21be0a068d7d1b57578bfb2ed850b3f3b1cfe4a4c47981ead95abdb8c20278fe

Analysis

max time kernel
60s
max time network
145s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 16:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup-v-5w6g20J.exe
Size

704KB
MD5

d1fc9e6d71a4867ab71af5566e525ba0
SHA1

593b10280a926134839feb8e2f9d0da9ee9c0593
SHA256

21be0a068d7d1b57578bfb2ed850b3f3b1cfe4a4c47981ead95abdb8c20278fe
SHA512

c82a23e5e0e3a38e32fc08401890852a71ec90640bbfb944ed7d45812493a53d2be2c0e4373692e52c77d666b8ae72cd0d15c3dc4bc3cc52887ad4589820658d
SSDEEP

12288:iOIVD3gyucpjRKaDPNKT1zH3ptaR1sDfOQSvJqFZ6rOIIzVFA4+M:iOIyyuUjMaDu173pG1szLSvJwSOZBv

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\NvOptimizerLog\locales\fil.pak	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\LICENSE	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\LICENSE	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\gksudo	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\VLC.exe	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\et.pak	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\locales\fa.pak	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\locales\pt-BR.pak	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\Resources\applet.icns	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\regedit\vbs\regList.wsf	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\vk_swiftshader.dll	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\locales\vi.pak	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\MacOS\applet	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\Elevate\main.c	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\swiftshader	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\package.json	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\PkgInfo	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\regedit\vbs\ArchitectureAgnosticRegistry.vbs	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\elevate.exe	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\locales\de.pak	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\zh-CN.pak	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\assets\win32.png	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\libgksu2.so.0	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\v8_context_snapshot.bin	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\icudtl.dat	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\locales\pl.pak	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\LICENSE.electron.txt	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\locales\fil.pak	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\uk.pak	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\.eslintignore	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\swiftshader\libGLESv2.dll	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\cs.pak	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\locales\en-GB.pak	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\locales\sk.pak	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\libEGL.dll	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\locales\bn.pak	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\assets\osx.png	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\index.js	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\vk_swiftshader_icd.json	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\ro.pak	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\index.js	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\lib\sudoer.js	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\resources\regedit\vbs\ArchitectureAgnosticRegistry.vbs	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources\applet.icns	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\Elevate\Elevate.rc	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\webpack\config.babel.js	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\resources\regedit\vbs\JsonSafeTest.wsf	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\MacOS	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\locales\da.pak	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\locales\nl.pak	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\pl.pak	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Info.plist	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\Elevate\stdafx.h	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\bn.pak	Setup-v-5w6g20J.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\fi.pak	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\locales\sl.pak	Setup-v-5w6g20J.exe
File created	C:\Windows\NvOptimizerLog\locales\ca.pak	Setup-v-5w6g20J.exe

Executes dropped EXE 3 IoCs

pid	Process
2916	VLC.exe
2344	VLC.exe
2316	VLC.exe

Loads dropped DLL 23 IoCs

pid	Process
2168	Setup-v-5w6g20J.exe
2168	Setup-v-5w6g20J.exe
2168	Setup-v-5w6g20J.exe
2168	Setup-v-5w6g20J.exe
2168	Setup-v-5w6g20J.exe
2168	Setup-v-5w6g20J.exe
2168	Setup-v-5w6g20J.exe
2168	Setup-v-5w6g20J.exe
2168	Setup-v-5w6g20J.exe
2168	Setup-v-5w6g20J.exe
2168	Setup-v-5w6g20J.exe
2168	Setup-v-5w6g20J.exe
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
2916	VLC.exe
2344	VLC.exe
2316	VLC.exe
2344	VLC.exe
2344	VLC.exe
2344	VLC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2168	Setup-v-5w6g20J.exe
2168	Setup-v-5w6g20J.exe
2168	Setup-v-5w6g20J.exe
2316	VLC.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2168	Setup-v-5w6g20J.exe

Suspicious use of WriteProcessMemory 44 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2344	2916	VLC.exe	34
PID 2916 wrote to memory of 2316	2916	VLC.exe	35
PID 2916 wrote to memory of 2316	2916	VLC.exe	35
PID 2916 wrote to memory of 2316	2916	VLC.exe	35

C:\Users\Admin\AppData\Local\Temp\Setup-v-5w6g20J.exe
"C:\Users\Admin\AppData\Local\Temp\Setup-v-5w6g20J.exe"
1⤵
- Drops file in Windows directory
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2168

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Windows\NvOptimizerLog\VLC.exe
  "C:\Windows\NvOptimizerLog\VLC.exe" --type=gpu-process --field-trial-handle=896,617551129862849603,7124124182275846912,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=904 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2344
- C:\Windows\NvOptimizerLog\VLC.exe
  "C:\Windows\NvOptimizerLog\VLC.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=896,617551129862849603,7124124182275846912,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1300 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2316
- C:\Windows\NvOptimizerLog\VLC.exe
  "C:\Windows\NvOptimizerLog\VLC.exe" --type=gpu-process --field-trial-handle=896,617551129862849603,7124124182275846912,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1176 /prefetch:2
  2⤵
  PID:2164
- C:\Windows\NvOptimizerLog\resources\vlc\installer.exe
  resources/vlc/installer.exe
  2⤵
  PID:2112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6259758,0x7fef6259768,0x7fef6259778
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1192 --field-trial-handle=1380,i,3014154652994913384,6943883658400468033,131072 /prefetch:2
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1380,i,3014154652994913384,6943883658400468033,131072 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1380,i,3014154652994913384,6943883658400468033,131072 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1380,i,3014154652994913384,6943883658400468033,131072 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1380,i,3014154652994913384,6943883658400468033,131072 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1588 --field-trial-handle=1380,i,3014154652994913384,6943883658400468033,131072 /prefetch:2
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3188 --field-trial-handle=1380,i,3014154652994913384,6943883658400468033,131072 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 --field-trial-handle=1380,i,3014154652994913384,6943883658400468033,131072 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3684 --field-trial-handle=1380,i,3014154652994913384,6943883658400468033,131072 /prefetch:1
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2628 --field-trial-handle=1380,i,3014154652994913384,6943883658400468033,131072 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2804 --field-trial-handle=1380,i,3014154652994913384,6943883658400468033,131072 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1948 --field-trial-handle=1380,i,3014154652994913384,6943883658400468033,131072 /prefetch:1
  2⤵
  PID:1784

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
f461bbe62b7d0ecb6d410ecb2a8f5f99

SHA1
49a22334941d9830647f4a14e27ce8fae99b2f21

SHA256
da736c5fd3b804a5b5ef646ba348ff5579773279225880400fb0e4b317ffaa77

SHA512
418d85dbbc53bf458095a49908481cd7ea4836f5602726c26aa0a20563a5b185e8cab076932e317674e63164246ca962b424732ef7f10788a58b8e36d99b8e96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
7ba996190e88c819330934870a10fc7a

SHA1
ec8c31809209b0454c87248285ada57f890aa3f1

SHA256
58e31af0186b6ff4a7df1d5fe619df213de749d9a1c36e459fb417795d09b170

SHA512
5e4437b1933bc67172769da808838b0342bf5d97532e72d05874e7847874fe7ef22d16e28852edff5098bc787205ce070e3d12d59d031fd051b6ffa8bfbc18b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
aa4557b7d8effc47e946720b2c825daf

SHA1
cd7721c9f8c57fd7cf15a8aedc7fcabda68c626c

SHA256
c4d09ecc49936ca77b850c0158f616fc476415740cec08e247b4de814cbc7d94

SHA512
bd29b31827b93c256df645beea37925fab23e12ffc975745c600a5fa8c5ad0e268a99a3b1e4911ce1f3dab2d27a3808858cab411bc758dddd6e8fb3a4bcfb50d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
128KB

MD5
571a0ed906c861f1e29c5818a9abb38e

SHA1
982f34e5c89a4170edad0f8368f240e6969247aa

SHA256
16f268b214b1f5c83a4aef24b18ec1133cd44c525054779fb43cccc64db07fe7

SHA512
03b3e87b56230a7ab74492d483aab88cdba3b8b6ce42a6b7690c8e829ac37afebe0e4aa591deaf5a4f39a510084cb96977343e323e978e6534b998da2e4ed22f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
184KB

MD5
79fe227baa0a5d2782dfbb977c321f8d

SHA1
655c9268cea3fdb1da003de738b14308762ff860

SHA256
bb56f048345ce163865f29af71c4799f515db4b86b4cbeb07b0d593ef1c47208

SHA512
804f79a589d877a0ab386dfbb7066c9b920427d093610b0fb6d25b5237477fb2ba885f4a932e395ea5ae736f68b45968f1b7a34a3781dd87130533867eddb50e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
7cab718c7bcc84faa1424b9a4a33fac7

SHA1
bb094c1a726a4cf4eddac9a30be042fb8c9ce178

SHA256
7232b05ba8b3e42be960ad70b7c366dae2073764f48c0d1bb45d38c98a0d914a

SHA512
544cceeacc207fb9f96b02c9a44836b1ec3023c9a38813541683007fb3cc2981b3996ea7a31ecce534210aa585fe7bdd55134b7749cd5df85eec37b0c3fc6452

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
c84ff39035f711aaa1ee6e0964b72641

SHA1
d6c7b61a90b9258f2edd1f927a45e076a5def591

SHA256
6cc171935346670e9b9dffd0672d1061c31b5f24ce31ae84b29a81b3de9837ac

SHA512
2c536a0a09414bbf519dab64ad35f24cd54d4ed45253bcca3d2d9346c32a88d7508c20dadb911649391afe332844cfdc88f0e1b4587837a9a3fc37798c7a1a96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
76f8fd261e489695fcdffd9ec70744b3

SHA1
3356dd7ecf492d781d654a3141b2aac0745da3b9

SHA256
a7519266e2da77b443a87c59ebd99a2ad5a5d02bed5b3a62f3a441765d2445f1

SHA512
b0158504f453ad9fa99526b8a383cc4d1c5da348dbad631b746e2aec84e458a47b175c8697350601bb95474e4a76312adc91f4e94679564a615793703bf073bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
34be632e21155779fd52d2d07ea16c7e

SHA1
82d68c28600c9b087b167fe789252aad0a911bf4

SHA256
9e40e63e381cc41c81176dd007df872d5f932136a94728c9bd9f29906a700e8b

SHA512
f5b8abc8366053f40f559a8bbf241e24c5a66514eedbbaad56786d9ed433f9b0167ee46a8d23d01de7c17d4597e6210fa29025da26554b0fbf77649c87603090

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8829172d1e0e0620dcf46a7b95dfe05b

SHA1
b330fe13d670954cd5b95a6f8ffdbd742003be9d

SHA256
0885d1beb8fa56ca23f2dbe7a1336246289c77439e3a5efc7a7ada23c2800f88

SHA512
f9e4ca788223f7b93aa4b94943f6c96e2eedcf0233b5e55a874501a3672eadf442e8ff413cd96730f584b08f0f6f30a67070e56970eaa45b4037c423454b139f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
af2c0abb81792411c7a78258d61094e4

SHA1
c5afea56005b7b998dc55bc8dd25ec156f751468

SHA256
5bd35673a97df3511843b2292fef68ad60f40f634c3e4fc31a40eb318d2ff7f6

SHA512
300834099b344688a8b2292b048f5a5ce41689de336efee508ff2ab23358e00cd5288e5f61c3ffaf63f46b10c697aae473c2fadb4d9bdeb298910d36478a5da7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
39d1d301d3dea2efbbf0ce823b04b5c7

SHA1
2c7fa12ecd145352ed9a54add62f76a262e884d7

SHA256
e2f11635842cb73b07e829b1a482cce0a2c4177e02bc5eb00f75f0f2f312d406

SHA512
7c073a04a446d5e24ac06565640935d58f8bb12c5a50323f79c210b751a1509a9814cdc0266de99f44ace04d8af6026ad1a5e3759499016b06542a6f2416c8c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d1c528a2-5f08-4e7c-8664-b294fd5ff55c.tmp

Filesize
258KB

MD5
ec2e504c447bea3bfd95d08ebe6316f7

SHA1
5cd13ffe8debc74e044484450756f66c68e4dfbc

SHA256
bf9f33d05865481fe7449ec2b81fa7b3cbc05b4fe08e965fccb6375c0b689254

SHA512
a8017bccfd33a38eaf1c44482b5f1352465edd05031a37c52b1fc522f544178ef5bf59ef63de9e39bd7062aaf33ec6fa59186c4bbb78fb4378e0c91206917add

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd7BF4.tmp\package.7z

Filesize
5.6MB

MD5
3b86ce900c53d5c4eabe1e4123cc6acd

SHA1
3c7120ba645a77684384c5f367477036c3b6ec22

SHA256
83eb8c34ad56b513eda287a76e9c1f352653bf2f1889e5f9f6c8c91b2f32422c

SHA512
3fa6b2307693a0cdbedc8d58f35fa59b590784a4201faf5db698c0c0c263ea4e762f9caa5ba2b803ba309bea8f47323cc2b9b1d793207a288ea80cf2d40c28f2

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Dictionaries\en-US-9-0.bdic

Filesize
441KB

MD5
a78ad14e77147e7de3647e61964c0335

SHA1
cecc3dd41f4cea0192b24300c71e1911bd4fce45

SHA256
0d6803758ff8f87081fafd62e90f0950dfb2dd7991e9607fe76a8f92d0e893fa

SHA512
dde24d5ad50d68fc91e9e325d31e66ef8f624b6bb3a07d14ffed1104d3ab5f4ef1d7969a5cde0dfbb19cb31c506f7de97af67c2f244f7e7e8e10648ea8321101

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Windows\NvOptimizerLog\D3DCompiler_47.dll

Filesize
304KB

MD5
65474da2605c23d66e882048fbe45de2

SHA1
4f55a3c46d15d9600b6d7dbc93c97db90f879920

SHA256
26d54f1c5bac246c5b369661237e1e055e4c3a909f3ed51413cdc5bd1594de17

SHA512
2dca3d88bd13a0bd938b30d6be82ebf5914c72d0f371d5d458d2081c13ca7eb69bb9912de06794178776a718c28c58e3a22f69871e3002830dd219ef3cc9eb0a

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe

Filesize
2.0MB

MD5
93ba27d57d9c0fa0c1b5ac6bb0503fa8

SHA1
9b03e09fe63c9226fa29839a2350e641847bfd4c

SHA256
2263c0bcae9a24b0bf9ae3ca57f38a54cd11ceb38bd8a3e6e607f8063ead3356

SHA512
bd270909c26e1f031fbb224d50a850462d9346ad7c7be8853f88126b2a56987ff88554f7d2c1a648c31d5e1814200ecfea0d44756a1ea6226cf1a290534ccd98

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe

Filesize
578KB

MD5
dffed6cc9234dfbe2248995430862829

SHA1
d7fd69bd1873645f4fded899ebd1fe68ca593c00

SHA256
7679d8373a37e9d27261a88fdc9a3d34f5d90b9c7d4cda6db08558e073dff134

SHA512
5d95394acc4dbb487147cc51b0b3dcae526766e16f73ae5008bec208b00745dc72cf07860c2ccced38ee86b3d9b30d4487ac3c7fe2c457b3f4feb88632b397da

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe

Filesize
565KB

MD5
d71d0b76f8e8fabd573c61652b5e45d8

SHA1
5faa4b282b90c2a4a5bfad6c797a003cd3f291fc

SHA256
69df95b9cbf8ca620c0e96c48f5275eda70a8b59025e06f6d3f7d92a0d4cbe16

SHA512
18a45bb2ebedff1f824c9b623634db182278f8ae73003c29ed68f43cbff382683521291ec67f2ab4931ac672a0cb8e61286863b20e9433b5f33807d70aec6056

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe

Filesize
302KB

MD5
95fdc5ec31b11f2ec38f220cf087284a

SHA1
fc9b7a266aa65667750938b83790b8baaafdd320

SHA256
8df7bc845b2254c3db86d9dcc20e813de83d140a16f9d14fee3bc1c23ffe271f

SHA512
1136a85ee187cec1f00710bebc896c6058cf6dce38b4bacd4379bdb277acf5c74a8b8a1ef2ab89d856f853ff3cb93c40583c96fdac6b082bda2794ab67d3f43d

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe

Filesize
332KB

MD5
3718c0b5d592214d14970b95dcc9edb7

SHA1
12314421d03ad134b6c85e96adfc114b72ccdf43

SHA256
d5bc6f4fa2721a8808db1f4e9032a067630d32cee3912c7de47a5ff820256ad2

SHA512
21fbf0f41e545e192fc5eb9683c74998a6b2f9ce514875b82a0b32752ae3d2d08bc07c3decc7600d39d2baab30257da57b90a594ecf5056cbfb889e5da9a9a8e

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe

Filesize
691KB

MD5
d38c42bf25203d59a53cb2dfce7b5c31

SHA1
151ad0ad2f9314c75c5c69d3358258de8d462439

SHA256
7639b35c8bedfcd581486e9c9022db72d76d31d7dc4b0afc4967338f55a01eab

SHA512
4d697c907aaef732aa6addbba660c9f3195cc80f31425473c8ca5f4926c39865d052620a9ba1bbbcbb596b3545407c8cde4107e9b4ac0e541fb9a100680d6fbd

Download Submit
C:\Windows\NvOptimizerLog\chrome_100_percent.pak

Filesize
123KB

MD5
a59ea69d64bf4f748401dc5a46a65854

SHA1
111c4cc792991faf947a33386a5862e3205b0cff

SHA256
f1a935db8236203cbc1dcbb9672d98e0bd2fa514429a3f2f82a26e0eb23a4ff9

SHA512
12a1d953df00b6464ecc132a6e5b9ec3b301c7b3cefe12cbcad27a496d2d218f89e2087dd01d293d37f29391937fcbad937f7d5cf2a6f303539883e2afe3dacd

Download Submit
C:\Windows\NvOptimizerLog\chrome_200_percent.pak

Filesize
183KB

MD5
1985b8fc603db4d83df72cfaeeac7c50

SHA1
5b02363de1c193827062bfa628261b1ec16bd8cf

SHA256
7f9ded50d81c50f9c6ed89591fa621fabbd45cef150c8aabcceb3b7a9de5603b

SHA512
27e90dd18cbce0e27c70b395895ef60a8d2f2f3c3f2ca38f48b7ecf6b0d5e6fefbe88df7e7c98224222b34ff0fbd60268fdec17440f1055535a79002044c955b

Download Submit
C:\Windows\NvOptimizerLog\ffmpeg.dll

Filesize
549KB

MD5
869cf9afbf44170c4e9531eba54f7e40

SHA1
9eebaa142a7114089d5928ee6a311bb159fea89b

SHA256
9faf2406cb67127bdeaf5962c0884e768e40d0a54c95a040fbf49c65a02be234

SHA512
c76adfe329de20c1c21323a0ba4f488e261c614b820e724e78db472e188308b0721fca262ce6401ddb67b74aa76326f44f8cf7035a18ecb4401add91deb240e1

Download Submit
C:\Windows\NvOptimizerLog\icudtl.dat

Filesize
119KB

MD5
5cc8bde396b27c28cabbbac045518aac

SHA1
c0367809495cfc06cc269d2c67c953ed6aded1e6

SHA256
25df9d0f88d5666bf205939e4a0a819fe355f2be8c2b29a68d40140fd1c93728

SHA512
704066b126573ac0b068084cbec7630acfc1e77c24b7346d565e9a73054146d3ca27064ab7346ad0493928bb7f5aa94e4fa037bb2fb55589712dbb0d3f240ec5

Download Submit
C:\Windows\NvOptimizerLog\libegl.dll

Filesize
145KB

MD5
52ee5137239beab206dda9bd80b0a09b

SHA1
b5fc30a234fa6f4735a33384ac89149d3fc35aa3

SHA256
999c9bd5feb18fa6ac3d79f866b7393f419a5b6acba77b12386a60fde7af9712

SHA512
dbe62eb0e14af2d176a3481639867a487a1ec520d9088ce25394eae4521f53d9721a6743d72ad4411313a14807df86137cfa395944276b0e0953b91cfd377afa

Download Submit
C:\Windows\NvOptimizerLog\libglesv2.dll

Filesize
222KB

MD5
e21fd8d0175e1666cb54a8aafa15cc5f

SHA1
17562dca2c480a243ed8a2765cc2d7836af42611

SHA256
102060f2a4a63fc34a203e48667e22ea28f9c596f22ea582b99552dd076857fb

SHA512
9e9a98019c875bf8004a095d163c6ad3bf6d0b447774fbdbf9dfaa836d58867e6fef7e1719257d483222101c82b34195a8f1f64dc7b3f318795df194ba2a7e45

Download Submit
C:\Windows\NvOptimizerLog\locales\en-US.pak

Filesize
85KB

MD5
6bbeeb72daebc3b0cbd9c39e820c87a9

SHA1
bd9ebec2d3fc03a2b27f128cf2660b33a3344f43

SHA256
ac1cdb4fb4d9fb27a908ed0e24cc9cc2bd885bc3ffba7e08b0b907fd4d1a8c4b

SHA512
66944fb1abcc2a7e08e5fd8a2cee53eb9da57653d7880aea226f25879e26379f7d745ebf62a3518378fa503f3a31b3ea3716f49fe4c7db4f4af0228b81b53a10

Download Submit
C:\Windows\NvOptimizerLog\resources.pak

Filesize
892KB

MD5
af78c3f49a92171576c196422594f80f

SHA1
fa705f09a3451c69f9078ef5b5fc626266078d2b

SHA256
5c4537ca081a21c47ba8585dbc565f89915c8d065bc1937c434f31b482c42208

SHA512
675d49c8bf46eb2ff66e450e74109c7272e3165c38e6ad6deb3af17062d2a34780e1c870127364d3b80eb56b5854be07a074f73c515ddfb4ebdd4296420e3c00

Download Submit
C:\Windows\NvOptimizerLog\resources\app.asar

Filesize
972KB

MD5
302c60ffd4331a5404d0b0b7f303b329

SHA1
208e18e3f6f942cfbce3b74832cf971675309876

SHA256
aa236028f09ec3efa1c9bf486c3769eed511d03589ae0c7de0f8e13488bce5a6

SHA512
76eef678b29de0edc460a55b32b0fa637eb0b8789206a1643c1444c27d6df033606137f8e2f219bd67dca0242f1bd6542688bc24304dac68ee3341b8f7296085

Download Submit
C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\libgksu2.so.0

Filesize
68KB

MD5
6dbc4226a62a578b815c4d4be3eda0d7

SHA1
eb23f90635a8366c5c992043ccf2dfb817cf6512

SHA256
0eb70bd4b911c9af7c1c78018742cadb0c5f9b6d394005eaeaa733da4b5766e5

SHA512
3a2836f712ad7048dbeb5b6eec8e163652f97bea521eafcff5c598cbedf062baefaa7079d3a614470ef99ec954dac518224cb3515ca14757721f96412443c7c4

Download Submit
C:\Windows\NvOptimizerLog\resources\vlc\installer.exe

Filesize
192KB

MD5
53ed8c6e34099f9bc8322bda855802c8

SHA1
6b3559b4239f6d0894eff7c840d770ea66c1ffbf

SHA256
528f4c2fec31656f20f83b385b7cf2859d9ccf253d2fe15f727aa3d498b885b3

SHA512
50d35af74d5858218bc116280e68e693847072bfe082082ddee71ce1c1ea3085d0403654ee8789a1950b7874f7486b849f5fe929deeeb468912dfbdfb8a545ac

Download Submit
C:\Windows\NvOptimizerLog\resources\vlc\installer.exe

Filesize
61KB

MD5
6545ebd874a611da7080b5d9b5fa96dc

SHA1
715838c5f4f451d65338ca04ddcbb33f8be92f96

SHA256
77ebb6d597f74e633544c69b642605db34539222eef146f23b4d6013b1e240c3

SHA512
0ef9707fc625ac76d895e6dee13d0b8f07a5af23dce21a7e074d1114a4dc9507e038f71a04f02684561d815220efa2f4be6ca1753574b70e9fadec628989bf99

Download Submit
C:\Windows\NvOptimizerLog\v8_context_snapshot.bin

Filesize
117KB

MD5
0179683cdac78c3f8e90ee5fdc65df38

SHA1
8dd61ff231b5c6184b05959375f7a2d13c6e6272

SHA256
b8c150bf63bef3189aa121c9838b25c411a52034fa58a42c4b954e61978dbe2a

SHA512
d1098c3a562d6989330ae3713f3d545b04b80660cbb2452669db0d31705c6fbd7062cd208a75de978140455dfbde11a04c23ad5307cae3b64a18760335996983

Download Submit
\Users\Admin\AppData\Local\Temp\nsd7BF4.tmp\INetC.dll

Filesize
238KB

MD5
38caa11a462b16538e0a3daeb2fc0eaf

SHA1
c22a190b83f4b6dc0d6a44b98eac1a89a78de55c

SHA256
ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a

SHA512
777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1

Download Submit
\Users\Admin\AppData\Local\Temp\nsd7BF4.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsd7BF4.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsd7BF4.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsd7BF4.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsd7BF4.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsd7BF4.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
\Users\Admin\AppData\Local\Temp\nse718A.tmp\LangDLL.dll

Filesize
7KB

MD5
20850d4d5416fbfd6a02e8a120f360fc

SHA1
ac34f3a34aaa4a21efd6a32bc93102639170e219

SHA256
860b409b065b747aab2a9937f02d08b6fd7309993b50d8e4b53983c8c2b56b61

SHA512
c8048b9ae0ced72a384c5ab781083a76b96ae08d5c8a5c7797f75a7e54e9cd9192349f185ee88c9cf0514fc8d59e37e01d88b9c8106321c0581659ebe1d1c276

Download Submit
\Users\Admin\AppData\Local\Temp\nse718A.tmp\System.dll

Filesize
26KB

MD5
4f25d99bf1375fe5e61b037b2616695d

SHA1
958fad0e54df0736ddab28ff6cb93e6ed580c862

SHA256
803931797d95777248dee4f2a563aed51fe931d2dd28faec507c69ed0f26f647

SHA512
96a8446f322cd62377a93d2088c0ce06087da27ef95a391e02c505fb4eb1d00419143d67d89494c2ef6f57ae2fd7f049c86e00858d1b193ec6dde4d0fe0e3130

Download Submit
\Users\Admin\AppData\Local\Temp\nse718A.tmp\nsDialogs.dll

Filesize
12KB

MD5
2029c44871670eec937d1a8c1e9faa21

SHA1
e8d53b9e8bc475cc274d80d3836b526d8dd2747a

SHA256
a4ae6d33f940a80e8fe34537c5cc1f8b8679c979607969320cfb750c15809ac2

SHA512
6f151c9818ac2f3aef6d4cabd8122c7e22ccf0b84fa5d4bcc951f8c3d00e8c270127eac1e9d93c5f4594ac90de8aff87dc6e96562f532a3d19c0da63a28654b7

Download Submit
\Users\Admin\AppData\Local\Temp\nse718A.tmp\nsProcess.dll

Filesize
35KB

MD5
764371d831841fe57172aa830d22149d

SHA1
680e20e9b98077dea32b083b5c746d8de35e0584

SHA256
93df9e969053ca77c982c6e52b7f2898d22777a8c50274b54303eaa0ef5ccded

SHA512
19076205eba08df978ad17f8176d3a5a17c4ea684460894b6a80cae7e48fcae5e9493ff745d88d62fd44fc17bcda838570add6c38bebe4962d575f060f1584f9

Download Submit
\Windows\NvOptimizerLog\VLC.exe

Filesize
2.2MB

MD5
5f5633c2724f49844cbea42cc0020d98

SHA1
0f6149d9fab728eef5bf3717ba85750baeb6fdc5

SHA256
863e072152f449f758a5322737f675e8e848f5e2202f59fb398c054ed15275db

SHA512
f4ec391046b1338fa230feec2d24ce5a50ee15a918dd473b5eb26a7d69586d6ed3b41c789bb1a7c6bf7ce64e9edada2d30e3ff02e142b30c8c74978cf5b1bd0c

Download Submit
\Windows\NvOptimizerLog\VLC.exe

Filesize
2.1MB

MD5
0d8ff0e69d483504ef09c32b479293bc

SHA1
2d80d90bff036ddc0bd21411726fe7d647c1330b

SHA256
8e6fb8723c10ca3c7e8717fb076cfe50ac083784117212f74dfafdf8a03a421f

SHA512
f45df68b5dbaaad2845698d3dccd833bd31d2b499e8808474676b772726223cc9cd3f7ff6abd7fbfd1fb611327e211bbec6a641c7f538a5dd47f10774e5a2e32

Download Submit
\Windows\NvOptimizerLog\VLC.exe

Filesize
1.9MB

MD5
65f12a01868e0c5bf8c42db1a8981e2f

SHA1
02a201edacbda171b0ac9dc43dc30098a37098b7

SHA256
22c5bf837fe80ef7ff9db817f6600317f20487bc18a02c2debdc9c442e2ecba9

SHA512
4c7a84821d5f7c7c31ff59f276102fc4a6396d31c33051ccc0f545b6559bc3621318f98f44211dc7db50d1af0e47dcee47c434a5ded0c8e1e157044be48b5fa9

Download Submit
\Windows\NvOptimizerLog\VLC.exe

Filesize
2.7MB

MD5
cf39d3092ddf1e65889c6b22f7f52cca

SHA1
264d987797d6692191e3261959c8fb02c056cd4b

SHA256
5d56f64ca89406acad4e491d40a04e2122e8a8af20518260799357ca2e511487

SHA512
fbd72efa5e2470df9e8493f69e81ff1dc80d9816d852fe1c1d2b553eaf2655333ac5f8b11bf2f91d71892ede5e91f902b0f333e4874abfd9c5499d775b1c44db

Download Submit
\Windows\NvOptimizerLog\VLC.exe

Filesize
806KB

MD5
88d7e22fca3a48cf8e9d9ffe99e979d1

SHA1
dad5277788bbbab0545d7085378e99e64d103d6c

SHA256
f4f9669e2e6ea76278bca2ba1e6251b6cb92f4ea867fcc5ed62d6cf28b0bbb2a

SHA512
d9983c782abe32e397a72107de767f2a5d0a484f26c090191d379437e71a04b19ce24237702622fef3f1bae9f7e80863d21dcb0f296b3cffe924396bc2eeda1f

Download Submit
\Windows\NvOptimizerLog\VLC.exe

Filesize
869KB

MD5
12320e2306c40c073c95d330a31e93a3

SHA1
64d476c2ec72573c71b6f906eb43db2aa8caff9a

SHA256
009544b0fc232d9cb919f296ed7f86626b783955060646bf8e5f3746435e227b

SHA512
5626c607d9a678f7d4a5a9a5bf8473e1cbe4f647db061aca9326f023167683b5c10281f3cc3650b98e85415f33be769b77706bed94cc4d639b4cd353e6b6e2d9

Download Submit
\Windows\NvOptimizerLog\VLC.exe

Filesize
678KB

MD5
a6d28f878e4f43ddfbfaf61c16151dbc

SHA1
6e3a92274655ec7dd7568392636beeec3967a9a7

SHA256
fa9eadc76d06f503345782c5af2d8adb20725ab70018c4528e033727428b1845

SHA512
9a808124a590120392967463c944e16b8970581a7fd39f09d8a22bb28bd5386ff9b1e10d3a987bfc79d130d8798c3e9ab01cd86b6a5ebc45c004aa99fb7905b8

Download Submit
\Windows\NvOptimizerLog\VLC.exe

Filesize
680KB

MD5
2207e48053236415f8cc6f4e857d4fab

SHA1
e106a0789e189885fa77df3d16bf18e0a7aef1a5

SHA256
6b24c9a81e0818d69244d8f8fa71e1242c0cc902982121a222209d41984de932

SHA512
8eabf8cae4b50a9dc1569a7acb95a589f9c9330b7e7955f67b9df34631b1f75cbfc170f85bbd4647ab7081ad9e0b8e12c0b3a45b6140c5d029ed3d36ecef7e73

Download Submit
\Windows\NvOptimizerLog\VLC.exe

Filesize
575KB

MD5
6baef891c6dc29a2274252bb95528bcc

SHA1
41169955e29d572a8b573bc73864f2d74e151c8d

SHA256
8b5c8ae9cb16c0830344b6e1381aeaaedc1d7bcd5bd82a10dbc0600664e864b5

SHA512
6d12b594bf51df09c355704387d570deb33ce9d2671532c52b9388f33fba83fde8a359d7bcb54372ac045a598266dc50a6b0cd984703a75c16435f80ffc55248

Download Submit
\Windows\NvOptimizerLog\d3dcompiler_47.dll

Filesize
358KB

MD5
1dbffa8e0b445f5a2eec6dd3baf991a9

SHA1
3ba84796167aa18b4e315192ec87a405db39b53d

SHA256
19fd705dcd55d1d90e17144048e0b75ea8030b74aa8376ebc414abc2ac44e7d4

SHA512
d6d18b6a97766bff0f45df2bd0b78c63868f3f21ac2eb3b6fbfdd2e4fdff3766130bbe61651054b80a9fdf172490994ccba5c09a6b9d5aff9299e26d5873dee3

Download Submit
\Windows\NvOptimizerLog\ffmpeg.dll

Filesize
660KB

MD5
7d4d0d91d9cf64c7d781968f04a11447

SHA1
16bb38facc907aeb772dce392d03f9d3e875f0d4

SHA256
0a9733597c493fd1abdf69ae81a1cf2c8366ee4766ee907be16d53c5a3ca15cd

SHA512
99b683bc6ccf8cfb294ffd5fe12d3df54126fa87c4449ac932dd078388fa2c8245c48cac4dcc8b5dc3058250b19f031e43a1a635b034dbb764fcdf30a2587a9c

Download Submit
\Windows\NvOptimizerLog\ffmpeg.dll

Filesize
371KB

MD5
8ddfaaa5f61a1c5e2b9df44263c1dc51

SHA1
3d1cbe4ac60d1abeec201accc4509473f97b92dc

SHA256
432221c14241ddd1fcf43beccbce901b46d92433444e9564f691132368b721b6

SHA512
d97f777440c4bc9c592e115333af48c553ce60a9b8a248de4e1080788acd64ee821ba24e1957c6fa4eeb5db1bf122b32484e487e613c51b8b26cf5157e867dea

Download Submit
\Windows\NvOptimizerLog\ffmpeg.dll

Filesize
417KB

MD5
a5be44e5bd4eea8b70b89732f1c6a4d2

SHA1
3a3be73a51812b42e89830281a4852fd52e138cd

SHA256
14b49d29523d0ba3aead30ad0febb4db851a35df0231a7434a1e45b42f797f2f

SHA512
273e5bd4bb964b1a39ad92a265fccd50fc5eba00f51ff7c9795cab1c33f41566294753a589f858088af0d6192d879c83f4852817cdbe9e82632fa9134e99294e

Download Submit
\Windows\NvOptimizerLog\libEGL.dll

Filesize
207KB

MD5
193b1b9bbfe254ae9a3ce7002814e035

SHA1
dd74748740492c4b5a4da1cdd0c0cc0312699a42

SHA256
47178f1155a0d6fc7bcb6dbcf4a261f6a41ab34f275221d91e56ed965da09c63

SHA512
0409a018196abd5ce37026ca0fc32998d6af50aa511aa1cf8bb41e894785ce8500a72f593fd45b150ebaf15104dae19d824710e4e8efad3cb6e0b1fada57a72a

Download Submit
\Windows\NvOptimizerLog\libGLESv2.dll

Filesize
385KB

MD5
ec7d43651fde72f159d8479cbb07b8c1

SHA1
019a7ce401894a74d62e50a278890884df763e90

SHA256
6101b242b1107306036fbdc0ae7a22d3bae479fb868bbcb0ea24c856fb43ee4f

SHA512
257ac6a3cae8572f354aa02325f268f4aa6a4d07c2ac40ccbd6f60a9bbc814a4777d8faa8b76000fa50b91b11efacfb39763fd2d65cc28a80a33ee8e00a9b50c

Download Submit
memory/2112-552-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/2112-548-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/2112-525-0x0000000074270000-0x000000007427E000-memory.dmp

Filesize
56KB

Download
memory/2112-527-0x00000000741D0000-0x00000000741DC000-memory.dmp

Filesize
48KB

Download
memory/2112-526-0x00000000741E0000-0x00000000741EB000-memory.dmp

Filesize
44KB

Download
memory/2112-524-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/2168-351-0x0000000003620000-0x0000000003622000-memory.dmp

Filesize
8KB

Download
memory/2344-418-0x0000000076BC0000-0x0000000076BC1000-memory.dmp

Filesize
4KB

Download
memory/2344-384-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/2916-443-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download