21be0a068d7d1b57578bfb2ed850b3f3b1cfe4a4c47981ead95abdb8c20278fe

Analysis

max time kernel
233s
max time network
299s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
24-04-2024 23:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup-v-bqae76u.exe
Size

704KB
MD5

d1fc9e6d71a4867ab71af5566e525ba0
SHA1

593b10280a926134839feb8e2f9d0da9ee9c0593
SHA256

21be0a068d7d1b57578bfb2ed850b3f3b1cfe4a4c47981ead95abdb8c20278fe
SHA512

c82a23e5e0e3a38e32fc08401890852a71ec90640bbfb944ed7d45812493a53d2be2c0e4373692e52c77d666b8ae72cd0d15c3dc4bc3cc52887ad4589820658d
SSDEEP

12288:iOIVD3gyucpjRKaDPNKT1zH3ptaR1sDfOQSvJqFZ6rOIIzVFA4+M:iOIyyuUjMaDu173pG1szLSvJwSOZBv

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 64 IoCs

Processes:

Setup-v-bqae76u.exe

description	ioc	process
File created	C:\Windows\NvOptimizerLog\locales\nb.pak	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\zh-CN.pak	Setup-v-bqae76u.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources\applet.rsrc	Setup-v-bqae76u.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\libgksu2.so.0.0.2	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\snapshot_blob.bin	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\lib	Setup-v-bqae76u.exe
File created	C:\Windows\NvOptimizerLog\locales\cs.pak	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\swiftshader\libGLESv2.dll	Setup-v-bqae76u.exe
File created	C:\Windows\NvOptimizerLog\locales\fr.pak	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\mr.pak	Setup-v-bqae76u.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\LICENSE	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\Elevate\stdafx.h	Setup-v-bqae76u.exe
File created	C:\Windows\NvOptimizerLog\libGLESv2.dll	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\nb.pak	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\assets\osx.png	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\id.pak	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\lib\sudoer.js	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app	Setup-v-bqae76u.exe
File created	C:\Windows\NvOptimizerLog\LICENSES.chromium.html	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\sw.pak	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin	Setup-v-bqae76u.exe
File created	C:\Windows\NvOptimizerLog\locales\am.pak	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\ro.pak	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\libgksu2.so.0.0.2	Setup-v-bqae76u.exe
File created	C:\Windows\NvOptimizerLog\resources\regedit\vbs\JsonSafeTest.wsf	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources\Scripts	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\Elevate	Setup-v-bqae76u.exe
File created	C:\Windows\NvOptimizerLog\LICENSE.electron.txt	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\vulkan-1.dll	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\hu.pak	Setup-v-bqae76u.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\Resources\applet.rsrc	Setup-v-bqae76u.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\webpack\config.babel.js	Setup-v-bqae76u.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\elevate.exe	Setup-v-bqae76u.exe
File created	C:\Windows\NvOptimizerLog\Uninstall VLC.exe	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources	Setup-v-bqae76u.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\Elevate\main.c	Setup-v-bqae76u.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\Elevate\resource.h	Setup-v-bqae76u.exe
File created	C:\Windows\NvOptimizerLog\locales\hu.pak	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar	Setup-v-bqae76u.exe
File created	C:\Windows\NvOptimizerLog\locales\lt.pak	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\libgksu2.so.0	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\uk.pak	Setup-v-bqae76u.exe
File created	C:\Windows\NvOptimizerLog\resources.pak	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\regedit\vbs\regDeleteKey.wsf	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\regedit\vbs\util.vbs	Setup-v-bqae76u.exe
File created	C:\Windows\NvOptimizerLog\snapshot_blob.bin	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\cs.pak	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\fa.pak	Setup-v-bqae76u.exe
File created	C:\Windows\NvOptimizerLog\locales\ko.pak	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\MacOS\applet	Setup-v-bqae76u.exe
File created	C:\Windows\NvOptimizerLog\locales\el.pak	Setup-v-bqae76u.exe
File created	C:\Windows\NvOptimizerLog\locales\es-419.pak	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources\Scripts\main.scpt	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\LICENSE.md	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\es.pak	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\PkgInfo	Setup-v-bqae76u.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\MacOS\applet	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\webpack\chmod.js	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\vk_swiftshader.dll	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\en-US.pak	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\zh-TW.pak	Setup-v-bqae76u.exe
File created	C:\Windows\NvOptimizerLog\locales\te.pak	Setup-v-bqae76u.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\regedit\vbs\regUtil.vbs	Setup-v-bqae76u.exe

Executes dropped EXE 5 IoCs

Processes:

VLC.exeVLC.exeVLC.exeVLC.exeinstaller.exe

pid process

3272 VLC.exe
1256 VLC.exe
1568 VLC.exe
2024 VLC.exe
436 installer.exe

pid	process
3272	VLC.exe
1256	VLC.exe
1568	VLC.exe
2024	VLC.exe
436	installer.exe

Loads dropped DLL 17 IoCs

Processes:

Setup-v-bqae76u.exeVLC.exeVLC.exeVLC.exeVLC.exe

pid	process
3616	Setup-v-bqae76u.exe
3616	Setup-v-bqae76u.exe
3616	Setup-v-bqae76u.exe
3616	Setup-v-bqae76u.exe
3616	Setup-v-bqae76u.exe
3616	Setup-v-bqae76u.exe
3616	Setup-v-bqae76u.exe
3616	Setup-v-bqae76u.exe
3616	Setup-v-bqae76u.exe
3616	Setup-v-bqae76u.exe
3272	VLC.exe
1568	VLC.exe
1256	VLC.exe
2024	VLC.exe
1256	VLC.exe
1256	VLC.exe
1256	VLC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

Setup-v-bqae76u.exeVLC.exe

pid	process
3616	Setup-v-bqae76u.exe
3616	Setup-v-bqae76u.exe
3616	Setup-v-bqae76u.exe
3616	Setup-v-bqae76u.exe
3616	Setup-v-bqae76u.exe
3616	Setup-v-bqae76u.exe
1568	VLC.exe
1568	VLC.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Setup-v-bqae76u.exe

description pid process

Token: SeSecurityPrivilege 3616 Setup-v-bqae76u.exe
Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

VLC.exeVLC.exeVLC.exeinstaller.exeVLC.exe

pid process

3272 VLC.exe
1568 VLC.exe
1256 VLC.exe
436 installer.exe
2024 VLC.exe

description	pid	process
Token: SeSecurityPrivilege	3616	Setup-v-bqae76u.exe

pid	process
3272	VLC.exe
1568	VLC.exe
1256	VLC.exe
436	installer.exe
2024	VLC.exe

Suspicious use of WriteProcessMemory 47 IoCs

Processes:

VLC.exe

description	pid	process	target process
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1256	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1568	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 1568	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 2024	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 2024	3272	VLC.exe	VLC.exe
PID 3272 wrote to memory of 436	3272	VLC.exe	installer.exe
PID 3272 wrote to memory of 436	3272	VLC.exe	installer.exe
PID 3272 wrote to memory of 436	3272	VLC.exe	installer.exe

C:\Users\Admin\AppData\Local\Temp\Setup-v-bqae76u.exe
"C:\Users\Admin\AppData\Local\Temp\Setup-v-bqae76u.exe"
1⤵
- Drops file in Windows directory
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3616

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3272

C:\Windows\NvOptimizerLog\resources\vlc\installer.exe
resources/vlc/installer.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:436

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=gpu-process --field-trial-handle=1484,8260592863303998834,17868767853122461037,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1516 /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1256

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1484,8260592863303998834,17868767853122461037,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1820 /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=renderer --field-trial-handle=1484,8260592863303998834,17868767853122461037,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Windows\NvOptimizerLog\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1884 /prefetch:1
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2024

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "chcp"
3⤵
PID:3460

C:\Windows\system32\chcp.com
chcp
4⤵
PID:428

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
3⤵
PID:5056

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
3⤵
PID:4260

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe"
1⤵
PID:4500

C:\Windows\NvOptimizerLog\resources\vlc\installer.exe
resources/vlc/installer.exe
2⤵
PID:2960

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=gpu-process --field-trial-handle=1440,14133352306248692865,6940705021881964765,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1444 /prefetch:2
2⤵
PID:1012

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1440,14133352306248692865,6940705021881964765,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1840 /prefetch:8
2⤵
PID:1904

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=renderer --field-trial-handle=1440,14133352306248692865,6940705021881964765,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Windows\NvOptimizerLog\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1848 /prefetch:1
2⤵
PID:1352

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "chcp"
3⤵
PID:1492

C:\Windows\system32\chcp.com
chcp
4⤵
PID:2008

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
3⤵
PID:2880

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
3⤵
PID:2920

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2336

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
Filesize
3KB

MD5
c2774a561b138e14a0ead90bcc1611da

SHA1
5cfdb1bcd7a8afceca596cd89386f78298cfbece

SHA256
82b64ab5698a627bc8e4113ec8013729ab83f7d2495451cc250a0388b5eebbf5

SHA512
6767e69bee6a60074b686a16c96f66a80c8b5388657300b4e2678c24ac8db28db9283402e157e05e33431edf409ee015da6d6464aaec0e3e7d29680a664703ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
Filesize
2KB

MD5
c373cdb8236bb363319af570bd628dfc

SHA1
4f756c7d4a6f6e8494bd884bb9e00646e84e119b

SHA256
68d7a477b2bc5a4bf0f3894860999fa442a5b8653579f8173391dcc43dcbaf47

SHA512
cf8b041f6bfa9608191750a577bd86573656a017af61882db73f3e1f639411855038e3b761965cf04b26a0c0bbec1b6320482e787b7d667e0450c8ffb9ef1ee9

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wwbuluic.1ue.ps1
Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx6794.tmp\package.7z
Filesize
99.0MB

MD5
fdfe1ece23e984d00402431d082d768e

SHA1
9405760465c3f8abc4d08473219deea9d902e2e6

SHA256
99168cc1971f35f0cea1ac61d90e3aef6cc177a510bb90203350ac2c808c73ee

SHA512
d0979e9359d7c15910522aefb5e5e23eeaacf0335fa299e09c9c6ddc962c1a224bdf3372d0f286b181182fc893bcd93558e360fb6f6645613c9a0875a89a8b49

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Code Cache\js\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
407025b4ab61b40912d92dd89ff1e3f4

SHA1
d1aa62c62a0f86b44efc090445181abd9b58e427

SHA256
60a24d14470ec6de07c7d66d1870ffebf96609144461c2b687a34a3387e1325e

SHA512
950812e456a44f93fc5c7f883f9fbf66638761af05c2e8d1eec93b018d2519ceea4c403af6eab51aecea4650e98650e29fe694e9f801e0fd226a63a95601041d

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\GPUCache\index
Filesize
256KB

MD5
ee055a5ab15d39bcfcaa9ab161bbf9e2

SHA1
aa362d8c2635c85980217f373327c74718123eb5

SHA256
f1275e0595d56e98cd87cdc20613933de8c644ac7d2ff627d2548d4e2104adaa

SHA512
cf47bb506ef730178757eab5e2c9679d9f8873b1c7db39928991173d603379357fb9b9c608240a489baaa1a3e49193c7b23fc64eba44890002979061043b236e

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Local Storage\leveldb\LOG
Filesize
118B

MD5
6dd761c1d3b0493f7eaa45b0ffb6536c

SHA1
83dc749d2eedda54e4af0f4d5663564388fb2beb

SHA256
4c01fea8a9f5a0fb8cd8a934154ecf387233ed7675d6b8a7835db3bb3df66229

SHA512
5018d80cf73e40e39fa9f4adf9b3a43e51f66adacdea54de8dd44d2d5988cefa1a64d47161df372a31060af9a12b21c421ac4e328c6e3acb537308451b31c1f2

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Network Persistent State~RFe5b5c36.TMP
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Preferences
Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe
Filesize
56.4MB

MD5
250d069de376ce469d76adba91f762b4

SHA1
b6b7ed89c381d530cbc00dcb627a9ad7c6c2274b

SHA256
43e020b2def4bf194d5c3d944b2285adccc96ab585c901bebc47aba10f39d4e2

SHA512
862c1fdc51bc2b4d165aed5bc99b0eda1f266a6a7997c82e278105d7b487174ea29f076de619cd158712a8e2fa541643273cde62437f2822c6cfe4ae61fc8c4a

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe
Filesize
55.6MB

MD5
2744c6c2f2e0ba0cc0b6cfa0a51cbcea

SHA1
cad67d492c258df28333af86f567e289834f03c0

SHA256
79f1bd422a46719dc7461ecaba751aac99d0ccc7e13adb34c5b4f2df49132003

SHA512
e2d71b1b30ad953b15af69cf5df4f13da1eca571d08aaf9e0e6b542a1eb183f316484177e422a293f2a1753356532b2547fae93c14251587a7e008fe5151cff7

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe
Filesize
56.2MB

MD5
7bbeef63ced2b0bf1d5cfb467e56a13b

SHA1
df34094661244a50958cad3ac561714512d7faf4

SHA256
a3196182453dc495bbed6fcd2433aab0b950c87b960b43cd99bcb5dc043c06d1

SHA512
91664ac1b7ac45b6358162512a33780fd76d1664d9702c4979ba017a5f9e3b1ab2c0631e005670b96b738fbe24e7149549458f42b34391d10b4c9c2bc4b6e03e

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe
Filesize
54.9MB

MD5
ddf7aa3dd5af533828587dbf644fae4f

SHA1
1623a62a59bf6b9ddb2c80e1de7869c2916173b7

SHA256
7b8b1c8f66975972266075357cfdc895ac8fb507e87bb2c42e471ddc142aa3d7

SHA512
d66500880bc6d8bcaa4a3fa5dcf19a3bb8bf4e2827c68c84fc9a5d119ef56c6b7ed230309ef35f38154f6d2007b8f50ebdd3d0cf9f3caa874712a72b3e924230

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe
Filesize
119.1MB

MD5
14b05c66893687b64078c72bcb16c7f9

SHA1
924e3790fcefa0ff0426e17dc9b73478904d7846

SHA256
b6ba923ae92637d3aff75e94d3e17f1d5d9be11745f037ab2b14c84d9a3735c2

SHA512
950421f02ce5937f2942a2a179543875b5acb5834b9abb0a6a5df7bc710cd0a6d4b57b89ac73ec18cb32a1331115d0531e3e05daa8b67a6e5702a071c62d0d35

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe
Filesize
104.7MB

MD5
6d1b2bf7aba71c5459d086fc2a9814c3

SHA1
2930ed86ccc5abf0bfafba8f9777ccf27440b289

SHA256
2f00d368e75f28864f7b56fcc0d8b44a239af68ffabf3e9fae071a8dc6d56736

SHA512
eb6015ed2b35bf430c88f7d34b9551fa3a383c487aae8587d91f8db87d6561d92559179364dae4a14ac63507d48190cd9f4acf902cd07ed6eb2452d3dae0d79f

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe
Filesize
103.3MB

MD5
3ad9f793b3c87ed119e7342f16a9a450

SHA1
0bc24e22fd350984d5b3ac947e7287a5f15cf59d

SHA256
22858c684b541736dde0d3915e78461321bb1399c21321a149dc11ab5530e902

SHA512
020e9cfcac22f82c247163f6ac2e05a96d64f6134ccb83608716d1fa7318f73611b606d1f80d69e076fefa3da6f928c26c609209e816d8ad304e1fdde79c2a8d

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe
Filesize
101.6MB

MD5
597f3ed0b361d3ecc8ebbdaa0d5d7c17

SHA1
af56c2bce2b01436f56c80f5b7efee3a215ab91a

SHA256
2f4893799d1e4d517eb347e63793be4060eab884237b39817e8709b084be1615

SHA512
3138a1e736708eadfa18c6229e39585ca57ac0199b7358dadaa9ca730834bfe50af2c1a5a994d84f3dbe97e634aa72a9cd156ba972437cf250772657495674e7

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe
Filesize
102.2MB

MD5
7629b3930edab82ad93e05874484fa36

SHA1
d47c244db070cf34267e5214f0e20d93905e5ef5

SHA256
e161b4696bce4f11e4075cefd9141659cea244253f7270c345ecfb9785e3bfc4

SHA512
4627a50435e50dd74beabf4bd0f01adf6eba0d45733fbacce29e4c3cab774396e6ac8371be7b8c5798cc67e8e145b35e701e13e3ba7afe6f0e3a06ca47c4a5aa

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe
Filesize
104.2MB

MD5
d9f19b8bfe96847bcc0c704b8d572199

SHA1
8ea6edb35309b6dbb9dc8190bbc3b4275e2a685f

SHA256
b6f8d71bd1d0c438347959ca4a87bc6294d80fe9f8338fec4051c9fb8ab7f4a2

SHA512
65a0558f8e0ffae46ddda3736145099a76744bd4fef7e372ff91e75dbb7aa97ce720d8fa29a9e6c41f927d4dae8a25b337c54cda19b7558eb2b5e2878b8f590c

Download Submit
C:\Windows\NvOptimizerLog\chrome_100_percent.pak
Filesize
123KB

MD5
a59ea69d64bf4f748401dc5a46a65854

SHA1
111c4cc792991faf947a33386a5862e3205b0cff

SHA256
f1a935db8236203cbc1dcbb9672d98e0bd2fa514429a3f2f82a26e0eb23a4ff9

SHA512
12a1d953df00b6464ecc132a6e5b9ec3b301c7b3cefe12cbcad27a496d2d218f89e2087dd01d293d37f29391937fcbad937f7d5cf2a6f303539883e2afe3dacd

Download Submit
C:\Windows\NvOptimizerLog\chrome_200_percent.pak
Filesize
183KB

MD5
1985b8fc603db4d83df72cfaeeac7c50

SHA1
5b02363de1c193827062bfa628261b1ec16bd8cf

SHA256
7f9ded50d81c50f9c6ed89591fa621fabbd45cef150c8aabcceb3b7a9de5603b

SHA512
27e90dd18cbce0e27c70b395895ef60a8d2f2f3c3f2ca38f48b7ecf6b0d5e6fefbe88df7e7c98224222b34ff0fbd60268fdec17440f1055535a79002044c955b

Download Submit
C:\Windows\NvOptimizerLog\ffmpeg.dll
Filesize
2.7MB

MD5
5c2e6bcfcffc022cfb7e975ad4ce2ea4

SHA1
8f65334f554b02e206faecd2049d31ef678b321d

SHA256
d068695dc8f873caab1db51c179e9696dda2319fa05c0f2d281f9979e2054fc2

SHA512
b5fe0039e1702375a6e1f4ef7bfb24d0acc42c87d02202a488fccf3d161598549055d2ac0103c95dbbc0e46975aed30259edbfef7ce77d00f1de7c1670c00959

Download Submit
C:\Windows\NvOptimizerLog\icudtl.dat
Filesize
9.9MB

MD5
70499b58dc18e7ee1d7452a1d7a8bc6e

SHA1
41c5382f08c6a88670ce73a20c0dcdb3822f19e9

SHA256
02db39ba465fc8b7a4cd280732760f29911edde87b331bf7cea7677e94d483e0

SHA512
a80939e9809bb7d20f00ad685c94d5c182fa729616c975e605abf09afb58376be73a49fefa35b75ed1a284eccf208af7656c8df44c5959df7eaf51367d232dc6

Download Submit
C:\Windows\NvOptimizerLog\locales\en-US.pak
Filesize
85KB

MD5
6bbeeb72daebc3b0cbd9c39e820c87a9

SHA1
bd9ebec2d3fc03a2b27f128cf2660b33a3344f43

SHA256
ac1cdb4fb4d9fb27a908ed0e24cc9cc2bd885bc3ffba7e08b0b907fd4d1a8c4b

SHA512
66944fb1abcc2a7e08e5fd8a2cee53eb9da57653d7880aea226f25879e26379f7d745ebf62a3518378fa503f3a31b3ea3716f49fe4c7db4f4af0228b81b53a10

Download Submit
C:\Windows\NvOptimizerLog\resources.pak
Filesize
4.9MB

MD5
5507bc28022b806ea7a3c3bc65a1c256

SHA1
9f8d3a56fef7374c46cd3557f73855d585692b54

SHA256
367467609a389b67600628760c26732fc1a25f563f73263bc2c4bf6eec9033df

SHA512
ae698d4feacc3e908981ee44df3a9d76e42a39bf083eaf099442ace2b863f882b43232e26e2c18051ca7aec81dccef5742acc7b82fb0cda2e14086b14d5a9a26

Download Submit
C:\Windows\NvOptimizerLog\resources\app.asar
Filesize
4.6MB

MD5
040a8280b01b5a029e50c5d141d555ad

SHA1
ce103568d6ae6456f1d1d718929b6972c0bad1b4

SHA256
6b6309fe0c4ca9c73626f1435ed3332656d9e6b1e500fb85af0ebf9842813485

SHA512
6706c453509bf718d1870c98a49842743cf2e49d22225a3d33051808a3f1045c7d0c065ecafae75f1bb57b4ef4436aa76774ff6553fddf3739bc47d2e9400ce8

Download Submit
C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\libgksu2.so.0
Filesize
68KB

MD5
6dbc4226a62a578b815c4d4be3eda0d7

SHA1
eb23f90635a8366c5c992043ccf2dfb817cf6512

SHA256
0eb70bd4b911c9af7c1c78018742cadb0c5f9b6d394005eaeaa733da4b5766e5

SHA512
3a2836f712ad7048dbeb5b6eec8e163652f97bea521eafcff5c598cbedf062baefaa7079d3a614470ef99ec954dac518224cb3515ca14757721f96412443c7c4

Download Submit
C:\Windows\NvOptimizerLog\resources\vlc\installer.exe
Filesize
42.4MB

MD5
14becb7840eb1d3d46071d2ee65c7be8

SHA1
ff6e6f9359127f836a03dfc2b8bc9ba651c627c4

SHA256
9737843c119905be767de5e94e398be1eb145b0cc6a5a02f057d4022b80da4d8

SHA512
717289d3b514f4daa6b1cf97705c876bbe89fa215084ba8e1abeef3770e0a620d04127ef8de1f2d89477e1fab355526ed584ed3f9c7ecaf0c7d24a9bceee8248

Download Submit
C:\Windows\NvOptimizerLog\v8_context_snapshot.bin
Filesize
160KB

MD5
b64c1fc7d75234994012c86dc5af10a6

SHA1
d0d562b5735d28381d59d0d86078ff6b493a678e

SHA256
31c3aa5645b5487bf484fd910379003786523f3063e946ef9b50d257d0ee5790

SHA512
6218fcb74ef715030a2dd718c87b32f41e976dd4ce459c54a45341ee0f5ca5c927ad507d3afcffe7298b989e969885ed7fb72030ea59387609e8bd5c4b8eb60a

Download Submit
\Users\Admin\AppData\Local\Temp\nsmF6F6.tmp\LangDLL.dll
Filesize
7KB

MD5
20850d4d5416fbfd6a02e8a120f360fc

SHA1
ac34f3a34aaa4a21efd6a32bc93102639170e219

SHA256
860b409b065b747aab2a9937f02d08b6fd7309993b50d8e4b53983c8c2b56b61

SHA512
c8048b9ae0ced72a384c5ab781083a76b96ae08d5c8a5c7797f75a7e54e9cd9192349f185ee88c9cf0514fc8d59e37e01d88b9c8106321c0581659ebe1d1c276

Download Submit
\Users\Admin\AppData\Local\Temp\nsmF6F6.tmp\System.dll
Filesize
26KB

MD5
4f25d99bf1375fe5e61b037b2616695d

SHA1
958fad0e54df0736ddab28ff6cb93e6ed580c862

SHA256
803931797d95777248dee4f2a563aed51fe931d2dd28faec507c69ed0f26f647

SHA512
96a8446f322cd62377a93d2088c0ce06087da27ef95a391e02c505fb4eb1d00419143d67d89494c2ef6f57ae2fd7f049c86e00858d1b193ec6dde4d0fe0e3130

Download Submit
\Users\Admin\AppData\Local\Temp\nsmF6F6.tmp\nsDialogs.dll
Filesize
12KB

MD5
2029c44871670eec937d1a8c1e9faa21

SHA1
e8d53b9e8bc475cc274d80d3836b526d8dd2747a

SHA256
a4ae6d33f940a80e8fe34537c5cc1f8b8679c979607969320cfb750c15809ac2

SHA512
6f151c9818ac2f3aef6d4cabd8122c7e22ccf0b84fa5d4bcc951f8c3d00e8c270127eac1e9d93c5f4594ac90de8aff87dc6e96562f532a3d19c0da63a28654b7

Download Submit
\Users\Admin\AppData\Local\Temp\nsmF6F6.tmp\nsProcess.dll
Filesize
35KB

MD5
764371d831841fe57172aa830d22149d

SHA1
680e20e9b98077dea32b083b5c746d8de35e0584

SHA256
93df9e969053ca77c982c6e52b7f2898d22777a8c50274b54303eaa0ef5ccded

SHA512
19076205eba08df978ad17f8176d3a5a17c4ea684460894b6a80cae7e48fcae5e9493ff745d88d62fd44fc17bcda838570add6c38bebe4962d575f060f1584f9

Download Submit
\Users\Admin\AppData\Local\Temp\nsx6794.tmp\INetC.dll
Filesize
238KB

MD5
38caa11a462b16538e0a3daeb2fc0eaf

SHA1
c22a190b83f4b6dc0d6a44b98eac1a89a78de55c

SHA256
ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a

SHA512
777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1

Download Submit
\Users\Admin\AppData\Local\Temp\nsx6794.tmp\SpiderBanner.dll
Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsx6794.tmp\StdUtils.dll
Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsx6794.tmp\System.dll
Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsx6794.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsx6794.tmp\nsProcess.dll
Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsx6794.tmp\nsis7z.dll
Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
\Windows\NvOptimizerLog\d3dcompiler_47.dll
Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
\Windows\NvOptimizerLog\libEGL.dll
Filesize
436KB

MD5
2fe9e551c93156baf537483671ec4ad7

SHA1
08ce2344b2e0a78c2af637f0eae46b948661d5a5

SHA256
f231525ba1ea2522552a722620bced187357d66d945f0cec067c5d858950ea61

SHA512
f93181f1f2268cc380dafef02a93899cb9a19f3287a918bf6ba8eaa69190627d2e2fb0c82b693471e3ca63fbcb07c44212268c1357a5a4cf594a3bd8973eefd2

Download Submit
\Windows\NvOptimizerLog\libGLESv2.dll
Filesize
7.5MB

MD5
5967a9234ec54d734b31cfd12cb67faf

SHA1
536840ddb29ead51d43a506fd493b48c436097d6

SHA256
48ec76bac1ff6647096a9532ac21b4a0d7c6c9c24613971aaa201cce452ce4ce

SHA512
cf8e4c3a838b58a568639ab2778800d776e0171dc34e3b82f537adbadceaa3c292240ec7d8561b5a85df3caef6e001a07ac19e280a5bb8b0607f8ba767461479

Download Submit
memory/436-951-0x0000000073B10000-0x0000000073B1B000-memory.dmp

Filesize
44KB

Download
memory/436-1000-0x0000000073B10000-0x0000000073B1B000-memory.dmp

Filesize
44KB

Download
memory/436-955-0x0000000073B10000-0x0000000073B1B000-memory.dmp

Filesize
44KB

Download
memory/436-953-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/436-950-0x0000000073B20000-0x0000000073B2E000-memory.dmp

Filesize
56KB

Download
memory/436-949-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/436-998-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/436-1001-0x0000000073600000-0x000000007360C000-memory.dmp

Filesize
48KB

Download
memory/1012-1569-0x000001F2C4B20000-0x000001F2C4BCA000-memory.dmp

Filesize
680KB

Download
memory/1256-366-0x00007FFE21F40000-0x00007FFE21F41000-memory.dmp

Filesize
4KB

Download
memory/1256-952-0x0000024601D20000-0x0000024601DCA000-memory.dmp

Filesize
680KB

Download
memory/2880-1294-0x000001D1E3A60000-0x000001D1E3A70000-memory.dmp

Filesize
64KB

Download
memory/2880-1059-0x000001D1E3A60000-0x000001D1E3A70000-memory.dmp

Filesize
64KB

Download
memory/2880-1303-0x00007FFE048B0000-0x00007FFE0529C000-memory.dmp

Filesize
9.9MB

Download
memory/2880-1057-0x00007FFE048B0000-0x00007FFE0529C000-memory.dmp

Filesize
9.9MB

Download
memory/2880-1061-0x000001D1E3A60000-0x000001D1E3A70000-memory.dmp

Filesize
64KB

Download
memory/2920-1556-0x00007FFE048B0000-0x00007FFE0529C000-memory.dmp

Filesize
9.9MB

Download
memory/2920-1548-0x000002BAAB450000-0x000002BAAB460000-memory.dmp

Filesize
64KB

Download
memory/2920-1312-0x000002BAAB450000-0x000002BAAB460000-memory.dmp

Filesize
64KB

Download
memory/2920-1311-0x000002BAAB450000-0x000002BAAB460000-memory.dmp

Filesize
64KB

Download
memory/2920-1310-0x00007FFE048B0000-0x00007FFE0529C000-memory.dmp

Filesize
9.9MB

Download
memory/2960-1563-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/4260-690-0x00000188AF690000-0x00000188AF6A0000-memory.dmp

Filesize
64KB

Download
memory/4260-689-0x00007FFE04810000-0x00007FFE051FC000-memory.dmp

Filesize
9.9MB

Download
memory/4260-936-0x00007FFE04810000-0x00007FFE051FC000-memory.dmp

Filesize
9.9MB

Download
memory/4260-920-0x00000188AF690000-0x00000188AF6A0000-memory.dmp

Filesize
64KB

Download
memory/4260-691-0x00000188AF690000-0x00000188AF6A0000-memory.dmp

Filesize
64KB

Download
memory/5056-681-0x00007FFE04810000-0x00007FFE051FC000-memory.dmp

Filesize
9.9MB

Download
memory/5056-432-0x000001B1AC8D0000-0x000001B1AC8E0000-memory.dmp

Filesize
64KB

Download
memory/5056-459-0x000001B1ACEA0000-0x000001B1ACEDC000-memory.dmp

Filesize
240KB

Download
memory/5056-470-0x000001B1ACF60000-0x000001B1ACFD6000-memory.dmp

Filesize
472KB

Download
memory/5056-429-0x00007FFE04810000-0x00007FFE051FC000-memory.dmp

Filesize
9.9MB

Download
memory/5056-430-0x000001B1AC8E0000-0x000001B1AC902000-memory.dmp

Filesize
136KB

Download
memory/5056-653-0x000001B1ACF10000-0x000001B1ACF32000-memory.dmp

Filesize
136KB

Download
memory/5056-662-0x000001B1AC8D0000-0x000001B1AC8E0000-memory.dmp

Filesize
64KB

Download
memory/5056-634-0x000001B1ACF10000-0x000001B1ACF3A000-memory.dmp

Filesize
168KB

Download
memory/5056-431-0x000001B1AC8D0000-0x000001B1AC8E0000-memory.dmp

Filesize
64KB

Download