21be0a068d7d1b57578bfb2ed850b3f3b1cfe4a4c47981ead95abdb8c20278fe

Analysis

max time kernel
149s
max time network
155s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
05-04-2024 11:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Undetected_____________________________________-Setup-v-am1kunX.exe
Size

704KB
MD5

d1fc9e6d71a4867ab71af5566e525ba0
SHA1

593b10280a926134839feb8e2f9d0da9ee9c0593
SHA256

21be0a068d7d1b57578bfb2ed850b3f3b1cfe4a4c47981ead95abdb8c20278fe
SHA512

c82a23e5e0e3a38e32fc08401890852a71ec90640bbfb944ed7d45812493a53d2be2c0e4373692e52c77d666b8ae72cd0d15c3dc4bc3cc52887ad4589820658d
SSDEEP

12288:iOIVD3gyucpjRKaDPNKT1zH3ptaR1sDfOQSvJqFZ6rOIIzVFA4+M:iOIyyuUjMaDu173pG1szLSvJwSOZBv

Score

6^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Drops file in System32 directory 3 IoCs

Processes:

VLC.exeVLC.exeVLC.exe

description	ioc	process
File created	C:\Windows\System32\NvWinSearchOptimizer.ps1	VLC.exe
File opened for modification	C:\Windows\System32\NvWinSearchOptimizer.ps1	VLC.exe
File opened for modification	C:\Windows\System32\NvWinSearchOptimizer.ps1	VLC.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 64 IoCs

Processes:

old-uninstaller.exeUndetected_____________________________________-Setup-v-am1kunX.exeUndetected_____________________________________-Setup-v-am1kunX.exe

description	ioc	process
File opened for modification	C:\Windows\NvOptimizerLog\locales\ca.pak	old-uninstaller.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\Resources\applet.icns	old-uninstaller.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\	old-uninstaller.exe
File opened for modification	C:\Windows\NvOptimizerLog\swiftshader\	old-uninstaller.exe
File created	C:\Windows\NvOptimizerLog\locales\fil.pak	Undetected_____________________________________-Setup-v-am1kunX.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\zh-TW.pak	Undetected_____________________________________-Setup-v-am1kunX.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\Elevate\Elevate.rc	Undetected_____________________________________-Setup-v-am1kunX.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\Elevate\main.c	Undetected_____________________________________-Setup-v-am1kunX.exe
File opened for modification	C:\Windows\NvOptimizerLog\snapshot_blob.bin	Undetected_____________________________________-Setup-v-am1kunX.exe
File created	C:\Windows\NvOptimizerLog\swiftshader\libEGL.dll	Undetected_____________________________________-Setup-v-am1kunX.exe
File opened for modification	C:\Windows\NvOptimizerLog\snapshot_blob.bin	old-uninstaller.exe
File opened for modification	C:\Windows\NvOptimizerLog\vk_swiftshader.dll	old-uninstaller.exe
File created	C:\Windows\NvOptimizerLog\chrome_200_percent.pak	Undetected_____________________________________-Setup-v-am1kunX.exe
File created	C:\Windows\NvOptimizerLog\locales\sr.pak	Undetected_____________________________________-Setup-v-am1kunX.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources\applet.icns	Undetected_____________________________________-Setup-v-am1kunX.exe
File created	C:\Windows\NvOptimizerLog\locales\nb.pak	Undetected_____________________________________-Setup-v-am1kunX.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\te.pak	Undetected_____________________________________-Setup-v-am1kunX.exe
File created	C:\Windows\NvOptimizerLog\locales\et.pak	Undetected_____________________________________-Setup-v-am1kunX.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\MacOS\applet	Undetected_____________________________________-Setup-v-am1kunX.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\gksudo	Undetected_____________________________________-Setup-v-am1kunX.exe
File opened for modification	C:\Windows\NvOptimizerLog\swiftshader\libGLESv2.dll	Undetected_____________________________________-Setup-v-am1kunX.exe
File opened for modification	C:\Windows\NvOptimizerLog\	old-uninstaller.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app	Undetected_____________________________________-Setup-v-am1kunX.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\ms.pak	old-uninstaller.exe
File opened for modification	C:\Windows\NvOptimizerLog\vulkan-1.dll	Undetected_____________________________________-Setup-v-am1kunX.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar	Undetected_____________________________________-Setup-v-am1kunX.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\libgksu2.so.0.0.2	Undetected_____________________________________-Setup-v-am1kunX.exe
File created	C:\Windows\NvOptimizerLog\locales\hr.pak	Undetected_____________________________________-Setup-v-am1kunX.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\it.pak	Undetected_____________________________________-Setup-v-am1kunX.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\regedit\vbs\ArchitectureSpecificRegistry.vbs	old-uninstaller.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\fil.pak	Undetected_____________________________________-Setup-v-am1kunX.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\PkgInfo	Undetected_____________________________________-Setup-v-am1kunX.exe
File created	C:\Windows\NvOptimizerLog\resources\vlc\installer.exe	Undetected_____________________________________-Setup-v-am1kunX.exe
File created	C:\Windows\NvOptimizerLog\locales\bn.pak	Undetected_____________________________________-Setup-v-am1kunX.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\es.pak	Undetected_____________________________________-Setup-v-am1kunX.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\MacOS\	old-uninstaller.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources	Undetected_____________________________________-Setup-v-am1kunX.exe
File created	C:\Windows\NvOptimizerLog\resources.pak	Undetected_____________________________________-Setup-v-am1kunX.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\Resources\applet.rsrc	Undetected_____________________________________-Setup-v-am1kunX.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist	Undetected_____________________________________-Setup-v-am1kunX.exe
File created	C:\Windows\NvOptimizerLog\locales\nl.pak	Undetected_____________________________________-Setup-v-am1kunX.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\bg.pak	old-uninstaller.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\mr.pak	old-uninstaller.exe
File opened for modification	C:\Windows\NvOptimizerLog\chrome_100_percent.pak	Undetected_____________________________________-Setup-v-am1kunX.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\sw.pak	Undetected_____________________________________-Setup-v-am1kunX.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\.eslintignore	Undetected_____________________________________-Setup-v-am1kunX.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\MacOS\applet	Undetected_____________________________________-Setup-v-am1kunX.exe
File created	C:\Windows\NvOptimizerLog\locales\ar.pak	Undetected_____________________________________-Setup-v-am1kunX.exe
File created	C:\Windows\NvOptimizerLog\locales\en-US.pak	Undetected_____________________________________-Setup-v-am1kunX.exe
File created	C:\Windows\NvOptimizerLog\Uninstall VLC.exe	Undetected_____________________________________-Setup-v-am1kunX.exe
File created	C:\Windows\NvOptimizerLog\locales\th.pak	Undetected_____________________________________-Setup-v-am1kunX.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\MacOS\applet	Undetected_____________________________________-Setup-v-am1kunX.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\README.md	Undetected_____________________________________-Setup-v-am1kunX.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\Resources\Scripts	Undetected_____________________________________-Setup-v-am1kunX.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\Elevate\Elevate.vcxproj.filters	Undetected_____________________________________-Setup-v-am1kunX.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\fr.pak	old-uninstaller.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources\Scripts\	old-uninstaller.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\webpack\chmod.js	Undetected_____________________________________-Setup-v-am1kunX.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\ru.pak	Undetected_____________________________________-Setup-v-am1kunX.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\webpack\config.babel.js	Undetected_____________________________________-Setup-v-am1kunX.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\pl.pak	old-uninstaller.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\webpack\config.babel.js	old-uninstaller.exe
File created	C:\Windows\NvOptimizerLog\locales\ja.pak	Undetected_____________________________________-Setup-v-am1kunX.exe
File created	C:\Windows\NvOptimizerLog\resources\regedit\vbs\regDeleteKey.wsf	Undetected_____________________________________-Setup-v-am1kunX.exe

Executes dropped EXE 17 IoCs

Processes:

VLC.exeVLC.exeVLC.exeVLC.exeVLC.exeinstaller.exeinstaller.exeVLC.exeVLC.exeVLC.exeUndetected_____________________________________-Setup-v-am1kunX.exeold-uninstaller.exeVLC.exeVLC.exeVLC.exeVLC.exeinstaller.exe

pid	process
3280	VLC.exe
1960	VLC.exe
2180	VLC.exe
4972	VLC.exe
2216	VLC.exe
568	installer.exe
1460	installer.exe
324	VLC.exe
2720	VLC.exe
1868	VLC.exe
5976	Undetected_____________________________________-Setup-v-am1kunX.exe
6360	old-uninstaller.exe
2284	VLC.exe
4868	VLC.exe
3112	VLC.exe
1580	VLC.exe
704	installer.exe

Loads dropped DLL 50 IoCs

Processes:

Undetected_____________________________________-Setup-v-am1kunX.exeVLC.exeVLC.exeVLC.exeVLC.exeVLC.exeinstaller.exeVLC.exeVLC.exeVLC.exeinstaller.exeUndetected_____________________________________-Setup-v-am1kunX.exeold-uninstaller.exeVLC.exeVLC.exeVLC.exeVLC.exeinstaller.exe

pid	process
3232	Undetected_____________________________________-Setup-v-am1kunX.exe
3232	Undetected_____________________________________-Setup-v-am1kunX.exe
3232	Undetected_____________________________________-Setup-v-am1kunX.exe
3232	Undetected_____________________________________-Setup-v-am1kunX.exe
3232	Undetected_____________________________________-Setup-v-am1kunX.exe
3232	Undetected_____________________________________-Setup-v-am1kunX.exe
3232	Undetected_____________________________________-Setup-v-am1kunX.exe
3232	Undetected_____________________________________-Setup-v-am1kunX.exe
3232	Undetected_____________________________________-Setup-v-am1kunX.exe
3232	Undetected_____________________________________-Setup-v-am1kunX.exe
3280	VLC.exe
2180	VLC.exe
4972	VLC.exe
1960	VLC.exe
1960	VLC.exe
1960	VLC.exe
1960	VLC.exe
2216	VLC.exe
568	installer.exe
568	installer.exe
2720	VLC.exe
1868	VLC.exe
324	VLC.exe
324	VLC.exe
324	VLC.exe
324	VLC.exe
1460	installer.exe
1460	installer.exe
1460	installer.exe
5976	Undetected_____________________________________-Setup-v-am1kunX.exe
5976	Undetected_____________________________________-Setup-v-am1kunX.exe
5976	Undetected_____________________________________-Setup-v-am1kunX.exe
5976	Undetected_____________________________________-Setup-v-am1kunX.exe
5976	Undetected_____________________________________-Setup-v-am1kunX.exe
6360	old-uninstaller.exe
6360	old-uninstaller.exe
6360	old-uninstaller.exe
6360	old-uninstaller.exe
6360	old-uninstaller.exe
5976	Undetected_____________________________________-Setup-v-am1kunX.exe
5976	Undetected_____________________________________-Setup-v-am1kunX.exe
2284	VLC.exe
3112	VLC.exe
1580	VLC.exe
4868	VLC.exe
4868	VLC.exe
4868	VLC.exe
4868	VLC.exe
704	installer.exe
704	installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 3 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exeschtasks.exeschtasks.exe

pid process

3256 schtasks.exe
1784 schtasks.exe
5436 schtasks.exe

pid	process
3256	schtasks.exe
1784	schtasks.exe
5436	schtasks.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Gathers system information 1 TTPs 3 IoCs
Runs systeminfo.exe.

System Information Discovery
T1082

Processes:

systeminfo.exesysteminfo.exesysteminfo.exe

pid process

1220 systeminfo.exe
6348 systeminfo.exe
1496 systeminfo.exe
Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

6648 taskkill.exe

pid	process
1220	systeminfo.exe
6348	systeminfo.exe
1496	systeminfo.exe

pid	process
6648	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133567920145632057"	chrome.exe

NTFS ADS 1 IoCs

Processes:

chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Undetected_____________________________________-Setup-v-am1kunX.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Undetected_____________________________________-Setup-v-am1kunX.exeVLC.exeVLC.exeVLC.exeVLC.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exechrome.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepowershell.exepowershell.exeUndetected_____________________________________-Setup-v-am1kunX.exe

pid	process
3232	Undetected_____________________________________-Setup-v-am1kunX.exe
3232	Undetected_____________________________________-Setup-v-am1kunX.exe
3232	Undetected_____________________________________-Setup-v-am1kunX.exe
3232	Undetected_____________________________________-Setup-v-am1kunX.exe
3232	Undetected_____________________________________-Setup-v-am1kunX.exe
3232	Undetected_____________________________________-Setup-v-am1kunX.exe
2180	VLC.exe
2180	VLC.exe
4972	VLC.exe
4972	VLC.exe
2720	VLC.exe
2720	VLC.exe
1868	VLC.exe
1868	VLC.exe
1852	powershell.exe
1852	powershell.exe
1852	powershell.exe
2004	powershell.exe
2004	powershell.exe
2004	powershell.exe
2336	powershell.exe
2336	powershell.exe
2336	powershell.exe
4436	powershell.exe
4436	powershell.exe
4436	powershell.exe
4436	powershell.exe
2724	powershell.exe
2724	powershell.exe
2724	powershell.exe
1556	powershell.exe
1556	powershell.exe
1556	powershell.exe
4800	powershell.exe
4800	powershell.exe
4800	powershell.exe
1544	powershell.exe
1544	powershell.exe
1544	powershell.exe
4140	chrome.exe
4140	chrome.exe
5148	msedge.exe
5148	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
5384	identity_helper.exe
5384	identity_helper.exe
2804	msedge.exe
2804	msedge.exe
5792	powershell.exe
5792	powershell.exe
5792	powershell.exe
5792	powershell.exe
2804	powershell.exe
2804	powershell.exe
2804	powershell.exe
5976	Undetected_____________________________________-Setup-v-am1kunX.exe
5976	Undetected_____________________________________-Setup-v-am1kunX.exe
5976	Undetected_____________________________________-Setup-v-am1kunX.exe
5976	Undetected_____________________________________-Setup-v-am1kunX.exe
5976	Undetected_____________________________________-Setup-v-am1kunX.exe
5976	Undetected_____________________________________-Setup-v-am1kunX.exe
5976	Undetected_____________________________________-Setup-v-am1kunX.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

Processes:

chrome.exemsedge.exe

pid	process
4140	chrome.exe
4140	chrome.exe
4612	msedge.exe
4612	msedge.exe
4140	chrome.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4140	chrome.exe
4612	msedge.exe
4612	msedge.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Undetected_____________________________________-Setup-v-am1kunX.exepowershell.exepowershell.exepowershell.exe

description	pid	process
Token: SeSecurityPrivilege	3232	Undetected_____________________________________-Setup-v-am1kunX.exe
Token: SeDebugPrivilege	1852	powershell.exe
Token: SeIncreaseQuotaPrivilege	1852	powershell.exe
Token: SeSecurityPrivilege	1852	powershell.exe
Token: SeTakeOwnershipPrivilege	1852	powershell.exe
Token: SeLoadDriverPrivilege	1852	powershell.exe
Token: SeSystemProfilePrivilege	1852	powershell.exe
Token: SeSystemtimePrivilege	1852	powershell.exe
Token: SeProfSingleProcessPrivilege	1852	powershell.exe
Token: SeIncBasePriorityPrivilege	1852	powershell.exe
Token: SeCreatePagefilePrivilege	1852	powershell.exe
Token: SeBackupPrivilege	1852	powershell.exe
Token: SeRestorePrivilege	1852	powershell.exe
Token: SeShutdownPrivilege	1852	powershell.exe
Token: SeDebugPrivilege	1852	powershell.exe
Token: SeSystemEnvironmentPrivilege	1852	powershell.exe
Token: SeRemoteShutdownPrivilege	1852	powershell.exe
Token: SeUndockPrivilege	1852	powershell.exe
Token: SeManageVolumePrivilege	1852	powershell.exe
Token: 33	1852	powershell.exe
Token: 34	1852	powershell.exe
Token: 35	1852	powershell.exe
Token: 36	1852	powershell.exe
Token: SeDebugPrivilege	2004	powershell.exe
Token: SeIncreaseQuotaPrivilege	2004	powershell.exe
Token: SeSecurityPrivilege	2004	powershell.exe
Token: SeTakeOwnershipPrivilege	2004	powershell.exe
Token: SeLoadDriverPrivilege	2004	powershell.exe
Token: SeSystemProfilePrivilege	2004	powershell.exe
Token: SeSystemtimePrivilege	2004	powershell.exe
Token: SeProfSingleProcessPrivilege	2004	powershell.exe
Token: SeIncBasePriorityPrivilege	2004	powershell.exe
Token: SeCreatePagefilePrivilege	2004	powershell.exe
Token: SeBackupPrivilege	2004	powershell.exe
Token: SeRestorePrivilege	2004	powershell.exe
Token: SeShutdownPrivilege	2004	powershell.exe
Token: SeDebugPrivilege	2004	powershell.exe
Token: SeSystemEnvironmentPrivilege	2004	powershell.exe
Token: SeRemoteShutdownPrivilege	2004	powershell.exe
Token: SeUndockPrivilege	2004	powershell.exe
Token: SeManageVolumePrivilege	2004	powershell.exe
Token: 33	2004	powershell.exe
Token: 34	2004	powershell.exe
Token: 35	2004	powershell.exe
Token: 36	2004	powershell.exe
Token: SeDebugPrivilege	2336	powershell.exe
Token: SeIncreaseQuotaPrivilege	2336	powershell.exe
Token: SeSecurityPrivilege	2336	powershell.exe
Token: SeTakeOwnershipPrivilege	2336	powershell.exe
Token: SeLoadDriverPrivilege	2336	powershell.exe
Token: SeSystemProfilePrivilege	2336	powershell.exe
Token: SeSystemtimePrivilege	2336	powershell.exe
Token: SeProfSingleProcessPrivilege	2336	powershell.exe
Token: SeIncBasePriorityPrivilege	2336	powershell.exe
Token: SeCreatePagefilePrivilege	2336	powershell.exe
Token: SeBackupPrivilege	2336	powershell.exe
Token: SeRestorePrivilege	2336	powershell.exe
Token: SeShutdownPrivilege	2336	powershell.exe
Token: SeDebugPrivilege	2336	powershell.exe
Token: SeSystemEnvironmentPrivilege	2336	powershell.exe
Token: SeRemoteShutdownPrivilege	2336	powershell.exe
Token: SeUndockPrivilege	2336	powershell.exe
Token: SeManageVolumePrivilege	2336	powershell.exe
Token: 33	2336	powershell.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exemsedge.exe

pid	process
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4140	chrome.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

Processes:

chrome.exemsedge.exe

pid	process
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe

Suspicious use of SetWindowsHookEx 18 IoCs

Processes:

VLC.exeVLC.exeVLC.exeVLC.exeVLC.exeinstaller.exeinstaller.exeVLC.exeVLC.exeVLC.exeidentity_helper.exeUndetected_____________________________________-Setup-v-am1kunX.exeold-uninstaller.exeVLC.exeVLC.exeVLC.exeVLC.exeinstaller.exe

pid	process
3280	VLC.exe
2180	VLC.exe
4972	VLC.exe
1960	VLC.exe
2216	VLC.exe
568	installer.exe
1460	installer.exe
2720	VLC.exe
1868	VLC.exe
324	VLC.exe
5384	identity_helper.exe
5976	Undetected_____________________________________-Setup-v-am1kunX.exe
6360	old-uninstaller.exe
2284	VLC.exe
3112	VLC.exe
1580	VLC.exe
4868	VLC.exe
704	installer.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

VLC.exeVLC.exe

description	pid	process	target process
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 1960	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 2180	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 2180	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 4972	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 4972	3280	VLC.exe	VLC.exe
PID 3280 wrote to memory of 568	3280	VLC.exe	installer.exe
PID 3280 wrote to memory of 568	3280	VLC.exe	installer.exe
PID 3280 wrote to memory of 568	3280	VLC.exe	installer.exe
PID 2216 wrote to memory of 324	2216	VLC.exe	VLC.exe
PID 2216 wrote to memory of 324	2216	VLC.exe	VLC.exe
PID 2216 wrote to memory of 324	2216	VLC.exe	VLC.exe
PID 2216 wrote to memory of 324	2216	VLC.exe	VLC.exe
PID 2216 wrote to memory of 324	2216	VLC.exe	VLC.exe
PID 2216 wrote to memory of 324	2216	VLC.exe	VLC.exe
PID 2216 wrote to memory of 324	2216	VLC.exe	VLC.exe
PID 2216 wrote to memory of 324	2216	VLC.exe	VLC.exe
PID 2216 wrote to memory of 324	2216	VLC.exe	VLC.exe
PID 2216 wrote to memory of 324	2216	VLC.exe	VLC.exe
PID 2216 wrote to memory of 324	2216	VLC.exe	VLC.exe
PID 2216 wrote to memory of 324	2216	VLC.exe	VLC.exe
PID 2216 wrote to memory of 324	2216	VLC.exe	VLC.exe
PID 2216 wrote to memory of 324	2216	VLC.exe	VLC.exe
PID 2216 wrote to memory of 324	2216	VLC.exe	VLC.exe
PID 2216 wrote to memory of 324	2216	VLC.exe	VLC.exe
PID 2216 wrote to memory of 324	2216	VLC.exe	VLC.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Undetected_____________________________________-Setup-v-am1kunX.exe
"C:\Users\Admin\AppData\Local\Temp\Undetected_____________________________________-Setup-v-am1kunX.exe"
1⤵
- Drops file in Windows directory
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3232

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3280

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=gpu-process --field-trial-handle=1440,8509018311586440791,11561566835856706061,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1500 /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1440,8509018311586440791,11561566835856706061,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1892 /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=renderer --field-trial-handle=1440,8509018311586440791,11561566835856706061,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Windows\NvOptimizerLog\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2164 /prefetch:1
2⤵
- Drops file in System32 directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4972

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "chcp"
3⤵
PID:1000

C:\Windows\system32\chcp.com
chcp
4⤵
PID:1576

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1852

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2004

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2336

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "SCHTASKS /Create /TN "NvOptimizerTaskUpdater_V2" /SC HOURLY /TR "powershell -File C:/Windows/System32/NvWinSearchOptimizer.ps1" /RL HIGHEST /MO 4 /RU System /ST 12:03"
3⤵
PID:4164

C:\Windows\system32\schtasks.exe
SCHTASKS /Create /TN "NvOptimizerTaskUpdater_V2" /SC HOURLY /TR "powershell -File C:/Windows/System32/NvWinSearchOptimizer.ps1" /RL HIGHEST /MO 4 /RU System /ST 12:03
4⤵
- Creates scheduled task(s)
PID:3256

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted"
3⤵
PID:2784

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:4436

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ExecutionPolicy"
3⤵
PID:4492

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ExecutionPolicy
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:2724

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "systeminfo"
3⤵
PID:5052

C:\Windows\system32\systeminfo.exe
systeminfo
4⤵
- Gathers system information
PID:1220

C:\Windows\system32\cscript.exe
cscript.exe
3⤵
PID:5076

C:\Windows\system32\cscript.exe
cscript.exe //Nologo resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\NvOptimizer
3⤵
PID:4436

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "start chrome "https://mediatrackerr.com/track-install?s=vlc&u=42668cc3-14b0-42ea-b428-5dd046c98877&f=Undetected_____________________________________-Setup-v-am1kunX.exe""
3⤵
PID:3304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mediatrackerr.com/track-install?s=vlc&u=42668cc3-14b0-42ea-b428-5dd046c98877&f=Undetected_____________________________________-Setup-v-am1kunX.exe"
4⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb2c109758,0x7ffb2c109768,0x7ffb2c109778
5⤵
PID:1848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=2488,i,15978518894694235676,1705693916865265772,131072 /prefetch:2
5⤵
PID:4772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=2488,i,15978518894694235676,1705693916865265772,131072 /prefetch:8
5⤵
PID:1716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1876 --field-trial-handle=2488,i,15978518894694235676,1705693916865265772,131072 /prefetch:8
5⤵
PID:3408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=2488,i,15978518894694235676,1705693916865265772,131072 /prefetch:1
5⤵
PID:5136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=2488,i,15978518894694235676,1705693916865265772,131072 /prefetch:1
5⤵
PID:5156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4520 --field-trial-handle=2488,i,15978518894694235676,1705693916865265772,131072 /prefetch:1
5⤵
PID:5516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=2488,i,15978518894694235676,1705693916865265772,131072 /prefetch:8
5⤵
PID:5788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=2488,i,15978518894694235676,1705693916865265772,131072 /prefetch:8
5⤵
PID:4840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=2488,i,15978518894694235676,1705693916865265772,131072 /prefetch:8
5⤵
PID:5376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3720 --field-trial-handle=2488,i,15978518894694235676,1705693916865265772,131072 /prefetch:1
5⤵
PID:6932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4908 --field-trial-handle=2488,i,15978518894694235676,1705693916865265772,131072 /prefetch:1
5⤵
PID:7136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4900 --field-trial-handle=2488,i,15978518894694235676,1705693916865265772,131072 /prefetch:1
5⤵
PID:4844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=2488,i,15978518894694235676,1705693916865265772,131072 /prefetch:8
5⤵
PID:6704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2440 --field-trial-handle=2488,i,15978518894694235676,1705693916865265772,131072 /prefetch:1
5⤵
PID:6768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 --field-trial-handle=2488,i,15978518894694235676,1705693916865265772,131072 /prefetch:8
5⤵
PID:3848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5800 --field-trial-handle=2488,i,15978518894694235676,1705693916865265772,131072 /prefetch:8
5⤵
PID:3220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6076 --field-trial-handle=2488,i,15978518894694235676,1705693916865265772,131072 /prefetch:8
5⤵
PID:2236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 --field-trial-handle=2488,i,15978518894694235676,1705693916865265772,131072 /prefetch:8
5⤵
- NTFS ADS
PID:5756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3960 --field-trial-handle=2488,i,15978518894694235676,1705693916865265772,131072 /prefetch:8
5⤵
PID:5856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5160 --field-trial-handle=2488,i,15978518894694235676,1705693916865265772,131072 /prefetch:8
5⤵
PID:5972

C:\Users\Admin\Downloads\Undetected_____________________________________-Setup-v-am1kunX.exe
"C:\Users\Admin\Downloads\Undetected_____________________________________-Setup-v-am1kunX.exe"
5⤵
- Drops file in Windows directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5976

C:\Windows\SysWOW64\taskkill.exe
taskkill /im "VLC.exe" /fi "PID ne 5976"
6⤵
- Kills process with taskkill
PID:6648

C:\Users\Admin\AppData\Local\Temp\nsc96D.tmp\old-uninstaller.exe
"C:\Users\Admin\AppData\Local\Temp\nsc96D.tmp\old-uninstaller.exe" /S /KEEP_APP_DATA /allusers --keep-shortcuts --updated _?=C:\Windows\NvOptimizerLog
6⤵
- Drops file in Windows directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:6360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5668 --field-trial-handle=2488,i,15978518894694235676,1705693916865265772,131072 /prefetch:2
5⤵
PID:3104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mediatrackerr.com/track-install?s=vlc&u=42668cc3-14b0-42ea-b428-5dd046c98877&f=Undetected_____________________________________-Setup-v-am1kunX.exe
3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb2b403cb8,0x7ffb2b403cc8,0x7ffb2b403cd8
4⤵
PID:3680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,7631331927485713817,16100615045758534973,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
4⤵
PID:3676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,7631331927485713817,16100615045758534973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:5148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,7631331927485713817,16100615045758534973,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1868 /prefetch:8
4⤵
PID:5324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,7631331927485713817,16100615045758534973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
4⤵
PID:5724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,7631331927485713817,16100615045758534973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
4⤵
PID:5732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,7631331927485713817,16100615045758534973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
4⤵
PID:5576

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,7631331927485713817,16100615045758534973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,7631331927485713817,16100615045758534973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 /prefetch:8
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:2804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,7631331927485713817,16100615045758534973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
4⤵
PID:564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,7631331927485713817,16100615045758534973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
4⤵
PID:3428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,7631331927485713817,16100615045758534973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
4⤵
PID:6452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,7631331927485713817,16100615045758534973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
4⤵
PID:6460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,7631331927485713817,16100615045758534973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
4⤵
PID:6972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,7631331927485713817,16100615045758534973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
4⤵
PID:7112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,7631331927485713817,16100615045758534973,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5060 /prefetch:2
4⤵
PID:6192

C:\Windows\NvOptimizerLog\resources\vlc\installer.exe
resources/vlc/installer.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:780

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2216

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=gpu-process --field-trial-handle=1516,7247243061234069619,8998816615818528970,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1524 /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:324

C:\Windows\NvOptimizerLog\resources\vlc\installer.exe
resources/vlc/installer.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1460

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=renderer --field-trial-handle=1516,7247243061234069619,8998816615818528970,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Windows\NvOptimizerLog\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1884 /prefetch:1
2⤵
- Drops file in System32 directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2720

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "chcp"
3⤵
PID:5052

C:\Windows\system32\chcp.com
chcp
4⤵
PID:2980

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1556

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4800

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1544

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "SCHTASKS /Create /TN "NvOptimizerTaskUpdater_V2" /SC HOURLY /TR "powershell -File C:/Windows/System32/NvWinSearchOptimizer.ps1" /RL HIGHEST /MO 4 /RU System /ST 12:03"
3⤵
PID:4924

C:\Windows\system32\schtasks.exe
SCHTASKS /Create /TN "NvOptimizerTaskUpdater_V2" /SC HOURLY /TR "powershell -File C:/Windows/System32/NvWinSearchOptimizer.ps1" /RL HIGHEST /MO 4 /RU System /ST 12:03
4⤵
- Creates scheduled task(s)
PID:1784

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted"
3⤵
PID:5312

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
4⤵
PID:4840

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:5792

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ExecutionPolicy"
3⤵
PID:3660

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ExecutionPolicy
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:2804

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "systeminfo"
3⤵
PID:6308

C:\Windows\system32\systeminfo.exe
systeminfo
4⤵
- Gathers system information
PID:6348

C:\Windows\system32\cscript.exe
cscript.exe
3⤵
PID:6620

C:\Windows\system32\cscript.exe
cscript.exe //Nologo resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\NvOptimizer
3⤵
PID:6668

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "start chrome "https://mediatrackerr.com/track-install?s=vlc&u=42668cc3-14b0-42ea-b428-5dd046c98877&f=Undetected_____________________________________-Setup-v-am1kunX.exe""
3⤵
PID:6744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mediatrackerr.com/track-install?s=vlc&u=42668cc3-14b0-42ea-b428-5dd046c98877&f=Undetected_____________________________________-Setup-v-am1kunX.exe"
4⤵
PID:6828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb2c109758,0x7ffb2c109768,0x7ffb2c109778
5⤵
PID:6848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mediatrackerr.com/track-install?s=vlc&u=42668cc3-14b0-42ea-b428-5dd046c98877&f=Undetected_____________________________________-Setup-v-am1kunX.exe
3⤵
PID:6800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ffb2b403cb8,0x7ffb2b403cc8,0x7ffb2b403cd8
4⤵
PID:6836

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1516,7247243061234069619,8998816615818528970,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1960 /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1264

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5712

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2284

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=gpu-process --field-trial-handle=1540,14965263451392329449,437393696298326241,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1536 /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:4868

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1540,14965263451392329449,437393696298326241,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1628 /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3112

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=renderer --field-trial-handle=1540,14965263451392329449,437393696298326241,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Windows\NvOptimizerLog\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2088 /prefetch:1
2⤵
- Drops file in System32 directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "chcp"
3⤵
PID:6408

C:\Windows\system32\chcp.com
chcp
4⤵
PID:3184

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
3⤵
PID:6968

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
3⤵
PID:6736

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
3⤵
PID:1764

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "SCHTASKS /Create /TN "NvOptimizerTaskUpdater_V2" /SC HOURLY /TR "powershell -File C:/Windows/System32/NvWinSearchOptimizer.ps1" /RL HIGHEST /MO 4 /RU System /ST 12:04"
3⤵
PID:5972

C:\Windows\system32\schtasks.exe
SCHTASKS /Create /TN "NvOptimizerTaskUpdater_V2" /SC HOURLY /TR "powershell -File C:/Windows/System32/NvWinSearchOptimizer.ps1" /RL HIGHEST /MO 4 /RU System /ST 12:04
4⤵
- Creates scheduled task(s)
PID:5436

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted"
3⤵
PID:3928

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted
4⤵
PID:1436

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ExecutionPolicy"
3⤵
PID:1208

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ExecutionPolicy
4⤵
PID:228

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "systeminfo"
3⤵
PID:4180

C:\Windows\system32\systeminfo.exe
systeminfo
4⤵
- Gathers system information
PID:1496

C:\Windows\NvOptimizerLog\resources\vlc\installer.exe
resources/vlc/installer.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2264

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004
Filesize
94KB

MD5
d243595c4ef1101477b8ff1a2f5708db

SHA1
29cf9948962e4b0624191a8a34fc4b26335ccf33

SHA256
a19bb8131057d1078fafbe393272208aab575e4d5e1318a6506e0c29d05ae4e8

SHA512
2d6bba769e6923d664eb6ff960452fe187b567b74e8800eb09c6063353847cf9463dfad7b4014b42e5af12da7c53d0a824c8896be305e8e48818be138d0c9a9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
39KB

MD5
e3b7c1f55a368984a5ba8cba843ed6b7

SHA1
3362755d9f77b6eb0801ea9b3301a24ee63fb22d

SHA256
7bd1a844aaf30cf44b61e3e9266a2db03f61dad8c851d78b170df9034ceecce5

SHA512
64b0d6689a59da5bf40762169b925eb0dc0d47d0f60c8a83c3cb3696af2c036eba4fb7336e77b99509d9c80ec3b942649c62950c179185ebcbaa132804bb133c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
576B

MD5
ca5f7724de734fb4267367ccabbef319

SHA1
c9c7dcf09472fa65744cbd8fb612d911d27c0a51

SHA256
e95c4712d1220bf0fcb2fe739ae9db0f351233b645296c643156eb17e85d2be0

SHA512
7f5173dc4498675a488b89f7b1d089f507c185dfe96b3c468dfed1dbeb51b8171ee6a6b1b54a7c7a7c5168ba3d1e7eea89f10b65568123812ff9c26f5d3b2340

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
744B

MD5
a03f1eb7df82f557dc0f637252bc68f5

SHA1
cb1b767abe453344377f6379f9b54971f2a58c57

SHA256
6d313d1af5e5aac89edc72693b522e015ed736306225af8331f7b79f5aafbe9e

SHA512
5b541af7ec6a8f21aa2aeae348ddf2e41d00a2f0418ed760f898f48502031e47d275c01f9f7ecb651fe77a18885d4f3d68f5e75ebf167b23392f97ff5debd44b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
a944794cc8c9d7906638cd2c25b8e069

SHA1
c12d798156602dbd3b7366431dc94ccd51d6388c

SHA256
067e0746859c4845f46885cfba87772253533811fe9c5e716acf4dd9ed9e8769

SHA512
a88a17ce2bb9852f6078108e0bf9404050fdeb5c26d5a7af4dca582ea880752653862b2913d3f0294a08f712a198f2cbc8e8a165d1fc7e7c8acd1858a4b073cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
8b4efcc36e04a43a8066e8bec4426ea5

SHA1
1c6577013ab0060b0f738a0bb1fcfa1dc542ad6f

SHA256
890cc90e1709715553176a3a2a21cee11d1a26dbb74e0fc44e0170c35bef2799

SHA512
24bb5b9cf3c7cebb426b35d009f69e1b26dd1958227f9ffa8b4eeceb35a8f395afaf57e86ba60a6947efc6fd0f4d2ae620a5d014ce93cb7b42e2fbc4f88acdf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
8a2eb8b33c02e46e07cf0eebe061c519

SHA1
d33565d97c59b41bc657aee6fceb45f6485e76e6

SHA256
e36834bf03456d3fbeb95be013818da70714db1acb77079e8928c7f67a2ba26f

SHA512
7a096ff18adb245275ad3b08ce52c3211ee56e33c6b5e11c3fa25d7be10833732e23504123f812939110782f7388d491b067d4661ee43d4e2e0a41648bcd579d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
c83408273a1d270c07e50516445ab860

SHA1
d86888f79a40caed933c9983cf6cb5f7123ec65d

SHA256
f0186f26c5a75c94356b6ffb490aff6c893da26f69463d5d93ec8cc40b289d91

SHA512
0bca5d4050964b4ecedac82ab4e334b0184506f4edcfd20afe712f10bd63b62d8b19ac47886d81efaadb9b89d93498f977f9b727ae5f4d8cf11fcf5591fd50c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ca5655d5dc2e5926bc7dcd6855535518

SHA1
604673be36ac4526102672240b0fd61f728cc505

SHA256
686e2e2cf9848d6f1273716a55c28e3f7c23156699014f93c6d4089369b34a64

SHA512
c319bab5765e35ce127469eb456c696866b624f7dea7f7aad747470c5f051e5c856c23431b8caab59d79d8350dde8fd9204dfa3d6a447a556f9f3314546062e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
536c46b321d97d56a4e9c4f56161359c

SHA1
7859a04785572e6dfe08e3b881aa74c9a4713976

SHA256
af28240164ad6db0e237c3dee255bba5e4c0cc98350ba65c5b76c7ea91a3e22f

SHA512
d38d813f3d9969f2a67e56c7c17c106dddb7f66e2cfd4335e7909693872431cb5001ee8ddc7d2446ae5d00f5c8575abce9545237f7a884d3a777ba2a864e743a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
3568227168ee4eb0a26dbdfb9d953144

SHA1
959ffd33a250b8436dbadf98ec832268741d78b5

SHA256
387d858dfa68b426bb0efedec138da54f728b047b9917f4c6c8da3a03dde8205

SHA512
53be76811235c38e5882d805e235c4d54dcb7f2937211de07e880bf0c3ae6fb8ffe3b06f4a9f75cc7161cc8e9d5921f394788324f8353a3fddedcfc6533f8b05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
559b4f20f5030ad4cb69bc0565e23501

SHA1
4653ef6096c242d595a9796f5fba0ddf7bbb3108

SHA256
f0220463047ac10c49a868d590d66a11914e14072180a7ab558e2d9392c1888e

SHA512
d5c33ecf8321d99e618af4bca32e6ecad72256b838649afb00ac0650da17b3c98c8c1a92234c7360b76a3db8efd25e56a113a03dbfe2244047fd6c9d52b2a0a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
261KB

MD5
5428176722307bedafdbd5c8e55745e9

SHA1
97737be96fc9d131fb0f3e3886669700f6cb8def

SHA256
43f068f656d89b20b3d2ac04fe4c36ab67cdda6d5f6e5c764eb4882df5a2c56f

SHA512
6c2fcb97a73d447888cd7de6468770a6e0a0095bf4e728f9635b67ce094e80e5e82ca20b45e9cfa592c505c364cb21a893523920e6093b27cf49c96d4d4de809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
261KB

MD5
89515396a013c23f56d83047b658e9be

SHA1
5d4dfc26dfadf21a6fb39096d5e7d0e75c9cbfb5

SHA256
fdbbe0070c7bc9f545ff74b597dd47ccbc896e1dd5ac2b8c605c8b97a33fc017

SHA512
f7e127a5457cd6032f3350ee5cf89d2fe2e9491c9d79aa74bd72a76b5153379050b6d1a145fc2e4135d5b7c73e777eb1a6bb60af98f7c827a58da05002588167

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
108KB

MD5
7003de885b632c5d67ccbc63a727604d

SHA1
e0d8fb80efcc9d2b89ff45376e8f2ed16f170370

SHA256
504309026bce4798135f3578d627c2fc85d43d08d686621ef4bcacc50b6830b1

SHA512
17e76b512c5a2aca5f920372eea67c67fd61740a012ca6d0e742a24ec0ed0f9fcb1d31d90c8287f69b9f3246af7d3b9eb22d704945ac6ba556990adc824db32b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59306d.TMP
Filesize
90KB

MD5
d3db1fd8deb7ed401aacf4ac63af2adc

SHA1
35a14aa41fa3f600f5db8eccd88f103673e779dd

SHA256
d81f64f2d800201300a66594362809457d8c7d6cec1727776de0380b68ddeefd

SHA512
3625df61ed14ab32a841774c32519f578223b06a0651a6b710e393333c6a848db8308a952e1142e63a7642c4cc52f8a6cb36e08cad18254109b90c56c7e71f4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
Filesize
3KB

MD5
05850c6c0442ea6966fe2a888f219f4b

SHA1
e6b1c8eb783b307672a6f06b785a7e9b78633b46

SHA256
f51b54c5f5074076216b2d0a3e66c13e80d8f1da311614ec15c9170dff11ad5a

SHA512
9db20e00e103700f67256568e38f9b37f29af3c30f3454a38b3e033c6c2f6bd796c5b5a8c5faa98bb45d7521d76c2bf323d503b8a0196cacbd701167d441c6f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ec7568123e3bee98a389e115698dffeb

SHA1
1542627dbcbaf7d93fcadb771191f18c2248238c

SHA256
5b5e61fe004e83477411dd2b6194e90591d36f2f145cc3b4faa20cf7ae266a75

SHA512
4a53fbbd7281a1a391f0040f6ff5515cedf6e1f97f2dae4ab495b4f76eb4f929dcda6b347f9bf7f66a899330f8897e1ed117314945d1de27b035cc170fa447d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
77KB

MD5
cb5d7f189d6605fbda6a04c88d3f6285

SHA1
6319250447f948bd24b319f18fa0d05d8fb4eb1e

SHA256
18f8ba508b2f446625c8f672f2663b8138d27b09bebdc106acb0a12f09e073ce

SHA512
a1d8776d545f09a1cef5840b54eedf9d37504365aaf210dba45191ed207a6ae8fedccef11c390ba834f6406ab88d1dd04d98ee2c5c28bdac6100a961b7ef9318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
Filesize
91KB

MD5
195676dba3a1e51bfed142df57c1fa5d

SHA1
f11bf676c6d2bc5e90d6a357f8c12e25f29d1325

SHA256
b13e08163fcde72079e34bf19ca554394a75af948e09505fdef530b1da5c9562

SHA512
d9a40bddefa968f09497d7291f080146b5a358d27183ec7aada5f0ccbe203a1f387ebb39f7ae8b058d6c930099daa41695c5257171a465f2cf24f84107b98a6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
3f8f39ac7551a6e26c66ae20e782fb2b

SHA1
65646c624d6d296322bd86409b5636e654a0930c

SHA256
dc6742830bd36b7379bc3f4841b9fcd304f2dd2c3e55613e308c0ccf1b16f2a4

SHA512
f5cf658efa951c0438d7699182ce59be4fce1127bf7eb4dba56817e8675bce99dcdf4f7a5c0e08eee155d81696aaec0f30b9ea086de1efae28277c3e22082063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
02b9e8d53598ebb46da997f20ab677cb

SHA1
9e40d399297335211557f4fe34ecc16c24a37454

SHA256
40375bcdd4143d39141c2034c3459f334eac112dbf13ede395391bbec72b8e1b

SHA512
cb9a0e94112ed0c83181d399e4f87b8e2920fd889ea11be3de233e63b6e331680a45545ca6026dade30077bccfe8f9f4dbd7da63a848da9996ae3a3ef1031835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
2e9682f314d30a1b7ed1408d2eeb2cca

SHA1
d443fb150570106bae8d07aad59b0fab59aa19f9

SHA256
719a5b409d3c9ed61b84b91033b7c0de11ca85a59b68a35369abc4a3555dcc1a

SHA512
59c784cf7c2bc6e349b3cf255a5ca54626bbce886fdd4289dfac5c674c83ea064866fd961c3c445ff1ded000045d014eca204a303875e4da1e06fc4488e96d0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
3d87ba14b33689e4df039c6529b85483

SHA1
cf380b08b5c4838c769ad49846f77b7d9c07c013

SHA256
f574483e8ec571114a09f067f82dc600433d38524f242543b1ad0f6603c09adb

SHA512
12e1b379233e402d52fe5a34721c24654de550d6b1f3b7a99b1c20e5ea7f4c5d0d4d2ad1852aa1e6a2e4dc782420a445db944968fbc6940cf23ec36f87518cce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
3851f22d860f6186cb805bdc96db55b8

SHA1
0d4d844d3cc29d6a1579f71b7164c2e156d03f0f

SHA256
8ef546f690ee23ecf33017046b7e56d5ab334552f7b2ac36e78271d8299e20c4

SHA512
9009a238e765ed42f70d9f22df68fc26a32c816fbe01df0633f4efe6109b0fb1d97e12043d5fa749a8f776e5d9b6c431c9567b48ed24d1d6c3817d595cb7a3c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
25KB

MD5
0ba15f72ffb0a37243558588d3e78221

SHA1
814bdfffd723f7de9f8d6d6a0bc8d85a9f275cc0

SHA256
3d0223e1f8bb35870db41872cfbbe467f65bf9a1208dcb4d4ad874e250ccc10a

SHA512
02b168ef9cc226a08955092173c3745a55b28faa438b8152acb90d3bc1d9f433de7d8341def8b452db1986392a59cabc7c69689ad00825c58371ca78021183be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
2a3a6c836cf96cc2b5192ff3e50bb401

SHA1
bded007d61ed99b926c41ec113356a94d5587b80

SHA256
978c5645ed22d7b9d0a2b37639b3a39a79a9bc6033dab2e74aaf44e7ff40edaf

SHA512
d4126bec31366f63df6d6c3201f93f63af14d6d85486da7a844f376478994c7a8fe764d698dd16632a1563858563d5154040019d3bc6ffb0dec43a2963c69e74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5815d5.TMP
Filesize
204B

MD5
44484ace0f9c8467560141bada6640f9

SHA1
9cc5c4a01495d5164500984059591c9dccc74741

SHA256
050e4c9a3fec0fa72f77c39597bb4a9f0686b35b729b07a1d58b96c6a663639b

SHA512
355417a4f4aa58c29ccb28c120b32e9e6538a92cdc040086b209c84b63d37b76427b28b3476df55cd6ad8407368c5fc3bdb8e0180cd56d5e6905cabf4cacc3d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
10b0b21e9706fc70ac465ca8ac1dd015

SHA1
26e4861f653d244f8c5eb87a940b1e945f7186cd

SHA256
3d99dcdd4d980dfe2126d7fc80e63d0a831185676aca84d51dabbac957cdcfaa

SHA512
813739956a893862cdfb5f5e037a2cb71c85006aeabcbdfb10de06592b99eab47730362b8a6109104f370a5e0ec35f2b209d17f40cab466d84337ed749387bc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
bd12f99b9002e8a34447bb54d7fff56b

SHA1
eb5037205c6be1592ee753d5d85057e12e9033ab

SHA256
346335523c3502fb32533ace3f724f1a7481abd8d323deadabd3b99edc3da923

SHA512
df25a477b8514570550dbc7d8a34c64bf519ee6ef501d81d02df33d353bda495f661a083a2c70e7b3f788416fff93698e08416539aae2f94e9ff52d5b76c6980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
f3bce5f2ee31fd5bb4e0e2eb205362b9

SHA1
549fbf11398bbb233a9bf4a81775fde9e582ad16

SHA256
6144ca8ed58300a6dc76d8a16d91dbb191a72f8fe32ba3f06b9df623a942233d

SHA512
4da6e8558acab3abe89359556d210caeb66a4061ff8efd1800b4c0946b5f478eaaa8db6a71552c17f4bbce3d6a8f8b36c6e1b9fcff0b1388e9cada4a31ba7de3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
64B

MD5
446dd1cf97eaba21cf14d03aebc79f27

SHA1
36e4cc7367e0c7b40f4a8ace272941ea46373799

SHA256
a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf

SHA512
a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kfym0nr5.kn1.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc96D.tmp\nsExec.dll
Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf471C.tmp\INetC.dll
Filesize
238KB

MD5
38caa11a462b16538e0a3daeb2fc0eaf

SHA1
c22a190b83f4b6dc0d6a44b98eac1a89a78de55c

SHA256
ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a

SHA512
777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf471C.tmp\SpiderBanner.dll
Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf471C.tmp\StdUtils.dll
Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf471C.tmp\System.dll
Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf471C.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf471C.tmp\nsProcess.dll
Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf471C.tmp\nsis7z.dll
Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf471C.tmp\package.7z
Filesize
99.0MB

MD5
fdfe1ece23e984d00402431d082d768e

SHA1
9405760465c3f8abc4d08473219deea9d902e2e6

SHA256
99168cc1971f35f0cea1ac61d90e3aef6cc177a510bb90203350ac2c808c73ee

SHA512
d0979e9359d7c15910522aefb5e5e23eeaacf0335fa299e09c9c6ddc962c1a224bdf3372d0f286b181182fc893bcd93558e360fb6f6645613c9a0875a89a8b49

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj19E8.tmp\UAC.dll
Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx9A0F.tmp\LangDLL.dll
Filesize
7KB

MD5
20850d4d5416fbfd6a02e8a120f360fc

SHA1
ac34f3a34aaa4a21efd6a32bc93102639170e219

SHA256
860b409b065b747aab2a9937f02d08b6fd7309993b50d8e4b53983c8c2b56b61

SHA512
c8048b9ae0ced72a384c5ab781083a76b96ae08d5c8a5c7797f75a7e54e9cd9192349f185ee88c9cf0514fc8d59e37e01d88b9c8106321c0581659ebe1d1c276

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx9A0F.tmp\System.dll
Filesize
26KB

MD5
4f25d99bf1375fe5e61b037b2616695d

SHA1
958fad0e54df0736ddab28ff6cb93e6ed580c862

SHA256
803931797d95777248dee4f2a563aed51fe931d2dd28faec507c69ed0f26f647

SHA512
96a8446f322cd62377a93d2088c0ce06087da27ef95a391e02c505fb4eb1d00419143d67d89494c2ef6f57ae2fd7f049c86e00858d1b193ec6dde4d0fe0e3130

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx9A0F.tmp\nsDialogs.dll
Filesize
12KB

MD5
2029c44871670eec937d1a8c1e9faa21

SHA1
e8d53b9e8bc475cc274d80d3836b526d8dd2747a

SHA256
a4ae6d33f940a80e8fe34537c5cc1f8b8679c979607969320cfb750c15809ac2

SHA512
6f151c9818ac2f3aef6d4cabd8122c7e22ccf0b84fa5d4bcc951f8c3d00e8c270127eac1e9d93c5f4594ac90de8aff87dc6e96562f532a3d19c0da63a28654b7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\0ae51d4f-58b8-45f9-9b1e-8e8c1792ed9d.tmp
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
11f777a7ee0cf69c265490a9a3236332

SHA1
5825450b930f2ea23df93e5af6c7280e48e0853a

SHA256
62816b2f187c6d6fcba4c29576f2c95658f09f75b7ad5494b1ddd500f7514ed3

SHA512
3e7455d1984b82c8aa26d049651cc0f15e8ab02ddf1faea4340776c6ed1bf54f02d45b1c8dfba9e1ed4646f67dece67a3082fdfe959f2a437feb0cd974c0041e

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Code Cache\wasm\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Local Storage\leveldb\LOG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Preferences
Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\c859b42d-5280-4795-b98f-1bd4c6402977.tmp
Filesize
86B

MD5
d11dedf80b85d8d9be3fec6bb292f64b

SHA1
aab8783454819cd66ddf7871e887abdba138aef3

SHA256
8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67

SHA512
6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

Download Submit
C:\Windows\NvOptimizerLog\Uninstall VLC.exe
Filesize
176KB

MD5
be867803d50044eacf0b4431d4f8ba73

SHA1
8c24006b5268fc44edd52f81dec7e225c0ace63b

SHA256
8ac4bd12f48777baf67a6724ba6ffe0ce0c710f59c43d691e69b0c703c0482f6

SHA512
6e581023614ad87cce45939638c8a185f67196b35af291f5b97cd66a08c1dc6cf6a1b52d818e75aa606412b4340d90f2a9df880c8fcf139e3367b9a78c9546b0

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe
Filesize
125.1MB

MD5
031021334754b192f286d0c1610ba5a1

SHA1
0cdc202ba17c952076c37c85eece7b678ebaeef9

SHA256
c11b411ae2ce44803a4a2e1f14afc93f11c8b111fdf0205639be5141a28f3a89

SHA512
eb0a34610e7479902d6498bcd75c71b4efed77b1b07dc44c22d1c59897b18f62d4399a710d29d9665b830a50c2f0703c5ecd5cdcd2751b50b4e416581ff08bea

Download Submit
C:\Windows\NvOptimizerLog\chrome_100_percent.pak
Filesize
123KB

MD5
a59ea69d64bf4f748401dc5a46a65854

SHA1
111c4cc792991faf947a33386a5862e3205b0cff

SHA256
f1a935db8236203cbc1dcbb9672d98e0bd2fa514429a3f2f82a26e0eb23a4ff9

SHA512
12a1d953df00b6464ecc132a6e5b9ec3b301c7b3cefe12cbcad27a496d2d218f89e2087dd01d293d37f29391937fcbad937f7d5cf2a6f303539883e2afe3dacd

Download Submit
C:\Windows\NvOptimizerLog\chrome_200_percent.pak
Filesize
183KB

MD5
1985b8fc603db4d83df72cfaeeac7c50

SHA1
5b02363de1c193827062bfa628261b1ec16bd8cf

SHA256
7f9ded50d81c50f9c6ed89591fa621fabbd45cef150c8aabcceb3b7a9de5603b

SHA512
27e90dd18cbce0e27c70b395895ef60a8d2f2f3c3f2ca38f48b7ecf6b0d5e6fefbe88df7e7c98224222b34ff0fbd60268fdec17440f1055535a79002044c955b

Download Submit
C:\Windows\NvOptimizerLog\d3dcompiler_47.dll
Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Windows\NvOptimizerLog\ffmpeg.dll
Filesize
2.7MB

MD5
5c2e6bcfcffc022cfb7e975ad4ce2ea4

SHA1
8f65334f554b02e206faecd2049d31ef678b321d

SHA256
d068695dc8f873caab1db51c179e9696dda2319fa05c0f2d281f9979e2054fc2

SHA512
b5fe0039e1702375a6e1f4ef7bfb24d0acc42c87d02202a488fccf3d161598549055d2ac0103c95dbbc0e46975aed30259edbfef7ce77d00f1de7c1670c00959

Download Submit
C:\Windows\NvOptimizerLog\icudtl.dat
Filesize
9.9MB

MD5
70499b58dc18e7ee1d7452a1d7a8bc6e

SHA1
41c5382f08c6a88670ce73a20c0dcdb3822f19e9

SHA256
02db39ba465fc8b7a4cd280732760f29911edde87b331bf7cea7677e94d483e0

SHA512
a80939e9809bb7d20f00ad685c94d5c182fa729616c975e605abf09afb58376be73a49fefa35b75ed1a284eccf208af7656c8df44c5959df7eaf51367d232dc6

Download Submit
C:\Windows\NvOptimizerLog\libEGL.dll
Filesize
436KB

MD5
2fe9e551c93156baf537483671ec4ad7

SHA1
08ce2344b2e0a78c2af637f0eae46b948661d5a5

SHA256
f231525ba1ea2522552a722620bced187357d66d945f0cec067c5d858950ea61

SHA512
f93181f1f2268cc380dafef02a93899cb9a19f3287a918bf6ba8eaa69190627d2e2fb0c82b693471e3ca63fbcb07c44212268c1357a5a4cf594a3bd8973eefd2

Download Submit
C:\Windows\NvOptimizerLog\libGLESv2.dll
Filesize
7.5MB

MD5
5967a9234ec54d734b31cfd12cb67faf

SHA1
536840ddb29ead51d43a506fd493b48c436097d6

SHA256
48ec76bac1ff6647096a9532ac21b4a0d7c6c9c24613971aaa201cce452ce4ce

SHA512
cf8e4c3a838b58a568639ab2778800d776e0171dc34e3b82f537adbadceaa3c292240ec7d8561b5a85df3caef6e001a07ac19e280a5bb8b0607f8ba767461479

Download Submit
C:\Windows\NvOptimizerLog\locales\en-US.pak
Filesize
85KB

MD5
6bbeeb72daebc3b0cbd9c39e820c87a9

SHA1
bd9ebec2d3fc03a2b27f128cf2660b33a3344f43

SHA256
ac1cdb4fb4d9fb27a908ed0e24cc9cc2bd885bc3ffba7e08b0b907fd4d1a8c4b

SHA512
66944fb1abcc2a7e08e5fd8a2cee53eb9da57653d7880aea226f25879e26379f7d745ebf62a3518378fa503f3a31b3ea3716f49fe4c7db4f4af0228b81b53a10

Download Submit
C:\Windows\NvOptimizerLog\resources.pak
Filesize
4.9MB

MD5
5507bc28022b806ea7a3c3bc65a1c256

SHA1
9f8d3a56fef7374c46cd3557f73855d585692b54

SHA256
367467609a389b67600628760c26732fc1a25f563f73263bc2c4bf6eec9033df

SHA512
ae698d4feacc3e908981ee44df3a9d76e42a39bf083eaf099442ace2b863f882b43232e26e2c18051ca7aec81dccef5742acc7b82fb0cda2e14086b14d5a9a26

Download Submit
C:\Windows\NvOptimizerLog\resources\app.asar
Filesize
4.6MB

MD5
040a8280b01b5a029e50c5d141d555ad

SHA1
ce103568d6ae6456f1d1d718929b6972c0bad1b4

SHA256
6b6309fe0c4ca9c73626f1435ed3332656d9e6b1e500fb85af0ebf9842813485

SHA512
6706c453509bf718d1870c98a49842743cf2e49d22225a3d33051808a3f1045c7d0c065ecafae75f1bb57b4ef4436aa76774ff6553fddf3739bc47d2e9400ce8

Download Submit
C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\Info.plist
Filesize
960B

MD5
a0e3bdbe9880037f3c31443251b43932

SHA1
5786a415fd2dbcc2250751a15801225b88ab7993

SHA256
36f93f53854708454d6f6f05232e28b17b1dbfbe94cc194470e449c4e7e9dba3

SHA512
355863267b4e48ae9575ca1baab1c2a167fe60e7ea568df52ebfb317c89e0511b5c88f13fbd55b880b4b53ce0a688c0c005412bc31c67c0e895f123f713c75f6

Download Submit
C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\MacOS\applet
Filesize
24KB

MD5
bb97e2ae9bc6bf8e171d26e40f59361f

SHA1
9bcd87d5bca1e18efbd118d93d76002aa12baa12

SHA256
1f93d65a2692da30ba3997fdfbfbbe5880c2ea76d6cab9102faa8a6431350e02

SHA512
606111b939b1fbe3008f90af616470e9c9d320a70021348540c03d32355892c5989df28d08158930bda313d3f0d9549aaaaa7ea6c1788ce4e283340abb954163

Download Submit
C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\PkgInfo
Filesize
8B

MD5
db6f4017a24d2cb070ad3de12adb78f4

SHA1
94fdbee3e734a2df38fd68be4837e8fef066f005

SHA256
412d70757c4fdecdd73355ac4bb3ba80c6705110d15cfbc9fe925e7b4faf7962

SHA512
decf0a4297001fe030bbeba5748a72e9685a4590c83a90ec512dc28412a4a4f89e8ce97d1c8824309f50d9ea111e42c9428714017bdad47ff3fd7d241e19a352

Download Submit
C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\Resources\Scripts\main.scpt
Filesize
526B

MD5
35aaeb5ecdda5864920916f04d2ec307

SHA1
266ee05dd4a3e1869e318825c97c3290ae4439e5

SHA256
21ff89939fd03764301b1ab1cef0baa277bd2245fc5b9b4b5aed08c1efedfff3

SHA512
00a609155a776cdfdb0a0cf4c6ea43e0dcb9a8ca2d3b842dacb426a83b835c053700388912b4f1575150167167aab442fcc5b436e1326d81c6bb8e10ac3a1520

Download Submit
C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\Resources\applet.icns
Filesize
55KB

MD5
9ace56046961a8104d0f5121872cc010

SHA1
80fe32788daf39b1c16ff4c471191d1d212423fb

SHA256
dd9aa7a2c61535a9a49645f7f049a5581be150456ec1f18193d43ea0b6cc273a

SHA512
330ad8371fccf39efffc847a32be32cfea8a8693474d7d0537e80c0b0200ee8561a732fb98072caa5a4d65382b417d78430586b640266c811c51f3ef3ac1529e

Download Submit
C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\Resources\applet.rsrc
Filesize
362B

MD5
4cdcdd8071d02ede6173232f7bb19bdb

SHA1
b70c045a79039e50417958fddb7fea8b4b9efbfd

SHA256
6f2a0cd9dbfc52578dc28a25abe671d0ae63c36cdd06b6be8f08c56f02fbba13

SHA512
049c467eed33d2d19ceeea6a00218dc3236ff27310277416cf8891243d774498172755cd7d5f0433ee0e8dc677fb350a25e44d9c763498e4906ab13dd92074f5

Download Submit
C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\Resources\description.rtfd\TXT.rtf
Filesize
102B

MD5
cb51e6fa885502ba84f7d85355106e28

SHA1
def335a818a1ade9e99cfe7144e83bed2723212d

SHA256
ca58c48c0f35c7768863f31357f68393f7709e9810818b3a06b3004274f03a56

SHA512
33dbeb9c18e2a54c7c41282d73284b0a8c6d3ed0bb5cc556ce5d02ef0c670c86b74b46589750b866d2f148ff3b7dea655e1f3403f50847d527de4d24a5cbb905

Download Submit
C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\LICENSE
Filesize
1KB

MD5
ddbfd5852e8bd2337f0cc8a40d9f4d80

SHA1
8479b510d385d3c4be23f6ffad3b1be2db329179

SHA256
bb6f80cccd928864f67dc6ddba48443dfb51191b9d6506b01823ec05c48a151d

SHA512
875490e7ff4c9bb387e48223ed91b4d5f18dfbdc27f045ab7fb302d4882c094371fed961f9eea85673ab41aa8fdd785412cc91fa3282270e24787949304bb146

Download Submit
C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\gksudo
Filesize
27KB

MD5
60321adade3f5c1dfd761800fe1909d3

SHA1
39add6e5c395d04d3450874cbf79050d91674d04

SHA256
6a669fdc9331a3e8c4a75ff456bc66f96e85a8dfa3d28828307fc68d92e70fb1

SHA512
5f3c21dbc86318d0a3786313a433ae95a58241e7b8053ab9f2292a96e83b569219a6406b39d2e3a832d05314437e1d8db0c128858fe0a4b4369a65500c63e77e

Download Submit
C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\libgksu2.so.0
Filesize
68KB

MD5
6dbc4226a62a578b815c4d4be3eda0d7

SHA1
eb23f90635a8366c5c992043ccf2dfb817cf6512

SHA256
0eb70bd4b911c9af7c1c78018742cadb0c5f9b6d394005eaeaa733da4b5766e5

SHA512
3a2836f712ad7048dbeb5b6eec8e163652f97bea521eafcff5c598cbedf062baefaa7079d3a614470ef99ec954dac518224cb3515ca14757721f96412443c7c4

Download Submit
C:\Windows\NvOptimizerLog\resources\vlc\installer.exe
Filesize
42.4MB

MD5
14becb7840eb1d3d46071d2ee65c7be8

SHA1
ff6e6f9359127f836a03dfc2b8bc9ba651c627c4

SHA256
9737843c119905be767de5e94e398be1eb145b0cc6a5a02f057d4022b80da4d8

SHA512
717289d3b514f4daa6b1cf97705c876bbe89fa215084ba8e1abeef3770e0a620d04127ef8de1f2d89477e1fab355526ed584ed3f9c7ecaf0c7d24a9bceee8248

Download Submit
C:\Windows\NvOptimizerLog\v8_context_snapshot.bin
Filesize
160KB

MD5
b64c1fc7d75234994012c86dc5af10a6

SHA1
d0d562b5735d28381d59d0d86078ff6b493a678e

SHA256
31c3aa5645b5487bf484fd910379003786523f3063e946ef9b50d257d0ee5790

SHA512
6218fcb74ef715030a2dd718c87b32f41e976dd4ce459c54a45341ee0f5ca5c927ad507d3afcffe7298b989e969885ed7fb72030ea59387609e8bd5c4b8eb60a

Download Submit
memory/228-1768-0x00007FFB2CB10000-0x00007FFB2D5D2000-memory.dmp

Filesize
10.8MB

Download
memory/228-1757-0x00007FFB2CB10000-0x00007FFB2D5D2000-memory.dmp

Filesize
10.8MB

Download
memory/324-759-0x000001D6F1070000-0x000001D6F1146000-memory.dmp

Filesize
856KB

Download
memory/568-750-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/704-1743-0x0000000073740000-0x0000000073749000-memory.dmp

Filesize
36KB

Download
memory/704-1742-0x0000000073750000-0x000000007375E000-memory.dmp

Filesize
56KB

Download
memory/704-1741-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/1436-1744-0x00007FFB2CB10000-0x00007FFB2D5D2000-memory.dmp

Filesize
10.8MB

Download
memory/1436-1753-0x0000026A70AC0000-0x0000026A70AD0000-memory.dmp

Filesize
64KB

Download
memory/1436-1755-0x00007FFB2CB10000-0x00007FFB2D5D2000-memory.dmp

Filesize
10.8MB

Download
memory/1460-626-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/1544-657-0x00007FFB2FAA0000-0x00007FFB30562000-memory.dmp

Filesize
10.8MB

Download
memory/1544-645-0x000001415F890000-0x000001415F8A0000-memory.dmp

Filesize
64KB

Download
memory/1544-643-0x000001415F890000-0x000001415F8A0000-memory.dmp

Filesize
64KB

Download
memory/1544-644-0x000001415F890000-0x000001415F8A0000-memory.dmp

Filesize
64KB

Download
memory/1544-642-0x00007FFB2FAA0000-0x00007FFB30562000-memory.dmp

Filesize
10.8MB

Download
memory/1556-604-0x00007FFB2FAA0000-0x00007FFB30562000-memory.dmp

Filesize
10.8MB

Download
memory/1556-598-0x00007FFB2FAA0000-0x00007FFB30562000-memory.dmp

Filesize
10.8MB

Download
memory/1556-599-0x000001FC87E70000-0x000001FC87E80000-memory.dmp

Filesize
64KB

Download
memory/1556-600-0x000001FC87E70000-0x000001FC87E80000-memory.dmp

Filesize
64KB

Download
memory/1764-1711-0x00000158792D0000-0x00000158792E0000-memory.dmp

Filesize
64KB

Download
memory/1764-1710-0x00007FFB2CB10000-0x00007FFB2D5D2000-memory.dmp

Filesize
10.8MB

Download
memory/1764-1720-0x00000158792D0000-0x00000158792E0000-memory.dmp

Filesize
64KB

Download
memory/1764-1724-0x00007FFB2CB10000-0x00007FFB2D5D2000-memory.dmp

Filesize
10.8MB

Download
memory/1852-518-0x00000274558C0000-0x00000274558E4000-memory.dmp

Filesize
144KB

Download
memory/1852-522-0x00007FFB2F9F0000-0x00007FFB304B2000-memory.dmp

Filesize
10.8MB

Download
memory/1852-503-0x0000027455340000-0x0000027455362000-memory.dmp

Filesize
136KB

Download
memory/1852-506-0x0000027455330000-0x0000027455340000-memory.dmp

Filesize
64KB

Download
memory/1852-507-0x0000027455330000-0x0000027455340000-memory.dmp

Filesize
64KB

Download
memory/1852-505-0x0000027455330000-0x0000027455340000-memory.dmp

Filesize
64KB

Download
memory/1852-504-0x00007FFB2F9F0000-0x00007FFB304B2000-memory.dmp

Filesize
10.8MB

Download
memory/1852-508-0x0000027455770000-0x00000274557B6000-memory.dmp

Filesize
280KB

Download
memory/1852-517-0x00000274558C0000-0x00000274558EA000-memory.dmp

Filesize
168KB

Download
memory/1960-758-0x000001E093290000-0x000001E093366000-memory.dmp

Filesize
856KB

Download
memory/1960-354-0x00007FFB52180000-0x00007FFB52181000-memory.dmp

Filesize
4KB

Download
memory/2004-533-0x00007FFB2F9F0000-0x00007FFB304B2000-memory.dmp

Filesize
10.8MB

Download
memory/2004-540-0x00007FFB2F9F0000-0x00007FFB304B2000-memory.dmp

Filesize
10.8MB

Download
memory/2004-534-0x0000029A57540000-0x0000029A57550000-memory.dmp

Filesize
64KB

Download
memory/2004-536-0x0000029A57540000-0x0000029A57550000-memory.dmp

Filesize
64KB

Download
memory/2004-535-0x0000029A57540000-0x0000029A57550000-memory.dmp

Filesize
64KB

Download
memory/2336-551-0x0000018323AF0000-0x0000018323B00000-memory.dmp

Filesize
64KB

Download
memory/2336-550-0x00007FFB2FAA0000-0x00007FFB30562000-memory.dmp

Filesize
10.8MB

Download
memory/2336-555-0x00007FFB2FAA0000-0x00007FFB30562000-memory.dmp

Filesize
10.8MB

Download
memory/2724-582-0x00007FFB2FAA0000-0x00007FFB30562000-memory.dmp

Filesize
10.8MB

Download
memory/2724-584-0x00000170CDD90000-0x00000170CDDA0000-memory.dmp

Filesize
64KB

Download
memory/2724-583-0x00000170CDD90000-0x00000170CDDA0000-memory.dmp

Filesize
64KB

Download
memory/2724-585-0x00000170CDD90000-0x00000170CDDA0000-memory.dmp

Filesize
64KB

Download
memory/2724-588-0x00007FFB2FAA0000-0x00007FFB30562000-memory.dmp

Filesize
10.8MB

Download
memory/2804-846-0x00007FFB2DF80000-0x00007FFB2EA42000-memory.dmp

Filesize
10.8MB

Download
memory/2804-824-0x000001ECBA460000-0x000001ECBA470000-memory.dmp

Filesize
64KB

Download
memory/2804-823-0x00007FFB2DF80000-0x00007FFB2EA42000-memory.dmp

Filesize
10.8MB

Download
memory/4436-565-0x0000020F41C10000-0x0000020F41C20000-memory.dmp

Filesize
64KB

Download
memory/4436-570-0x0000020F41C10000-0x0000020F41C20000-memory.dmp

Filesize
64KB

Download
memory/4436-569-0x0000020F41C10000-0x0000020F41C20000-memory.dmp

Filesize
64KB

Download
memory/4436-572-0x00007FFB2FAA0000-0x00007FFB30562000-memory.dmp

Filesize
10.8MB

Download
memory/4436-559-0x00007FFB2FAA0000-0x00007FFB30562000-memory.dmp

Filesize
10.8MB

Download
memory/4800-615-0x000001F0E86B0000-0x000001F0E86C0000-memory.dmp

Filesize
64KB

Download
memory/4800-631-0x00007FFB2FAA0000-0x00007FFB30562000-memory.dmp

Filesize
10.8MB

Download
memory/4800-611-0x00007FFB2FAA0000-0x00007FFB30562000-memory.dmp

Filesize
10.8MB

Download
memory/4868-1740-0x00000198FF940000-0x00000198FFA16000-memory.dmp

Filesize
856KB

Download
memory/4868-1619-0x00007FFB52180000-0x00007FFB52181000-memory.dmp

Filesize
4KB

Download
memory/5792-803-0x00007FFB2DF80000-0x00007FFB2EA42000-memory.dmp

Filesize
10.8MB

Download
memory/5792-821-0x00007FFB2DF80000-0x00007FFB2EA42000-memory.dmp

Filesize
10.8MB

Download
memory/5792-804-0x0000026E45530000-0x0000026E45540000-memory.dmp

Filesize
64KB

Download
memory/5792-805-0x0000026E45530000-0x0000026E45540000-memory.dmp

Filesize
64KB

Download
memory/6736-1704-0x00000287E7BC0000-0x00000287E7BD0000-memory.dmp

Filesize
64KB

Download
memory/6736-1703-0x00007FFB2CB10000-0x00007FFB2D5D2000-memory.dmp

Filesize
10.8MB

Download
memory/6736-1708-0x00007FFB2CB10000-0x00007FFB2D5D2000-memory.dmp

Filesize
10.8MB

Download
memory/6968-1693-0x00007FFB2CB10000-0x00007FFB2D5D2000-memory.dmp

Filesize
10.8MB

Download
memory/6968-1685-0x0000028019E00000-0x0000028019E10000-memory.dmp

Filesize
64KB

Download
memory/6968-1681-0x00007FFB2CB10000-0x00007FFB2D5D2000-memory.dmp

Filesize
10.8MB

Download
memory/6968-1686-0x0000028019E00000-0x0000028019E10000-memory.dmp

Filesize
64KB

Download