Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
08-04-2024 20:33
General
-
Target
Luno_CS2_-_Skin_Changer_Wallhack_Esp_Aimbot_More-Setup-v-assdork.exe
-
Size
704KB
-
MD5
d1fc9e6d71a4867ab71af5566e525ba0
-
SHA1
593b10280a926134839feb8e2f9d0da9ee9c0593
-
SHA256
21be0a068d7d1b57578bfb2ed850b3f3b1cfe4a4c47981ead95abdb8c20278fe
-
SHA512
c82a23e5e0e3a38e32fc08401890852a71ec90640bbfb944ed7d45812493a53d2be2c0e4373692e52c77d666b8ae72cd0d15c3dc4bc3cc52887ad4589820658d
-
SSDEEP
12288:iOIVD3gyucpjRKaDPNKT1zH3ptaR1sDfOQSvJqFZ6rOIIzVFA4+M:iOIyyuUjMaDu173pG1szLSvJwSOZBv
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Windows directory 64 IoCs
-
Executes dropped EXE 5 IoCs
-
Loads dropped DLL 19 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Gathers system information 1 TTPs 1 IoCs
Runs systeminfo.exe.
-
Modifies data under HKEY_USERS 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 32 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 51 IoCs
-
Suspicious use of SendNotifyMessage 48 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Luno_CS2_-_Skin_Changer_Wallhack_Esp_Aimbot_More-Setup-v-assdork.exe"C:\Users\Admin\AppData\Local\Temp\Luno_CS2_-_Skin_Changer_Wallhack_Esp_Aimbot_More-Setup-v-assdork.exe"1⤵
- Drops file in Windows directory
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\NvOptimizerLog\VLC.exe"C:\Windows\NvOptimizerLog\VLC.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\NvOptimizerLog\VLC.exe"C:\Windows\NvOptimizerLog\VLC.exe" --type=gpu-process --field-trial-handle=1616,4211880585165233522,12777605400434940410,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1624 /prefetch:22⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\NvOptimizerLog\VLC.exe"C:\Windows\NvOptimizerLog\VLC.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1616,4211880585165233522,12777605400434940410,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1776 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Windows\NvOptimizerLog\resources\vlc\installer.exeresources/vlc/installer.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\NvOptimizerLog\VLC.exe"C:\Windows\NvOptimizerLog\VLC.exe" --type=renderer --field-trial-handle=1616,4211880585165233522,12777605400434940410,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Windows\NvOptimizerLog\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2080 /prefetch:12⤵
- Checks computer location settings
- Drops file in System32 directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\chcp.comchcp4⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "SCHTASKS /Create /TN "NvOptimizerTaskUpdater_V2" /SC HOURLY /TR "powershell -File C:/Windows/System32/NvWinSearchOptimizer.ps1" /RL HIGHEST /MO 4 /RU System /ST 20:37"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\schtasks.exeSCHTASKS /Create /TN "NvOptimizerTaskUpdater_V2" /SC HOURLY /TR "powershell -File C:/Windows/System32/NvWinSearchOptimizer.ps1" /RL HIGHEST /MO 4 /RU System /ST 20:374⤵
- Creates scheduled task(s)
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted4⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "powershell Get-ExecutionPolicy"3⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Get-ExecutionPolicy4⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "systeminfo"3⤵
-
C:\Windows\system32\systeminfo.exesysteminfo4⤵
- Gathers system information
-
C:\Windows\system32\cscript.execscript.exe3⤵
-
C:\Windows\system32\cscript.execscript.exe //Nologo resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\NvOptimizer3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "start chrome "https://mediatrackerr.com/track-install?s=vlc&u=c944c3eb-a1a8-44a9-95d7-142c1b1ae53b&f=Luno_CS2_-_Skin_Changer_Wallhack_Esp_Aimbot_More-Setup-v-assdork.exe""3⤵
- Checks computer location settings
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mediatrackerr.com/track-install?s=vlc&u=c944c3eb-a1a8-44a9-95d7-142c1b1ae53b&f=Luno_CS2_-_Skin_Changer_Wallhack_Esp_Aimbot_More-Setup-v-assdork.exe"4⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb3c3d9758,0x7ffb3c3d9768,0x7ffb3c3d97785⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1852,i,1160029257217189123,4923025465887550224,131072 /prefetch:25⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1852,i,1160029257217189123,4923025465887550224,131072 /prefetch:85⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1852,i,1160029257217189123,4923025465887550224,131072 /prefetch:85⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1852,i,1160029257217189123,4923025465887550224,131072 /prefetch:15⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1852,i,1160029257217189123,4923025465887550224,131072 /prefetch:15⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4572 --field-trial-handle=1852,i,1160029257217189123,4923025465887550224,131072 /prefetch:15⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4916 --field-trial-handle=1852,i,1160029257217189123,4923025465887550224,131072 /prefetch:85⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1852,i,1160029257217189123,4923025465887550224,131072 /prefetch:85⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1852,i,1160029257217189123,4923025465887550224,131072 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mediatrackerr.com/track-install?s=vlc&u=c944c3eb-a1a8-44a9-95d7-142c1b1ae53b&f=Luno_CS2_-_Skin_Changer_Wallhack_Esp_Aimbot_More-Setup-v-assdork.exe3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb3f1c46f8,0x7ffb3f1c4708,0x7ffb3f1c47184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2441789779389454982,1747433173669794109,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2441789779389454982,1747433173669794109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,2441789779389454982,1747433173669794109,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2441789779389454982,1747433173669794109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2441789779389454982,1747433173669794109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2441789779389454982,1747433173669794109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:14⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAFilesize
1KB
MD559e1ebcfc02459f7178653fa5aeaae64
SHA19a15a058e1cfea4aef55efac3ed14aee5f3e6bf0
SHA256641821ba95d9298f8cb5fef6efb0f421621315c50abf64c26201f79f977e6ddb
SHA512a219e0ee4f97617fd7a284030fdc5f4d80fc49d444e97a5d5f91f5bb354e57269c24c6a05b458eef4943627c7caf6ee9a45ef9d40946821121d609d442642e01
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAFilesize
724B
MD5ac89a852c2aaa3d389b2d2dd312ad367
SHA18f421dd6493c61dbda6b839e2debb7b50a20c930
SHA2560b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAFilesize
410B
MD526b6efdb21a895d0d29721e30fd9cbcb
SHA1833fb044e4ec61c2d22e9e775b3752b5780cf780
SHA256caf891b86a2866a69235525c60c7e630ebd20ecfb2e23c72267e0c9b64618887
SHA512835f32af1bd9b74f5ac881e706566fc1f979cffd3d9f651915994ba5562445705bb9247a4ca2112b9172ff85ff952e748a6afce963b298ae6d6cded47357c39a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAFilesize
392B
MD5dd5df9c846d89fa402cbf559b692db10
SHA1c1be68803afe30112d444d13df5a231fc63186b9
SHA256722ed2c60cfa252e5dc8dcbebfae172ded43f7bfeaaebe475d0a396f3cbfd08b
SHA51215e9f4de200bdcb81342947468f8fc85e449a4c716c8312bff1de7f447e7bbc0bd367847e8348625fc5c7e8ceb05c17254a54f5a9423cf21a7c2f787c3f8d43e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
336B
MD5a829abfd6f5de535c80670ce52739fb4
SHA147c017fd31df3cf49e215599b41453a55a5797cf
SHA256859026257490e872f24df0d5c980a84800942cdf694d513703dfa7419c0857bd
SHA51284a2a3aacfc2bfcafaeb4b510f37a16d0251941f80568439c3ec8edb79d22b0c334576d3dd4b21e17e3d1ab8424e26fdad6d4a0f7a99895f78eeef3e8a617ca6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD58c6b87810963fa386fc8d61d3a121181
SHA1a2a3d9291406523e4240f2cd08787aeed49880f6
SHA256b68916ed7253f765c8a7eaa109ac3a394a648721e6928396c366a458056b952e
SHA512df6ae1f022bfa59e17643a49ffaf4c44c5936b391840e91959eec6fb4d20eb477a4b8fefcfaf85cfa7e7954407094dddd7495370b74fce58c606ba9862d24a59
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
539B
MD50d8398fcff85a892f734e0650fdfdab3
SHA1ec038eeb277286fd844ff144a1462e379a938442
SHA256d77e4b5182703479b02b0e79fb6ad1fc4ca25858ec2842591fe5a9c141e785c7
SHA512662f8f3c31952b60d40bd6444a96a47443a16d34c086c4b3022d208b877df8594c8420c7e341395dcd7fea494848755b156d9cb8409fbf0bd3671722779f467b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5fd9d8a255ad36c2e14f99503131895d0
SHA1e6b8bef0831ad7a2bedb0feeb87c6807ec856c11
SHA256f0d311f2efe5466a35422b91d6c983e83a047b9ed6d6e147ea8791db3c12dca3
SHA512b2c4befd7fbf5dd299fee834906c39bb36838fc90bd3dac2eb708c270ec8e267dd6171bd8490b61d1147deddf4bc3f59c2c766cd420a9cd3e505878075c6229b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
15KB
MD55bf1f6e87c7de3a3cba39ec4ffe91530
SHA1f0f0e4f09af02fba37b6dfd3a8ce2c6112d53113
SHA2566ddb29cf1cb98346c199b45a5a28f071bb7e8926baaeaad4eb8886a131302eaf
SHA5129fbfa4c1a7af85952e5bfbd8928ef8b25f5ffc2f15793c92a06f14d70618a365f3584e9f31579d56e97e34c2f5c0cacedfb366909947f11ff0f04e0d1fee97cd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
260KB
MD5be930d46eb8299b67f1aa87db2011b8b
SHA1e98c5ada2e5f957647ad336bb1d822ebe4c39b8d
SHA25697372df0559d1b53058bc452ba34bad8a36dbf5ae62316024295ed052b0d005d
SHA5124eded796f10113e302aa70fc89629e6a455bdcc637dc5e81d06ab8b844a08c5abf6ab6fd060b44977c60cbbcf01a314edce6c9048dbc825dd3f86679123ce960
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.logFilesize
3KB
MD55c3cc3c6ae2c1e0b92b502859ce79d0c
SHA1bde46d0f91ad780ce5cba924f8d9f4c175c5b83d
SHA2565a48860ad5bdf15d7a241aa16124163ec48adc0f0af758e43561ac07e4f163b2
SHA512269b79931df92c30741c9a42a013cb24935887272ed8077653f0b6525793da52c5004c70329d8e0e7b2776fc1aba6e32da5dadf237ae42f7398fdf35a930663e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD59f44d6f922f830d04d7463189045a5a3
SHA12e9ae7188ab8f88078e83ba7f42a11a2c421cb1c
SHA2560ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a
SHA5127c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD57740a919423ddc469647f8fdd981324d
SHA1c1bc3f834507e4940a0b7594e34c4b83bbea7cda
SHA256bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221
SHA5127ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
336B
MD5537d5564d56c1023b9413cbb9d5177ba
SHA11a38086fab3c07d07e69cbc83d12bd26d58a1b31
SHA2560f7de74212d3ba15cd9f4a510742be4b5e6c996252e6c6399b90c1e28386050c
SHA512e9fb50bfaf0c04361aa5a3342c288bbb784c301118d8cce98d2969c238b77f9705bbbd8730939176be8192074fd7753e971597f85aefbe26b2d1ae5a4be052d2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5eb210797d1498bfe6b26c1e3a19c1098
SHA1ac49cc2cc8c31bb0476df45c381ca83b1752cd41
SHA256129fe4026b2535b7c57c4be8ab4b9b17ab4d98eff8acdbe59b4f86b7e0b0d8ab
SHA5128d2a7abe9bf28c0301daa482af9dc21286a6c684eb12f972085a21bfb3218086d6a5e25ba00a0b3fd3787d2396940f645a8d77487f594bc7844545ebbd29f684
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5b3db0402ba0cf36db94a0af58caf8ff9
SHA11fa920f10d813bd06eda0d8d09224dc365322e7c
SHA2562eab37106262a0a7c8bad57d0fe0768bceb8fe491b49955d50d1c0ad9a7575a7
SHA51239d65a2a6d7877950474a4fd01156648d20927d0802d94c0c99e2b5183130d5aa27e0306b91d537930bd741e52077e16f1d7f186ebc216606dd39f94c123194a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD582a3eca15c10e17c9105c581e472a0c1
SHA1a2e35a827888d762d01b11fa48241b954b17678e
SHA25656f035396b9694eb6ee96ee6fd89dbad28197dcb517f159d98eb86e019ba7997
SHA5120830df52fc5e5f8107d4fc0f9d6d956709c802baffe3fd7a94e1cbbc5841653d1ca6f7b2416eaee01ddadb92863f682c59f840db86d2b90d1d26c4aa9a0edcce
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5eed77b8be85b122c9cbf6951364aa719
SHA10b0086a6d128e261ba08a0e746b88a53d7b30f12
SHA256f62a7011d3158f511765dd540d9f708141f2dee42e68cbc5c060f9ec11103a58
SHA512bff5124826b71addfaefdb7b8b1939e933ff36dda8208cc662d7314c5493be6bf70592fdf96f77ab43e8c93a51d879ce5a4c105b1f45ca7ca82c90f65a036c95
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-InteractiveFilesize
2KB
MD52f87410b0d834a14ceff69e18946d066
SHA1f2ec80550202d493db61806693439a57b76634f3
SHA2565422bc17b852ad463110de0db9b59ffa4219e065d3e2843618d6ebbd14273c65
SHA512a313702f22450ceff0a1d7f890b0c16cf667dbcd668dbafa6dbecd0791236c0bc68e834d12113cc75352365c2a2b6cfcf30b6ef7c97ea53ed135da50de389db4
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-InteractiveFilesize
2KB
MD5a1b84926d176ac3e6bce1d0a69e7162a
SHA158ee1510b7293a8e50a743265f49c50e2bc4817b
SHA256e8e1c331b153705cbdd4f958591fe25b68ef1fbd25dedbbd1be3ae4db6f3b512
SHA51216874e7e7cf7e52a39dd111eeb58910698c5da14ccb91bf5886b1438354172e8c354d77fca12037bfdfad205ca4771d7845f70b83281559af033263a9d581b48
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
64B
MD51a11402783a8686e08f8fa987dd07bca
SHA1580df3865059f4e2d8be10644590317336d146ce
SHA2569b1d1b468932a2d88548dc18504ac3066f8248079ecb083e919460bdb88398c0
SHA5125f7f9f76d9d12a25fdc5b8d193391fb42c37515c657250fe01a9bfd9fe4cc4eab9d5ec254b2596ac1b9005f12511905f19fdae41f057062261d75bd83254b510
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mgkplhdv.n1n.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
C:\Users\Admin\AppData\Local\Temp\nsj2865.tmp\LangDLL.dllFilesize
7KB
MD520850d4d5416fbfd6a02e8a120f360fc
SHA1ac34f3a34aaa4a21efd6a32bc93102639170e219
SHA256860b409b065b747aab2a9937f02d08b6fd7309993b50d8e4b53983c8c2b56b61
SHA512c8048b9ae0ced72a384c5ab781083a76b96ae08d5c8a5c7797f75a7e54e9cd9192349f185ee88c9cf0514fc8d59e37e01d88b9c8106321c0581659ebe1d1c276
-
C:\Users\Admin\AppData\Local\Temp\nsj2865.tmp\System.dllFilesize
26KB
MD54f25d99bf1375fe5e61b037b2616695d
SHA1958fad0e54df0736ddab28ff6cb93e6ed580c862
SHA256803931797d95777248dee4f2a563aed51fe931d2dd28faec507c69ed0f26f647
SHA51296a8446f322cd62377a93d2088c0ce06087da27ef95a391e02c505fb4eb1d00419143d67d89494c2ef6f57ae2fd7f049c86e00858d1b193ec6dde4d0fe0e3130
-
C:\Users\Admin\AppData\Local\Temp\nsp5F38.tmp\INetC.dllFilesize
238KB
MD538caa11a462b16538e0a3daeb2fc0eaf
SHA1c22a190b83f4b6dc0d6a44b98eac1a89a78de55c
SHA256ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a
SHA512777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1
-
C:\Users\Admin\AppData\Local\Temp\nsp5F38.tmp\SpiderBanner.dllFilesize
9KB
MD517309e33b596ba3a5693b4d3e85cf8d7
SHA17d361836cf53df42021c7f2b148aec9458818c01
SHA256996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA5121abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
-
C:\Users\Admin\AppData\Local\Temp\nsp5F38.tmp\StdUtils.dllFilesize
100KB
MD5c6a6e03f77c313b267498515488c5740
SHA13d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA5129870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
C:\Users\Admin\AppData\Local\Temp\nsp5F38.tmp\System.dllFilesize
12KB
MD50d7ad4f45dc6f5aa87f606d0331c6901
SHA148df0911f0484cbe2a8cdd5362140b63c41ee457
SHA2563eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
C:\Users\Admin\AppData\Local\Temp\nsp5F38.tmp\WinShell.dllFilesize
3KB
MD51cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA10b9519763be6625bd5abce175dcc59c96d100d4c
SHA2569be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA5127acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
-
C:\Users\Admin\AppData\Local\Temp\nsp5F38.tmp\nsProcess.dllFilesize
4KB
MD5f0438a894f3a7e01a4aae8d1b5dd0289
SHA1b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA25630c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
-
C:\Users\Admin\AppData\Local\Temp\nsp5F38.tmp\nsis7z.dllFilesize
424KB
MD580e44ce4895304c6a3a831310fbf8cd0
SHA136bd49ae21c460be5753a904b4501f1abca53508
SHA256b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
-
C:\Users\Admin\AppData\Local\Temp\nsp5F38.tmp\package.7zFilesize
99.0MB
MD5fdfe1ece23e984d00402431d082d768e
SHA19405760465c3f8abc4d08473219deea9d902e2e6
SHA25699168cc1971f35f0cea1ac61d90e3aef6cc177a510bb90203350ac2c808c73ee
SHA512d0979e9359d7c15910522aefb5e5e23eeaacf0335fa299e09c9c6ddc962c1a224bdf3372d0f286b181182fc893bcd93558e360fb6f6645613c9a0875a89a8b49
-
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dicFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Windows\NvOptimizerLog\VLC.exeFilesize
125.1MB
MD5031021334754b192f286d0c1610ba5a1
SHA10cdc202ba17c952076c37c85eece7b678ebaeef9
SHA256c11b411ae2ce44803a4a2e1f14afc93f11c8b111fdf0205639be5141a28f3a89
SHA512eb0a34610e7479902d6498bcd75c71b4efed77b1b07dc44c22d1c59897b18f62d4399a710d29d9665b830a50c2f0703c5ecd5cdcd2751b50b4e416581ff08bea
-
C:\Windows\NvOptimizerLog\chrome_100_percent.pakFilesize
123KB
MD5a59ea69d64bf4f748401dc5a46a65854
SHA1111c4cc792991faf947a33386a5862e3205b0cff
SHA256f1a935db8236203cbc1dcbb9672d98e0bd2fa514429a3f2f82a26e0eb23a4ff9
SHA51212a1d953df00b6464ecc132a6e5b9ec3b301c7b3cefe12cbcad27a496d2d218f89e2087dd01d293d37f29391937fcbad937f7d5cf2a6f303539883e2afe3dacd
-
C:\Windows\NvOptimizerLog\chrome_200_percent.pakFilesize
183KB
MD51985b8fc603db4d83df72cfaeeac7c50
SHA15b02363de1c193827062bfa628261b1ec16bd8cf
SHA2567f9ded50d81c50f9c6ed89591fa621fabbd45cef150c8aabcceb3b7a9de5603b
SHA51227e90dd18cbce0e27c70b395895ef60a8d2f2f3c3f2ca38f48b7ecf6b0d5e6fefbe88df7e7c98224222b34ff0fbd60268fdec17440f1055535a79002044c955b
-
C:\Windows\NvOptimizerLog\d3dcompiler_47.dllFilesize
4.3MB
MD57641e39b7da4077084d2afe7c31032e0
SHA12256644f69435ff2fee76deb04d918083960d1eb
SHA25644422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
SHA5128010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5
-
C:\Windows\NvOptimizerLog\ffmpeg.dllFilesize
2.7MB
MD55c2e6bcfcffc022cfb7e975ad4ce2ea4
SHA18f65334f554b02e206faecd2049d31ef678b321d
SHA256d068695dc8f873caab1db51c179e9696dda2319fa05c0f2d281f9979e2054fc2
SHA512b5fe0039e1702375a6e1f4ef7bfb24d0acc42c87d02202a488fccf3d161598549055d2ac0103c95dbbc0e46975aed30259edbfef7ce77d00f1de7c1670c00959
-
C:\Windows\NvOptimizerLog\icudtl.datFilesize
9.9MB
MD570499b58dc18e7ee1d7452a1d7a8bc6e
SHA141c5382f08c6a88670ce73a20c0dcdb3822f19e9
SHA25602db39ba465fc8b7a4cd280732760f29911edde87b331bf7cea7677e94d483e0
SHA512a80939e9809bb7d20f00ad685c94d5c182fa729616c975e605abf09afb58376be73a49fefa35b75ed1a284eccf208af7656c8df44c5959df7eaf51367d232dc6
-
C:\Windows\NvOptimizerLog\libEGL.dllFilesize
436KB
MD52fe9e551c93156baf537483671ec4ad7
SHA108ce2344b2e0a78c2af637f0eae46b948661d5a5
SHA256f231525ba1ea2522552a722620bced187357d66d945f0cec067c5d858950ea61
SHA512f93181f1f2268cc380dafef02a93899cb9a19f3287a918bf6ba8eaa69190627d2e2fb0c82b693471e3ca63fbcb07c44212268c1357a5a4cf594a3bd8973eefd2
-
C:\Windows\NvOptimizerLog\libglesv2.dllFilesize
7.5MB
MD55967a9234ec54d734b31cfd12cb67faf
SHA1536840ddb29ead51d43a506fd493b48c436097d6
SHA25648ec76bac1ff6647096a9532ac21b4a0d7c6c9c24613971aaa201cce452ce4ce
SHA512cf8e4c3a838b58a568639ab2778800d776e0171dc34e3b82f537adbadceaa3c292240ec7d8561b5a85df3caef6e001a07ac19e280a5bb8b0607f8ba767461479
-
C:\Windows\NvOptimizerLog\locales\en-US.pakFilesize
85KB
MD56bbeeb72daebc3b0cbd9c39e820c87a9
SHA1bd9ebec2d3fc03a2b27f128cf2660b33a3344f43
SHA256ac1cdb4fb4d9fb27a908ed0e24cc9cc2bd885bc3ffba7e08b0b907fd4d1a8c4b
SHA51266944fb1abcc2a7e08e5fd8a2cee53eb9da57653d7880aea226f25879e26379f7d745ebf62a3518378fa503f3a31b3ea3716f49fe4c7db4f4af0228b81b53a10
-
C:\Windows\NvOptimizerLog\resources.pakFilesize
4.9MB
MD55507bc28022b806ea7a3c3bc65a1c256
SHA19f8d3a56fef7374c46cd3557f73855d585692b54
SHA256367467609a389b67600628760c26732fc1a25f563f73263bc2c4bf6eec9033df
SHA512ae698d4feacc3e908981ee44df3a9d76e42a39bf083eaf099442ace2b863f882b43232e26e2c18051ca7aec81dccef5742acc7b82fb0cda2e14086b14d5a9a26
-
C:\Windows\NvOptimizerLog\resources\app.asarFilesize
4.6MB
MD5040a8280b01b5a029e50c5d141d555ad
SHA1ce103568d6ae6456f1d1d718929b6972c0bad1b4
SHA2566b6309fe0c4ca9c73626f1435ed3332656d9e6b1e500fb85af0ebf9842813485
SHA5126706c453509bf718d1870c98a49842743cf2e49d22225a3d33051808a3f1045c7d0c065ecafae75f1bb57b4ef4436aa76774ff6553fddf3739bc47d2e9400ce8
-
C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\libgksu2.so.0Filesize
68KB
MD56dbc4226a62a578b815c4d4be3eda0d7
SHA1eb23f90635a8366c5c992043ccf2dfb817cf6512
SHA2560eb70bd4b911c9af7c1c78018742cadb0c5f9b6d394005eaeaa733da4b5766e5
SHA5123a2836f712ad7048dbeb5b6eec8e163652f97bea521eafcff5c598cbedf062baefaa7079d3a614470ef99ec954dac518224cb3515ca14757721f96412443c7c4
-
C:\Windows\NvOptimizerLog\resources\regedit\vbs\ArchitectureAgnosticRegistry.vbsFilesize
2KB
MD5310a042dca2144c9cda556e9bc4b0c02
SHA1d2032af7eea0dbd027a36e577567e85486496949
SHA256caa82e59ca92629057791cb1e0ba0b74c90f561fac81b029033fc081a83431b0
SHA512843d9f6f300caba8df41511473c43f4d5029fa0012e593677c83f196c8d595194d1409069fb4b8616e0118f37ba943bbe656b29de40f0ad70997ab610fd98db8
-
C:\Windows\NvOptimizerLog\resources\regedit\vbs\regList.wsfFilesize
985B
MD5cae7db4194de43346121a463596e4f4f
SHA1f72843fa7e2a8d75616787b49f77b4380367ff26
SHA256b65c5af7dbeb43c62f6a5528af6db3cb1ca2a71735a8e7a1451796f834e355c2
SHA512ccee660cc4878301c743d3ebde4557dc180d8b6f77c97de5e36c95f6e4d2446ef7be28ebc787fdea2f2d817890ac7bdb713196c755a51677dc127cce77670026
-
C:\Windows\NvOptimizerLog\resources\regedit\vbs\regUtil.vbsFilesize
7KB
MD577e85aa761f75466e78ce420fdf67a31
SHA14470bd4d215d7682828cbc5f7f64993c078b2caa
SHA256350dea3d6c8e65372f8d12a5fd92a3a46a7519610c69564e8185a2ed66b00d59
SHA51250af664777545ced78c34a6ea35dae542fdb85b8b307a4a4a95db25a808a695d3fe8840edb36325279c2381fbae071f6b509f7491185cef2f42afcb7672cfd13
-
C:\Windows\NvOptimizerLog\resources\regedit\vbs\util.vbsFilesize
4KB
MD5e2be267c02d51df566fa726fc8aa075a
SHA1c9b9ae17f36e23d5d3cbbf2d6f17a954bfa87d24
SHA256b2efd5e0c2f695063a8bce40c8182aa70f33c4b1b77d232b7530d89fb9646f0c
SHA512b6f80622a9f61f636f7786d91a1b9e06a64602f0898425e90a1a696d0a4855c8c08cbd6e6b98b9a3a1a24de354b26260247953b5273f7d57ea87294b4b142e8a
-
C:\Windows\NvOptimizerLog\resources\vlc\installer.exeFilesize
42.4MB
MD514becb7840eb1d3d46071d2ee65c7be8
SHA1ff6e6f9359127f836a03dfc2b8bc9ba651c627c4
SHA2569737843c119905be767de5e94e398be1eb145b0cc6a5a02f057d4022b80da4d8
SHA512717289d3b514f4daa6b1cf97705c876bbe89fa215084ba8e1abeef3770e0a620d04127ef8de1f2d89477e1fab355526ed584ed3f9c7ecaf0c7d24a9bceee8248
-
C:\Windows\NvOptimizerLog\v8_context_snapshot.binFilesize
160KB
MD5b64c1fc7d75234994012c86dc5af10a6
SHA1d0d562b5735d28381d59d0d86078ff6b493a678e
SHA25631c3aa5645b5487bf484fd910379003786523f3063e946ef9b50d257d0ee5790
SHA5126218fcb74ef715030a2dd718c87b32f41e976dd4ce459c54a45341ee0f5ca5c927ad507d3afcffe7298b989e969885ed7fb72030ea59387609e8bd5c4b8eb60a
-
\??\pipe\LOCAL\crashpad_4624_TDOOYQOQHINHKZLAMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/876-475-0x00007FFB3C090000-0x00007FFB3CB51000-memory.dmpFilesize
10.8MB
-
memory/876-492-0x00007FFB3C090000-0x00007FFB3CB51000-memory.dmpFilesize
10.8MB
-
memory/876-476-0x00000220ECB50000-0x00000220ECB60000-memory.dmpFilesize
64KB
-
memory/876-489-0x00000220ECB50000-0x00000220ECB60000-memory.dmpFilesize
64KB
-
memory/876-482-0x00000220ECB50000-0x00000220ECB60000-memory.dmpFilesize
64KB
-
memory/1108-498-0x0000021B3D630000-0x0000021B3D640000-memory.dmpFilesize
64KB
-
memory/1108-509-0x00007FFB3C090000-0x00007FFB3CB51000-memory.dmpFilesize
10.8MB
-
memory/1108-496-0x00007FFB3C090000-0x00007FFB3CB51000-memory.dmpFilesize
10.8MB
-
memory/1108-497-0x0000021B3D630000-0x0000021B3D640000-memory.dmpFilesize
64KB
-
memory/1552-532-0x000002D0607B0000-0x000002D0608DA000-memory.dmpFilesize
1.2MB
-
memory/1552-702-0x000002D0607B0000-0x000002D0608DA000-memory.dmpFilesize
1.2MB
-
memory/1552-742-0x000002D0607B0000-0x000002D0608DA000-memory.dmpFilesize
1.2MB
-
memory/1552-746-0x000002D0607B0000-0x000002D0608DA000-memory.dmpFilesize
1.2MB
-
memory/1552-363-0x00007FFB5D970000-0x00007FFB5D971000-memory.dmpFilesize
4KB
-
memory/1564-473-0x00007FFB3BF70000-0x00007FFB3CA31000-memory.dmpFilesize
10.8MB
-
memory/1564-470-0x000001E4EF5B0000-0x000001E4EF5C0000-memory.dmpFilesize
64KB
-
memory/1564-463-0x000001E4EF5B0000-0x000001E4EF5C0000-memory.dmpFilesize
64KB
-
memory/1564-457-0x000001E4EF5B0000-0x000001E4EF5C0000-memory.dmpFilesize
64KB
-
memory/1564-456-0x00007FFB3BF70000-0x00007FFB3CA31000-memory.dmpFilesize
10.8MB
-
memory/2604-534-0x0000000074780000-0x000000007478E000-memory.dmpFilesize
56KB
-
memory/2604-533-0x0000000000400000-0x0000000000481000-memory.dmpFilesize
516KB
-
memory/2604-535-0x0000000074770000-0x0000000074779000-memory.dmpFilesize
36KB
-
memory/4604-444-0x0000021C371F0000-0x0000021C37200000-memory.dmpFilesize
64KB
-
memory/4604-449-0x0000021C371F0000-0x0000021C37200000-memory.dmpFilesize
64KB
-
memory/4604-445-0x0000021C37760000-0x0000021C377D6000-memory.dmpFilesize
472KB
-
memory/4604-447-0x0000021C376E0000-0x0000021C3770A000-memory.dmpFilesize
168KB
-
memory/4604-443-0x0000021C371F0000-0x0000021C37200000-memory.dmpFilesize
64KB
-
memory/4604-441-0x00007FFB3BF70000-0x00007FFB3CA31000-memory.dmpFilesize
10.8MB
-
memory/4604-442-0x0000021C37690000-0x0000021C376D4000-memory.dmpFilesize
272KB
-
memory/4604-448-0x0000021C376E0000-0x0000021C37704000-memory.dmpFilesize
144KB
-
memory/4604-436-0x0000021C1EBB0000-0x0000021C1EBD2000-memory.dmpFilesize
136KB
-
memory/4604-453-0x00007FFB3BF70000-0x00007FFB3CA31000-memory.dmpFilesize
10.8MB
-
memory/4892-526-0x00007FFB3C090000-0x00007FFB3CB51000-memory.dmpFilesize
10.8MB
-
memory/4892-513-0x000001EA19A50000-0x000001EA19A60000-memory.dmpFilesize
64KB
-
memory/4892-512-0x000001EA19A50000-0x000001EA19A60000-memory.dmpFilesize
64KB
-
memory/4892-511-0x00007FFB3C090000-0x00007FFB3CB51000-memory.dmpFilesize
10.8MB