fa92b0a1028e6b4df7e2853f9e796824d51
SHA256f8d01c8a64ef333c16a341baa6a1a6a777d49735dde8b3ff90700e13498dc2c7
SHA51282f3b333e3a360405aa2ac1a11b53f02fccf21c627ce62718c2253e432939fee3a67887b245aaf8a49fdfdfb53d0d2c056a2e235156c9973b2814c9bf4d361e7
-
C:\Windows\NvOptimizerLog\chrome_100_percent.pakFilesize
123KB
MD5a59ea69d64bf4f748401dc5a46a65854
SHA1111c4cc792991faf947a33386a5862e3205b0cff
SHA256f1a935db8236203cbc1dcbb9672d98e0bd2fa514429a3f2f82a26e0eb23a4ff9
SHA51212a1d953df00b6464ecc132a6e5b9ec3b301c7b3cefe12cbcad27a496d2d218f89e2087dd01d293d37f29391937fcbad937f7d5cf2a6f303539883e2afe3dacd
-
C:\Windows\NvOptimizerLog\chrome_200_percent.pakFilesize
183KB
MD51985b8fc603db4d83df72cfaeeac7c50
SHA15b02363de1c193827062bfa628261b1ec16bd8cf
SHA2567f9ded50d81c50f9c6ed89591fa621fabbd45cef150c8aabcceb3b7a9de5603b
SHA51227e90dd18cbce0e27c70b395895ef60a8d2f2f3c3f2ca38f48b7ecf6b0d5e6fefbe88df7e7c98224222b34ff0fbd60268fdec17440f1055535a79002044c955b
-
C:\Windows\NvOptimizerLog\ffmpeg.dllFilesize
1.1MB
MD5d4e2961652c1b5a59f1a1bdd93004580
SHA152a5eb3bcb5cf3d52d67d20c576e460971f6b8b7
SHA256bb10f07699d75015afeb7a0eafd1d53f71d44659d334e126736fd20a0025321e
SHA512b39bc3fbc11337f43447b17c4500f325fe27878e7634a152fe9573bfb1c7f59a8af9e97338244325a85f6b1b14e8cac0bfead97b04f427f478fad01e26ea344e
-
C:\Windows\NvOptimizerLog\icudtl.datFilesize
1.1MB
MD544bfbe09c1cea5e3474cb7e732be7f55
SHA1fe2cc51b62d310e8db80da7ce8d58b1c4bd2e9bd
SHA2563f2784da0c9513476f947193a1bd957f414018fcbcf07cf347db040a1c27d430
SHA5124c257c4d7ec91015f59114a2f952030528840a003ff95dcb9cc589efd20cc8925445f55ca9bf2fbdbcc892a4d8a5c2fd9325fb725392d38725388f7dbd642b89
-
C:\Windows\NvOptimizerLog\libegl.dllFilesize
215KB
MD52c5fb37704316bbee2d68d50fbfad589
SHA1a4f56d46f3d3178b22680f6e80e00e3031cd645d
SHA2560dcc804adfa7bdb6f54809ffbb5759de91ae8074ebf0a1240ba4d3d5f9229922
SHA512dbec8abffeafd95cd8d730211756366af9a05cf40942dfea395ad66540893d758e45b3e556bd8fd052aaeae1d6f30e327456d96bef1c2cd7e7f6e3cf7a26d2ea
-
C:\Windows\NvOptimizerLog\libglesv2.dllFilesize
285KB
MD51024c133b2f63524c9f21833331a8481
SHA12d505adedc94522255622b0f154c7abb57bcc7b6
SHA256ad41720cfcf173e17b510e603915ecb802afe344302783e53b818683f54e3a3d
SHA512f2be1cd1df18d9ae337282368664928108c9b76a84e4323f3111e2a0d6d792f480be0a9d7f5f21ec21d77af5e17edba4a63e644c9587975b3a48045fdc390e60
-
C:\Windows\NvOptimizerLog\locales\en-US.pakFilesize
85KB
MD56bbeeb72daebc3b0cbd9c39e820c87a9
SHA1bd9ebec2d3fc03a2b27f128cf2660b33a3344f43
SHA256ac1cdb4fb4d9fb27a908ed0e24cc9cc2bd885bc3ffba7e08b0b907fd4d1a8c4b
SHA51266944fb1abcc2a7e08e5fd8a2cee53eb9da57653d7880aea226f25879e26379f7d745ebf62a3518378fa503f3a31b3ea3716f49fe4c7db4f4af0228b81b53a10
-
C:\Windows\NvOptimizerLog\resources.pakFilesize
794KB
MD50a70b3b8e3caec2bdc679d885e9e8673
SHA1819e99027ebb0dd5a1019cdee7e748c024c45c04
SHA25699721ad6662f7a4b66219b055f085025d33461f640bd3fc8c291b6ce4169d0ac
SHA512cda328e2ce610c16ac5f4a74aa8754b8e37c0562063d3cf45376032c91f5940a74687b3406f6e87a11279c468ded1d4315e6ad573319cf126f7e97af98512287
-
C:\Windows\NvOptimizerLog\resources\app.asarFilesize
790KB
MD58354ef56b16ffbced6d09c334ddf683e
SHA170e8eb84c1cc689d99bed84025ee22fcc903955e
SHA256817d9f73ab7b723949e788fa382a4816b5101af247d26b85ffe372b0ad94d052
SHA5127c90992e9d3c43bc7d1b827354363835df7a5d546aebeafa1ccd8d0f8ddfeb3130a922dc807bb0e09a5af1b8a1578fcc54614288f248bf8a47f3ed7942385486
-
C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\libgksu2.so.0Filesize
68KB
MD56dbc4226a62a578b815c4d4be3eda0d7
SHA1eb23f90635a8366c5c992043ccf2dfb817cf6512
SHA2560eb70bd4b911c9af7c1c78018742cadb0c5f9b6d394005eaeaa733da4b5766e5
SHA5123a2836f712ad7048dbeb5b6eec8e163652f97bea521eafcff5c598cbedf062baefaa7079d3a614470ef99ec954dac518224cb3515ca14757721f96412443c7c4
-
C:\Windows\NvOptimizerLog\resources\regedit\vbs\ArchitectureAgnosticRegistry.vbsFilesize
2KB
MD5310a042dca2144c9cda556e9bc4b0c02
SHA1d2032af7eea0dbd027a36e577567e85486496949
SHA256caa82e59ca92629057791cb1e0ba0b74c90f561fac81b029033fc081a83431b0
SHA512843d9f6f300caba8df41511473c43f4d5029fa0012e593677c83f196c8d595194d1409069fb4b8616e0118f37ba943bbe656b29de40f0ad70997ab610fd98db8
-
C:\Windows\NvOptimizerLog\resources\regedit\vbs\regList.wsfFilesize
985B
MD5cae7db4194de43346121a463596e4f4f
SHA1f72843fa7e2a8d75616787b49f77b4380367ff26
SHA256b65c5af7dbeb43c62f6a5528af6db3cb1ca2a71735a8e7a1451796f834e355c2
SHA512ccee660cc4878301c743d3ebde4557dc180d8b6f77c97de5e36c95f6e4d2446ef7be28ebc787fdea2f2d817890ac7bdb713196c755a51677dc127cce77670026
-
C:\Windows\NvOptimizerLog\resources\regedit\vbs\regUtil.vbsFilesize
7KB
MD577e85aa761f75466e78ce420fdf67a31
SHA14470bd4d215d7682828cbc5f7f64993c078b2caa
SHA256350dea3d6c8e65372f8d12a5fd92a3a46a7519610c69564e8185a2ed66b00d59
SHA51250af664777545ced78c34a6ea35dae542fdb85b8b307a4a4a95db25a808a695d3fe8840edb36325279c2381fbae071f6b509f7491185cef2f42afcb7672cfd13
-
C:\Windows\NvOptimizerLog\resources\regedit\vbs\util.vbsFilesize
4KB
MD5e2be267c02d51df566fa726fc8aa075a
SHA1c9b9ae17f36e23d5d3cbbf2d6f17a954bfa87d24
SHA256b2efd5e0c2f695063a8bce40c8182aa70f33c4b1b77d232b7530d89fb9646f0c
SHA512b6f80622a9f61f636f7786d91a1b9e06a64602f0898425e90a1a696d0a4855c8c08cbd6e6b98b9a3a1a24de354b26260247953b5273f7d57ea87294b4b142e8a
-
C:\Windows\NvOptimizerLog\resources\vlc\installer.exeFilesize
638KB
MD5a3807a3648c654f305ffb9b925f3095e
SHA1576c6747ea4bd3f4dbe590e847342f13a2e7532d
SHA2561bbca36098b73f1003012600845be2ef5e150e4abee7da1e21ffc728ffd20b45
SHA512f4dc4f78d2dbdf3819e96c0a6e9cecfe9872a70f818e438f6f4fe48943b22fa267154976341176bde920994fbdd001ea2b4ada4417aba11be2abf8acc25da77d
-
C:\Windows\NvOptimizerLog\resources\vlc\installer.exeFilesize
384KB
MD58653bf0cf0cdedcfee8bdded1be0edc8
SHA12c6365136b74ac00ce1e73b71e6e838c1da0e6b3
SHA2567747f4a85db4a964bd9d6f8da11ce9555d07a22a405cd5db2726c8356e939a73
SHA512a12e246c3b492c287fae340110e45b44560829adb5ff0f154d2b1cca8386f5b3ffa70620205ed526dbd65684e54f7ab64971e29a3eb0612d5b1cfdbe8a5563d6
-
C:\Windows\NvOptimizerLog\v8_context_snapshot.binFilesize
160KB
MD5b64c1fc7d75234994012c86dc5af10a6
SHA1d0d562b5735d28381d59d0d86078ff6b493a678e
SHA25631c3aa5645b5487bf484fd910379003786523f3063e946ef9b50d257d0ee5790
SHA5126218fcb74ef715030a2dd718c87b32f41e976dd4ce459c54a45341ee0f5ca5c927ad507d3afcffe7298b989e969885ed7fb72030ea59387609e8bd5c4b8eb60a
-
\??\pipe\crashpad_4548_ZRIZQIFOUABCTUNBMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\Users\Admin\AppData\Local\Temp\nsm70AD.tmp\INetC.dllFilesize
238KB
MD538caa11a462b16538e0a3daeb2fc0eaf
SHA1c22a190b83f4b6dc0d6a44b98eac1a89a78de55c
SHA256ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a
SHA512777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1
-
\Users\Admin\AppData\Local\Temp\nsm70AD.tmp\SpiderBanner.dllFilesize
9KB
MD517309e33b596ba3a5693b4d3e85cf8d7
SHA17d361836cf53df42021c7f2b148aec9458818c01
SHA256996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA5121abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
-
\Users\Admin\AppData\Local\Temp\nsm70AD.tmp\StdUtils.dllFilesize
100KB
MD5c6a6e03f77c313b267498515488c5740
SHA13d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA5129870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
\Users\Admin\AppData\Local\Temp\nsm70AD.tmp\System.dllFilesize
12KB
MD50d7ad4f45dc6f5aa87f606d0331c6901
SHA148df0911f0484cbe2a8cdd5362140b63c41ee457
SHA2563eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
\Users\Admin\AppData\Local\Temp\nsm70AD.tmp\WinShell.dllFilesize
3KB
MD51cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA10b9519763be6625bd5abce175dcc59c96d100d4c
SHA2569be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA5127acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
-
\Users\Admin\AppData\Local\Temp\nsm70AD.tmp\nsProcess.dllFilesize
4KB
MD5f0438a894f3a7e01a4aae8d1b5dd0289
SHA1b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA25630c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
-
\Users\Admin\AppData\Local\Temp\nsm70AD.tmp\nsis7z.dllFilesize
424KB
MD580e44ce4895304c6a3a831310fbf8cd0
SHA136bd49ae21c460be5753a904b4501f1abca53508
SHA256b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
-
\Users\Admin\AppData\Local\Temp\nsvD459.tmp\LangDLL.dllFilesize
7KB
MD520850d4d5416fbfd6a02e8a120f360fc
SHA1ac34f3a34aaa4a21efd6a32bc93102639170e219
SHA256860b409b065b747aab2a9937f02d08b6fd7309993b50d8e4b53983c8c2b56b61
SHA512c8048b9ae0ced72a384c5ab781083a76b96ae08d5c8a5c7797f75a7e54e9cd9192349f185ee88c9cf0514fc8d59e37e01d88b9c8106321c0581659ebe1d1c276
-
\Users\Admin\AppData\Local\Temp\nsvD459.tmp\System.dllFilesize
26KB
MD54f25d99bf1375fe5e61b037b2616695d
SHA1958fad0e54df0736ddab28ff6cb93e6ed580c862
SHA256803931797d95777248dee4f2a563aed51fe931d2dd28faec507c69ed0f26f647
SHA51296a8446f322cd62377a93d2088c0ce06087da27ef95a391e02c505fb4eb1d00419143d67d89494c2ef6f57ae2fd7f049c86e00858d1b193ec6dde4d0fe0e3130
-
\Users\Admin\AppData\Local\Temp\nsvD459.tmp\nsDialogs.dllFilesize
12KB
MD52029c44871670eec937d1a8c1e9faa21
SHA1e8d53b9e8bc475cc274d80d3836b526d8dd2747a
SHA256a4ae6d33f940a80e8fe34537c5cc1f8b8679c979607969320cfb750c15809ac2
SHA5126f151c9818ac2f3aef6d4cabd8122c7e22ccf0b84fa5d4bcc951f8c3d00e8c270127eac1e9d93c5f4594ac90de8aff87dc6e96562f532a3d19c0da63a28654b7
-
\Users\Admin\AppData\Local\Temp\nsvD459.tmp\nsProcess.dllFilesize
35KB
MD5764371d831841fe57172aa830d22149d
SHA1680e20e9b98077dea32b083b5c746d8de35e0584
SHA25693df9e969053ca77c982c6e52b7f2898d22777a8c50274b54303eaa0ef5ccded
SHA51219076205eba08df978ad17f8176d3a5a17c4ea684460894b6a80cae7e48fcae5e9493ff745d88d62fd44fc17bcda838570add6c38bebe4962d575f060f1584f9
-
\Windows\NvOptimizerLog\d3dcompiler_47.dllFilesize
428KB
MD5d199bc3a82009bc5ab8d2e3de390e4a6
SHA172c3580b63228bd66d6177a6972d6b322d5a5dfb
SHA25628633e8f680ac38178f18f12f18727e731bb0019807c56f0328e5ffe1e4a7c7f
SHA512f3a3f140992dd561a9e9e486792f33cf03a6500c863c2920d99d627a12b299a1d121e97150691fb1206fbdce57eb4fdf2fda97e2a29d523db1753fdb625a4f85
-
\Windows\NvOptimizerLog\ffmpeg.dllFilesize
1.0MB
MD56c6a7ecd6ea6e85f6fca1cead1d94042
SHA12a96416410c1714b0cc05c3de6d9b7a37fa7e533
SHA256b247f19bbf86c80791f33908ba315709902f285eed1ae48f2e7d40979ab45fe0
SHA51258fdaa19050983522cf0b006ef5ac8a4cde87fc34161e231d228a8b200c01b93fd67f9eacabe11cfe37bd808eb3950599a4fcf92f6d942889e5f142c6b4d4f10
-
\Windows\NvOptimizerLog\ffmpeg.dllFilesize
580KB
MD534757f127180214b37d19d7ddb688bb9
SHA185c864d0229319582ab3e387ef793a3c88d44f9c
SHA2562ac1d6aaa2687c3c1b0b9f05c5fbf7198b831bab6770343eeac8c80f24508da0
SHA5125859a582219aeabe307976146288f8ec58270be57ac5e8a5f87f842dd31dcd04483e1f31b17e0e4b83cba16f61ddbf9a01eb210d6365885917e8cd0cb602368c
-
\Windows\NvOptimizerLog\ffmpeg.dllFilesize
410KB
MD5ff208c1363804464801b7e03982257ef
SHA1855c020248d03f6809437159ba21a20655a620bd
SHA256f9e7df1ea54d362b81d7e17d0c9783cfb37ae5e509fd276829472baf47f05bd4
SHA512ff70083036fa4a840889ea31cf6d7e81baaa4e537eec430e0857efa3ecb7340a084094b2847900d5b30f02dbd32693d005ac4331bcdca8f0711e9e09fe74068b
-
\Windows\NvOptimizerLog\ffmpeg.dllFilesize
666KB
MD5e6acd9b952865fe07c0899b7a81b2b7f
SHA1514ebccd3ac6411d5dc30edd5752cd9ddba1bcb9
SHA2568fb0bf74134e94c477b8c733e5c363148f3df20b071b1886fc641d1a56586628
SHA512d4068650b27af3e77d9f6528090746ceaa7231072236e53785e30778eee4c125b1b8fa7e7af92651d916054feab4aa0272c5c22fd99ab0fe72eade74615e4905
-
\Windows\NvOptimizerLog\libEGL.dllFilesize
330KB
MD50f7a251153aec454baf91578982f28a7
SHA138f8e8dc15abe2279032788cae5f4bda06da6321
SHA2569a9abd87e323ee424fba477360e4c58cb799d6fd8ce021121a8798aa44fffc8f
SHA5121c4ddc0727bda540ce01baa35bc9c421b90f2a0f3935552ffc3dc18fe2a4a3b087eb3f36916de60e6c6b5ab613d6b41a9dea4769566e30c6cf51d49698c756ed
-
\Windows\NvOptimizerLog\libGLESv2.dllFilesize
236KB
MD51bc4066cb388cb68a116d6b1242d144d
SHA1918f59bffd8d6af1e00eab80db3236d3ba738135
SHA2567f74fecbea5146b1a6f4f8944cb01e5aec6ba698caafeedc4d6374b1adbc024f
SHA512c284f257f25e762503e15a67aa08fd70819363d9ecdf46763957bec6e7f62a5b7d15c5678bf90bdb3e2eb0113ea10e61b07bab244e0f840cad6d35c101ec107d
-
memory/376-1661-0x0000000073490000-0x000000007349C000-memory.dmpFilesize
48KB
-
memory/376-1352-0x0000000000400000-0x0000000000481000-memory.dmpFilesize
516KB
-
memory/376-1660-0x00000000739A0000-0x00000000739AB000-memory.dmpFilesize
44KB
-
memory/376-1617-0x00000000739A0000-0x00000000739AB000-memory.dmpFilesize
44KB
-
memory/376-1615-0x0000000000400000-0x0000000000481000-memory.dmpFilesize
516KB
-
memory/376-1658-0x0000000000400000-0x0000000000481000-memory.dmpFilesize
516KB
-
memory/376-1355-0x00000000739A0000-0x00000000739A9000-memory.dmpFilesize
36KB
-
memory/376-1354-0x00000000739B0000-0x00000000739BE000-memory.dmpFilesize
56KB
-
memory/1624-1306-0x00000275374D0000-0x00000275374D2000-memory.dmpFilesize
8KB
-
memory/1624-1287-0x000002753A800000-0x000002753A810000-memory.dmpFilesize
64KB
-
memory/1624-1457-0x0000027540780000-0x0000027540781000-memory.dmpFilesize
4KB
-
memory/1624-1458-0x0000027540790000-0x0000027540791000-memory.dmpFilesize
4KB
-
memory/1624-1271-0x0000027539F20000-0x0000027539F30000-memory.dmpFilesize
64KB
-
memory/2764-459-0x000001B8C81B0000-0x000001B8C81EC000-memory.dmpFilesize
240KB
-
memory/2764-431-0x000001B8AFDB0000-0x000001B8AFDC0000-memory.dmpFilesize
64KB
-
memory/2764-676-0x000001B8AFDB0000-0x000001B8AFDC0000-memory.dmpFilesize
64KB
-
memory/2764-432-0x000001B8AFDB0000-0x000001B8AFDC0000-memory.dmpFilesize
64KB
-
memory/2764-634-0x000001B8C8220000-0x000001B8C824A000-memory.dmpFilesize
168KB
-
memory/2764-681-0x00007FF926AE0000-0x00007FF9274CC000-memory.dmpFilesize
9.9MB
-
memory/2764-430-0x000001B8C8100000-0x000001B8C8122000-memory.dmpFilesize
136KB
-
memory/2764-653-0x000001B8C8220000-0x000001B8C8242000-memory.dmpFilesize
136KB
-
memory/2764-470-0x000001B8C87F0000-0x000001B8C8866000-memory.dmpFilesize
472KB
-
memory/2764-429-0x00007FF926AE0000-0x00007FF9274CC000-memory.dmpFilesize
9.9MB
-
memory/2824-1222-0x0000015A76E10000-0x0000015A76E20000-memory.dmpFilesize
64KB
-
memory/2824-1223-0x00007FF926B80000-0x00007FF92756C000-memory.dmpFilesize
9.9MB
-
memory/2824-1201-0x00007FF926B80000-0x00007FF92756C000-memory.dmpFilesize
9.9MB
-
memory/2824-1203-0x0000015A76E10000-0x0000015A76E20000-memory.dmpFilesize
64KB
-
memory/2824-1202-0x0000015A76E10000-0x0000015A76E20000-memory.dmpFilesize
64KB
-
memory/3248-945-0x000001D441540000-0x000001D441550000-memory.dmpFilesize
64KB
-
memory/3248-946-0x000001D441540000-0x000001D441550000-memory.dmpFilesize
64KB
-
memory/3248-1191-0x00007FF926AE0000-0x00007FF9274CC000-memory.dmpFilesize
9.9MB
-
memory/3248-943-0x00007FF926AE0000-0x00007FF9274CC000-memory.dmpFilesize
9.9MB
-
memory/3248-1175-0x000001D441540000-0x000001D441550000-memory.dmpFilesize
64KB
-
memory/4192-366-0x00007FF942DB0000-0x00007FF942DB1000-memory.dmpFilesize
4KB
-
memory/4584-1231-0x00000278D3990000-0x00000278D39A0000-memory.dmpFilesize
64KB
-
memory/4584-1252-0x00000278D3990000-0x00000278D39A0000-memory.dmpFilesize
64KB
-
memory/4584-1662-0x00000278D3990000-0x00000278D39A0000-memory.dmpFilesize
64KB
-
memory/4584-1228-0x00007FF926B80000-0x00007FF92756C000-memory.dmpFilesize
9.9MB
-
memory/4584-1230-0x00000278D3990000-0x00000278D39A0000-memory.dmpFilesize
64KB
-
memory/4584-1253-0x00007FF926B80000-0x00007FF92756C000-memory.dmpFilesize
9.9MB
-
memory/4656-691-0x000001EF622C0000-0x000001EF622D0000-memory.dmpFilesize
64KB
-
memory/4656-690-0x000001EF622C0000-0x000001EF622D0000-memory.dmpFilesize
64KB
-
memory/4656-687-0x00007FF926AE0000-0x00007FF9274CC000-memory.dmpFilesize
9.9MB
-
memory/4656-920-0x000001EF622C0000-0x000001EF622D0000-memory.dmpFilesize
64KB
-
memory/4656-936-0x00007FF926AE0000-0x00007FF9274CC000-memory.dmpFilesize
9.9MB
-
memory/5388-1416-0x00000158D8860000-0x00000158D8862000-memory.dmpFilesize
8KB
-
memory/5388-1667-0x00000158D8E20000-0x00000158D8E22000-memory.dmpFilesize
8KB
-
memory/5388-1391-0x00000158D8250000-0x00000158D8252000-memory.dmpFilesize
8KB
-
memory/5388-1400-0x00000158D9000000-0x00000158D9020000-memory.dmpFilesize
128KB
-
memory/5388-1389-0x00000158D8230000-0x00000158D8232000-memory.dmpFilesize
8KB
-
memory/5388-1418-0x00000158D88E0000-0x00000158D88E2000-memory.dmpFilesize
8KB
-
memory/5388-1613-0x00000158D8DE0000-0x00000158D8DE2000-memory.dmpFilesize
8KB
-
memory/5388-1455-0x00000158D8C30000-0x00000158D8C32000-memory.dmpFilesize
8KB
-
memory/5388-1414-0x00000158D8840000-0x00000158D8842000-memory.dmpFilesize
8KB
-
memory/5388-1395-0x00000158D8950000-0x00000158D8952000-memory.dmpFilesize
8KB
-
memory/5388-1665-0x00000158D8E10000-0x00000158D8E12000-memory.dmpFilesize
8KB
-
memory/5388-1663-0x00000158D8DF0000-0x00000158D8DF2000-memory.dmpFilesize
8KB
-
memory/5388-1412-0x00000158D8620000-0x00000158D8622000-memory.dmpFilesize
8KB
-
memory/5388-1408-0x00000158D85B0000-0x00000158D85B2000-memory.dmpFilesize
8KB
-
memory/5388-1423-0x00000158DB560000-0x00000158DB580000-memory.dmpFilesize
128KB
-
memory/5388-1410-0x00000158D8610000-0x00000158D8612000-memory.dmpFilesize
8KB
-
memory/6044-1710-0x00000124A77E0000-0x00000124A78E0000-memory.dmpFilesize
1024KB
