21be0a068d7d1b57578bfb2ed850b3f3b1cfe4a4c47981ead95abdb8c20278fe

Analysis

max time kernel
18s
max time network
27s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28-04-2024 17:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup-v-bxsrov8.exe
Size

704KB
MD5

d1fc9e6d71a4867ab71af5566e525ba0
SHA1

593b10280a926134839feb8e2f9d0da9ee9c0593
SHA256

21be0a068d7d1b57578bfb2ed850b3f3b1cfe4a4c47981ead95abdb8c20278fe
SHA512

c82a23e5e0e3a38e32fc08401890852a71ec90640bbfb944ed7d45812493a53d2be2c0e4373692e52c77d666b8ae72cd0d15c3dc4bc3cc52887ad4589820658d
SSDEEP

12288:iOIVD3gyucpjRKaDPNKT1zH3ptaR1sDfOQSvJqFZ6rOIIzVFA4+M:iOIyyuUjMaDu173pG1szLSvJwSOZBv

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 64 IoCs

Processes:

Setup-v-bxsrov8.exe

description	ioc	process
File opened for modification	C:\Windows\NvOptimizerLog\resources\vlc	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\locales\hr.pak	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\assets\osx.png	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources\applet.icns	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources\description.rtfd\TXT.rtf	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\webpack\chmod.js	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\lib	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\vk_swiftshader.dll	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\regedit\vbs\regPutValue.wsf	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\vulkan-1.dll	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\Resources	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\locales\bn.pak	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\uk.pak	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\regedit\vbs\ArchitectureAgnosticRegistry.vbs	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\locales\en-GB.pak	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\locales\fr.pak	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\Elevate	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\swiftshader	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\LICENSE.electron.txt	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\Resources\Scripts\main.scpt	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\MacOS\applet	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\Resources\description.rtfd	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\locales\el.pak	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\pt-PT.pak	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\Elevate\Elevate.rc	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\Uninstall VLC.exe	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\locales\ar.pak	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\pl.pak	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\bn.pak	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\fr.pak	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\hr.pak	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\locales\sr.pak	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\locales\th.pak	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app-update.yml	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\icudtl.dat	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\locales\bg.pak	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\Elevate\resource.h	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\resources\regedit\vbs\regDeleteKey.wsf	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\resources\regedit\vbs\util.vbs	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\elevate.exe	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\PkgInfo	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\LICENSE	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\ms.pak	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\resources.pak	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\index.js.map	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\libgksu2.so.0	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\regedit\vbs\regListStream.wsf	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\resources\elevate.exe	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\locales\am.pak	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\it.pak	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\sl.pak	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\webpack\chmod.js	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\snapshot_blob.bin	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\snapshot_blob.bin	Setup-v-bxsrov8.exe
File created	C:\Windows\NvOptimizerLog\libEGL.dll	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\chrome_200_percent.pak	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\hi.pak	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\de.pak	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\LICENSE.md	Setup-v-bxsrov8.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\libgksu2.so.0	Setup-v-bxsrov8.exe

Executes dropped EXE 1 IoCs

Processes:

VLC.exe

pid process

884 VLC.exe

pid	process
884	VLC.exe

Loads dropped DLL 14 IoCs

Processes:

Setup-v-bxsrov8.exeVLC.exe

pid	process
1884	Setup-v-bxsrov8.exe
1884	Setup-v-bxsrov8.exe
1884	Setup-v-bxsrov8.exe
1884	Setup-v-bxsrov8.exe
1884	Setup-v-bxsrov8.exe
1884	Setup-v-bxsrov8.exe
1884	Setup-v-bxsrov8.exe
1884	Setup-v-bxsrov8.exe
1884	Setup-v-bxsrov8.exe
1884	Setup-v-bxsrov8.exe
1884	Setup-v-bxsrov8.exe
1884	Setup-v-bxsrov8.exe
1312
884	VLC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exe

pid process

1204 schtasks.exe

pid	process
1204	schtasks.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

Setup-v-bxsrov8.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	Setup-v-bxsrov8.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802025300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c00b000000010000001600000047006c006f00620061006c005300690067006e000000140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Setup-v-bxsrov8.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b0b000000010000001600000047006c006f00620061006c005300690067006e0000005300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802020f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Setup-v-bxsrov8.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

Setup-v-bxsrov8.exe

pid process

1884 Setup-v-bxsrov8.exe
1884 Setup-v-bxsrov8.exe
1884 Setup-v-bxsrov8.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Setup-v-bxsrov8.exe

description pid process

Token: SeSecurityPrivilege 1884 Setup-v-bxsrov8.exe

description	pid	process
Token: SeSecurityPrivilege	1884	Setup-v-bxsrov8.exe

C:\Users\Admin\AppData\Local\Temp\Setup-v-bxsrov8.exe
"C:\Users\Admin\AppData\Local\Temp\Setup-v-bxsrov8.exe"
1⤵
- Drops file in Windows directory
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1884

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:884

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=gpu-process --field-trial-handle=932,3317017667833403974,13975092605155099064,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=976 /prefetch:2
2⤵
PID:1904

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=932,3317017667833403974,13975092605155099064,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1252 /prefetch:8
2⤵
PID:2412

C:\Windows\NvOptimizerLog\resources\vlc\installer.exe
resources/vlc/installer.exe
2⤵
PID:2644

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=renderer --field-trial-handle=932,3317017667833403974,13975092605155099064,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Windows\NvOptimizerLog\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1448 /prefetch:1
2⤵
PID:2784

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "chcp"
3⤵
PID:1056

C:\Windows\system32\chcp.com
chcp
4⤵
PID:1636

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
3⤵
PID:3004

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
3⤵
PID:2160

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
3⤵
PID:2472

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "SCHTASKS /Create /TN "NvOptimizerTaskUpdater_V2" /SC HOURLY /TR "powershell -File C:/Windows/System32/NvWinSearchOptimizer.ps1" /RL HIGHEST /MO 4 /RU System /ST 17:07"
3⤵
PID:2632

C:\Windows\system32\schtasks.exe
SCHTASKS /Create /TN "NvOptimizerTaskUpdater_V2" /SC HOURLY /TR "powershell -File C:/Windows/System32/NvWinSearchOptimizer.ps1" /RL HIGHEST /MO 4 /RU System /ST 17:07
4⤵
- Creates scheduled task(s)
PID:1204

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted"
3⤵
PID:1932

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted
4⤵
PID:1420

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=gpu-process --field-trial-handle=932,3317017667833403974,13975092605155099064,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=976 /prefetch:2
2⤵
PID:1684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
44d87d695ae8e5bc46e021fe5c69c3b1

SHA1
f3721082b90536bc145ce40900ffa0a8f439ed3c

SHA256
3fdf46e976b3ec1dbd30c0ba73de6b051b2d0c32c43e1e9b5db29af05d1a0165

SHA512
d615aad7d482cc27e18dfaeb2f67747919a19818e5fb71a73f2e078afa7cf943e31bf3051d5d577f4b4415f1ad2a122e5da97a5969ca32bbd89d826e9c4f94cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
9f08dc4e790e342613cd48ef07bbf7a1

SHA1
841bb94fa5bc9858168acb9a7599ff029c2a24f5

SHA256
1621c062ed8472daf10d96eadf8dee5743502254663c96bb716c84fef87e32a0

SHA512
d6ef417d1ed44b03676a29f26103507f5cd672a96168f8410ced9e153dd5bc2d58dae13e35b1cac3025b006480f25959f5dfbbb7cf04d6f285f621460e3d7919

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
fd2d81c0020781e9d13f3fc364130cdd

SHA1
609af52ca3780310a09f0d897c9300f56356358f

SHA256
370ea8efa93ce9c0388c6ad767c7a80ea5e28231d6095b51a6383522bbdafe62

SHA512
0d09e1cd6eb280a69a46911d7e09990bb312e25d3bef72e2aa6db36fe5b9055a90bcce09f6eec394c6837cbbe7f1c125bca10bdddeef254fb478610876f11dfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdC70.tmp\package.7z

Filesize
30.1MB

MD5
7b984ff0afacf44f16d707b28df3cba0

SHA1
48d221fa117e48bd60350715892809573eb11caa

SHA256
efc613e2070f39796a7fab63d368936a6205777ef803cc3770dc824051116769

SHA512
d4e0e36cfc9b3dfa7b6f0f69f5797508fd96df37edd1bcca24560fb6f12a6dc285bc912fbfea924c6fa39b5cfabc5201aed75c940259bf7aa2141f26ff052a5c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\48O4RWTCX71V79BGVL10.temp

Filesize
7KB

MD5
2fc3c98228b85db805a4f527b61a6369

SHA1
8e6725f7b6dd8f743917781c92ee1f9af6172c6c

SHA256
ebac4122733da0fea83ba2c76444d00d6a8e15f1c3bcca49875969042df5258d

SHA512
af1a873c837418c539aee98c467f182a10ed9e43dae9cc6238a5f337c6897352002493a2bcb1eab5ccf91747069b06f9cf5dcd6fec47e276d8872cb49d29c6a3

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Cache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Dictionaries\en-US-9-0.bdic

Filesize
441KB

MD5
a78ad14e77147e7de3647e61964c0335

SHA1
cecc3dd41f4cea0192b24300c71e1911bd4fce45

SHA256
0d6803758ff8f87081fafd62e90f0950dfb2dd7991e9607fe76a8f92d0e893fa

SHA512
dde24d5ad50d68fc91e9e325d31e66ef8f624b6bb3a07d14ffed1104d3ab5f4ef1d7969a5cde0dfbb19cb31c506f7de97af67c2f244f7e7e8e10648ea8321101

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe

Filesize
20.4MB

MD5
00c2f736a97a70cfcb8fab0eba46da5a

SHA1
6f3a95d80021e3ed23beb6da138f05a09ea9d8f9

SHA256
80228a8e16c7431ace221a12075d9d0eba62e2f687d675822b4c5032602f1db2

SHA512
04f7d18a930ea89299cca42a5a68ab1f8a64fdb633259e01f3a0b5fc0b8165d0478600e01ac2b60c91b4826f3751ebdcdf6441ca3b972dfb5e90be5002716a16

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe

Filesize
19.5MB

MD5
19a575ae1512143d5d102d1e55712e37

SHA1
52dd83588827336b0601edc8d55e876671650b54

SHA256
75bfc6d07535eb478c703a766098e4e58f68ee935aaf6ca0504e97bc3683f0b3

SHA512
a584328905a60c14b2a36fa9552104934c46c9937740dc21516b7582c97105f2a8fd14cd79a3ef4274ced0bbd8ea7b864f04359cb178ac24aeab74e1e70161f5

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe

Filesize
18.8MB

MD5
54e76174be33f87240245ff507b1a51d

SHA1
3298b5f743764c7718bcd824ae3b6544c3b6a74a

SHA256
9ae904331853a8c4d8901fac066510374b7d668ebb80e3b9a10679d3cb53fd10

SHA512
d9d2aad33e5dccd884b485f72191e2fc5be9e53d52186f7728a04a08122a8b5bdedaf0df6106085c063081ddd046257575af42b60e13ba71e7c6eba1f7587788

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe

Filesize
18.5MB

MD5
5bb3594b796fb08495e67c0e1fad7bcb

SHA1
56c72afb8d2616e1581fa1287b1f545eeeac02ee

SHA256
b32b4d9ec49fa68a6c9b7f581a5ede5ac2f6e411b1536b5193b406927590c463

SHA512
28b26b525412e7ac79662034b02bdd96a856312ea3e0a9f1d3aa74f233c3a622167b99a2cd3079f357b147c3e6e13c7223e74554835c5a8c0ba6be74f0a54f44

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe

Filesize
18.6MB

MD5
d84d25ae77ad3a8f1927844d4b235f8a

SHA1
b5ce564fb0ef2342e71cd61053894a890c0b294b

SHA256
6bcac602e89aa43ce5bf148019b9f1740a7f7f747c1661b416c41a62e5d2c3f0

SHA512
9a1433afb75176a0b1a1cb3409644562cff6cffe3bab6f378517a301f12d9229f303c8c3099050be7b314374b3cc567160c3018d2acffa61a852c239232bd7f9

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe

Filesize
18.1MB

MD5
7ef1acd3a9b8aa7e378eca5775341d74

SHA1
e98b5c7cab026e548b12177a548ccd8c6792c89e

SHA256
56d2649916ae50241f339fb734f6b496c542d2dde7b0b3272968812844445308

SHA512
d172f8441b29fe2ac24aec35385fcaf5c1c7cea237be9807d16d44b4b24a50ca3e13a943be4317409e54d8e0dfad4560249e070dd8fa02805610e2c04441307c

Download Submit
C:\Windows\NvOptimizerLog\VLC.exe

Filesize
13.6MB

MD5
7f98bf473c4a6abd3211a322c6791e52

SHA1
52b7358325f6a0c6aa93140bac63613904379036

SHA256
66cf366308dcca510b218fa86aa3421204565424dfe6f04a6a5da9bb99642917

SHA512
06a4babdac05a078ab59cfd8ff6ee48d16476c94531acc906373f6e222c91f6267db49a1d07bf7730db7cfa6462ee290e06a4756fc7a30547f8af9c85b49b6e7

Download Submit
C:\Windows\NvOptimizerLog\chrome_100_percent.pak

Filesize
123KB

MD5
a59ea69d64bf4f748401dc5a46a65854

SHA1
111c4cc792991faf947a33386a5862e3205b0cff

SHA256
f1a935db8236203cbc1dcbb9672d98e0bd2fa514429a3f2f82a26e0eb23a4ff9

SHA512
12a1d953df00b6464ecc132a6e5b9ec3b301c7b3cefe12cbcad27a496d2d218f89e2087dd01d293d37f29391937fcbad937f7d5cf2a6f303539883e2afe3dacd

Download Submit
C:\Windows\NvOptimizerLog\chrome_200_percent.pak

Filesize
183KB

MD5
1985b8fc603db4d83df72cfaeeac7c50

SHA1
5b02363de1c193827062bfa628261b1ec16bd8cf

SHA256
7f9ded50d81c50f9c6ed89591fa621fabbd45cef150c8aabcceb3b7a9de5603b

SHA512
27e90dd18cbce0e27c70b395895ef60a8d2f2f3c3f2ca38f48b7ecf6b0d5e6fefbe88df7e7c98224222b34ff0fbd60268fdec17440f1055535a79002044c955b

Download Submit
C:\Windows\NvOptimizerLog\icudtl.dat

Filesize
9.9MB

MD5
70499b58dc18e7ee1d7452a1d7a8bc6e

SHA1
41c5382f08c6a88670ce73a20c0dcdb3822f19e9

SHA256
02db39ba465fc8b7a4cd280732760f29911edde87b331bf7cea7677e94d483e0

SHA512
a80939e9809bb7d20f00ad685c94d5c182fa729616c975e605abf09afb58376be73a49fefa35b75ed1a284eccf208af7656c8df44c5959df7eaf51367d232dc6

Download Submit
C:\Windows\NvOptimizerLog\libglesv2.dll

Filesize
7.5MB

MD5
5967a9234ec54d734b31cfd12cb67faf

SHA1
536840ddb29ead51d43a506fd493b48c436097d6

SHA256
48ec76bac1ff6647096a9532ac21b4a0d7c6c9c24613971aaa201cce452ce4ce

SHA512
cf8e4c3a838b58a568639ab2778800d776e0171dc34e3b82f537adbadceaa3c292240ec7d8561b5a85df3caef6e001a07ac19e280a5bb8b0607f8ba767461479

Download Submit
C:\Windows\NvOptimizerLog\locales\en-US.pak

Filesize
85KB

MD5
6bbeeb72daebc3b0cbd9c39e820c87a9

SHA1
bd9ebec2d3fc03a2b27f128cf2660b33a3344f43

SHA256
ac1cdb4fb4d9fb27a908ed0e24cc9cc2bd885bc3ffba7e08b0b907fd4d1a8c4b

SHA512
66944fb1abcc2a7e08e5fd8a2cee53eb9da57653d7880aea226f25879e26379f7d745ebf62a3518378fa503f3a31b3ea3716f49fe4c7db4f4af0228b81b53a10

Download Submit
C:\Windows\NvOptimizerLog\resources.pak

Filesize
4.9MB

MD5
5507bc28022b806ea7a3c3bc65a1c256

SHA1
9f8d3a56fef7374c46cd3557f73855d585692b54

SHA256
367467609a389b67600628760c26732fc1a25f563f73263bc2c4bf6eec9033df

SHA512
ae698d4feacc3e908981ee44df3a9d76e42a39bf083eaf099442ace2b863f882b43232e26e2c18051ca7aec81dccef5742acc7b82fb0cda2e14086b14d5a9a26

Download Submit
C:\Windows\NvOptimizerLog\resources\app.asar

Filesize
4.6MB

MD5
040a8280b01b5a029e50c5d141d555ad

SHA1
ce103568d6ae6456f1d1d718929b6972c0bad1b4

SHA256
6b6309fe0c4ca9c73626f1435ed3332656d9e6b1e500fb85af0ebf9842813485

SHA512
6706c453509bf718d1870c98a49842743cf2e49d22225a3d33051808a3f1045c7d0c065ecafae75f1bb57b4ef4436aa76774ff6553fddf3739bc47d2e9400ce8

Download Submit
C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\libgksu2.so.0

Filesize
68KB

MD5
6dbc4226a62a578b815c4d4be3eda0d7

SHA1
eb23f90635a8366c5c992043ccf2dfb817cf6512

SHA256
0eb70bd4b911c9af7c1c78018742cadb0c5f9b6d394005eaeaa733da4b5766e5

SHA512
3a2836f712ad7048dbeb5b6eec8e163652f97bea521eafcff5c598cbedf062baefaa7079d3a614470ef99ec954dac518224cb3515ca14757721f96412443c7c4

Download Submit
C:\Windows\NvOptimizerLog\resources\vlc\installer.exe

Filesize
16.2MB

MD5
76361c9523adc9c0969a470dfbbb626c

SHA1
f740f3e1878dde5490ae41da6869492dbc5ea558

SHA256
77bf188b824ed8372a697ee93558c2ecbf62b3f265fab9c0b78d7cbf0c5185f1

SHA512
ceb641ddfa19b87983161fbea981037a360710298ec71edd218e7f6f30ef272d3ed481fc875035218388f13e9ebe3446b05173d3542f0887b90b6693258873b7

Download Submit
C:\Windows\NvOptimizerLog\resources\vlc\installer.exe

Filesize
17.1MB

MD5
1d8cac2f4bec00d14d34376673a9a7ca

SHA1
96e82f07f0394a39147cae81519e0357141b0cde

SHA256
7fef819b2bf3a4ef3d5aec1ab5fe97d8be65887eaba070423254c3e1d8258865

SHA512
8af91d4e5d1951d9559a0a80a164c4d2e5cf3a90776d946aca9571c4647c3d9477315a09cd5d0fc349cb51e10b6cad9438862a6dc856905417cda9cf5f4d6f77

Download Submit
C:\Windows\NvOptimizerLog\swiftshader\libglesv2.dll

Filesize
3.1MB

MD5
34ae0a64a678d6cff4c5b1f059d0d8e6

SHA1
09392ccb512ffd18e2ce45206437e43728064886

SHA256
d1c6897c2a06033d1734388d5f93adc4423ace9b9b307fe599e63d43f6a218c5

SHA512
ca936805aa3487dbb46544973a5aa284c575897c18578565dd44c7c8e0e1c83c38dfc5e917766fc9d3045168a95bf7d4b3773fa4c8337c8a0730729b541a096a

Download Submit
C:\Windows\NvOptimizerLog\v8_context_snapshot.bin

Filesize
160KB

MD5
b64c1fc7d75234994012c86dc5af10a6

SHA1
d0d562b5735d28381d59d0d86078ff6b493a678e

SHA256
31c3aa5645b5487bf484fd910379003786523f3063e946ef9b50d257d0ee5790

SHA512
6218fcb74ef715030a2dd718c87b32f41e976dd4ce459c54a45341ee0f5ca5c927ad507d3afcffe7298b989e969885ed7fb72030ea59387609e8bd5c4b8eb60a

Download Submit
\Users\Admin\AppData\Local\Temp\nsdC70.tmp\INetC.dll

Filesize
238KB

MD5
38caa11a462b16538e0a3daeb2fc0eaf

SHA1
c22a190b83f4b6dc0d6a44b98eac1a89a78de55c

SHA256
ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a

SHA512
777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1

Download Submit
\Users\Admin\AppData\Local\Temp\nsdC70.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsdC70.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsdC70.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsdC70.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsdC70.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsdC70.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5C26.tmp\LangDLL.dll

Filesize
7KB

MD5
20850d4d5416fbfd6a02e8a120f360fc

SHA1
ac34f3a34aaa4a21efd6a32bc93102639170e219

SHA256
860b409b065b747aab2a9937f02d08b6fd7309993b50d8e4b53983c8c2b56b61

SHA512
c8048b9ae0ced72a384c5ab781083a76b96ae08d5c8a5c7797f75a7e54e9cd9192349f185ee88c9cf0514fc8d59e37e01d88b9c8106321c0581659ebe1d1c276

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5C26.tmp\System.dll

Filesize
26KB

MD5
4f25d99bf1375fe5e61b037b2616695d

SHA1
958fad0e54df0736ddab28ff6cb93e6ed580c862

SHA256
803931797d95777248dee4f2a563aed51fe931d2dd28faec507c69ed0f26f647

SHA512
96a8446f322cd62377a93d2088c0ce06087da27ef95a391e02c505fb4eb1d00419143d67d89494c2ef6f57ae2fd7f049c86e00858d1b193ec6dde4d0fe0e3130

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5C26.tmp\nsDialogs.dll

Filesize
12KB

MD5
2029c44871670eec937d1a8c1e9faa21

SHA1
e8d53b9e8bc475cc274d80d3836b526d8dd2747a

SHA256
a4ae6d33f940a80e8fe34537c5cc1f8b8679c979607969320cfb750c15809ac2

SHA512
6f151c9818ac2f3aef6d4cabd8122c7e22ccf0b84fa5d4bcc951f8c3d00e8c270127eac1e9d93c5f4594ac90de8aff87dc6e96562f532a3d19c0da63a28654b7

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5C26.tmp\nsProcess.dll

Filesize
35KB

MD5
764371d831841fe57172aa830d22149d

SHA1
680e20e9b98077dea32b083b5c746d8de35e0584

SHA256
93df9e969053ca77c982c6e52b7f2898d22777a8c50274b54303eaa0ef5ccded

SHA512
19076205eba08df978ad17f8176d3a5a17c4ea684460894b6a80cae7e48fcae5e9493ff745d88d62fd44fc17bcda838570add6c38bebe4962d575f060f1584f9

Download Submit
\Windows\NvOptimizerLog\VLC.exe

Filesize
22.4MB

MD5
f888e1922b4be0c7b3ac4a1b88939893

SHA1
be0d523eab9ccfff8531b43e8102fb45506609df

SHA256
1f2204982b8dfa0a9a3f3769f509f76faf29d6b11bece928b246aea4b5a382d2

SHA512
a11577e5856c07217343518240f30a5013f3deacf21eb6751a5ecfd39caed2ed937f7841e78cbde9216f324dc99ffb3441a2cebd74491b0ab9389708a4d24ab3

Download Submit
\Windows\NvOptimizerLog\VLC.exe

Filesize
19.8MB

MD5
e956ce84eeff9a3e5700ca3e2fd1a21d

SHA1
a0f677c5c20522314a7751869f5297a60ae8f089

SHA256
044d8c956a35a8eb570181a3ed22222db8578611053864b82a8e5bf791c5d0d7

SHA512
bc049fbaebb866b8e836237beb1f3ce99c84b0d983ada253f26739c7e112adeb6fa79b68367f63abe9b50095cf826867da0662e2c64c07e7d5276d5b4e4ad549

Download Submit
\Windows\NvOptimizerLog\VLC.exe

Filesize
20.0MB

MD5
9d08bd3f78c6ca9577dfd113f31603c8

SHA1
1986e5c8edcbe012af8f3370b6efcbe1c923aa2d

SHA256
3663aea34215fe498374472594e7d9fd8cbd6482aac4a544d25985331467715e

SHA512
e9136bcc2623a29d2b6a72a5def53f037010cb097807d893d869d286898407c11cd7cbcfeff235ab85d63b7c8b962e015ce48b36274dc4a93e58f7e798ec5d1a

Download Submit
\Windows\NvOptimizerLog\VLC.exe

Filesize
21.7MB

MD5
1d3a667d83d12c7ca24edf4edf4fefd2

SHA1
40193ab4b2e7400f3c2b6fbd046c63456fc3b087

SHA256
d3374a232eae48b1797d1daa57409ec0de38ac7c8038e932694a753694d3d4c4

SHA512
a0ae1af36852f50484f8a5093d658e9b4111e68c7c5dc9b527b6089fed6dcb27dd1438c45c479c05d4d9df5c62dfbbc72aea7a394be5b29cfefd7481bdbc30ce

Download Submit
\Windows\NvOptimizerLog\VLC.exe

Filesize
18.8MB

MD5
94ab1f5c3a5e390f7d3098bb9e0b6ce5

SHA1
6f2f6de853ed456092b2d77017861cef76d7f1a1

SHA256
4252fbe5868eeaa21779a173e1ca2f4adcf0b614943d30cd0c67e92aaaa3b1ab

SHA512
a667bf2ba029b0315e0ffcfdab34788b7d496181a2c5151caaf49f9c9897b00de48e3edb04f32ba7f6b9e151e687d75574fa9ae5fb5ff4e84c49865368c1f7ea

Download Submit
\Windows\NvOptimizerLog\VLC.exe

Filesize
17.8MB

MD5
94cc4bd74e933e15e33c4482a92a743b

SHA1
1696b3b018565a383201701dc37f13a461cf3594

SHA256
cb6a729f690e4cd334bcb94a2482d31ca31c02c8d811349a763a8792b48cf5da

SHA512
7c590a73a5d7dccf8c1393a601f7763247166de5090c4e0f1e8b1381fe6eca1576ae00fe52ab5f030f0e943669978eb3b63f4fe908de08e7918959283e6cee0f

Download Submit
\Windows\NvOptimizerLog\VLC.exe

Filesize
16.4MB

MD5
5f49c9edf5f66b5a6b3371b22def5d0c

SHA1
fe2cb1f5181322011241cc25b2803cc1359f872d

SHA256
c971fbaa4570c7aeb4b4ed6b86c444654a611d0d6dccd51e29df50c574ee11a6

SHA512
545e21850dd700bd7a0994b0962b7ad7de672545f7898d42455ad770e67faf72deda66fdb3eb39174a136f79c317de552b1f301ccf8e25908a8b33bbcb4170b2

Download Submit
\Windows\NvOptimizerLog\VLC.exe

Filesize
17.3MB

MD5
6bc49707984741f071a9f459127bc747

SHA1
259f5f7ba18383ea87c5e2f5043a24d4c2932c94

SHA256
5ffe420df7dffd8460a8775bb787ab80ce776dbb0fb1f151c3a803c0baca4700

SHA512
2417dbde31020e526bed6bef053d3dad16ae805a43570dd5949c115516cb9b1e0456b78716f65971d7c7cb1c24f2d653f28c5c476ff0c5b6eeff5cb330248f59

Download Submit
\Windows\NvOptimizerLog\VLC.exe

Filesize
16.4MB

MD5
ce590bdf067d0ad5eb63821b3cbcf16a

SHA1
07816e58990021dc9dfa5ad1ff11ff7c25fd0922

SHA256
7e3ab55474e43699ab345e586887c3f0c279bdaebb8ceca3f9e4c32c180e6c30

SHA512
59b6a6f3fd2d18114e2fed82e3d8a0b305d54e4a9e814c8ff3e6dcde85594e23155f169b52fbafa22aa03dd835c61cad4ff8f38dd6a583972b33ad2041b12805

Download Submit
\Windows\NvOptimizerLog\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
\Windows\NvOptimizerLog\ffmpeg.dll

Filesize
2.7MB

MD5
5c2e6bcfcffc022cfb7e975ad4ce2ea4

SHA1
8f65334f554b02e206faecd2049d31ef678b321d

SHA256
d068695dc8f873caab1db51c179e9696dda2319fa05c0f2d281f9979e2054fc2

SHA512
b5fe0039e1702375a6e1f4ef7bfb24d0acc42c87d02202a488fccf3d161598549055d2ac0103c95dbbc0e46975aed30259edbfef7ce77d00f1de7c1670c00959

Download Submit
\Windows\NvOptimizerLog\libEGL.dll

Filesize
436KB

MD5
2fe9e551c93156baf537483671ec4ad7

SHA1
08ce2344b2e0a78c2af637f0eae46b948661d5a5

SHA256
f231525ba1ea2522552a722620bced187357d66d945f0cec067c5d858950ea61

SHA512
f93181f1f2268cc380dafef02a93899cb9a19f3287a918bf6ba8eaa69190627d2e2fb0c82b693471e3ca63fbcb07c44212268c1357a5a4cf594a3bd8973eefd2

Download Submit
\Windows\NvOptimizerLog\swiftshader\libEGL.dll

Filesize
458KB

MD5
dd05d7f61dd6b05e8a5cbaff36c3a48e

SHA1
0411d38dd19b05aac80436783faa83bec31871fe

SHA256
5874825870e6ae10d5e4c06cc061ff729237c43cb2237a1c425d2b1cc49e6ab0

SHA512
edda21fc1797195f15e95d9a0ab6a8aa15805796e42ae5159a813ff339590287743a68186a2dbf0608beb3943794f7773b11c59665f176ae4a1cc6548440370a

Download Submit
memory/1884-369-0x0000000003C90000-0x0000000003C92000-memory.dmp

Filesize
8KB

Download
memory/1904-416-0x0000000077940000-0x0000000077941000-memory.dmp

Filesize
4KB

Download
memory/1904-383-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/2160-567-0x0000000001E80000-0x0000000001E88000-memory.dmp

Filesize
32KB

Download
memory/2160-566-0x000000001B5F0000-0x000000001B8D2000-memory.dmp

Filesize
2.9MB

Download
memory/2644-624-0x0000000074C90000-0x0000000074C9C000-memory.dmp

Filesize
48KB

Download
memory/2644-623-0x0000000074CB0000-0x0000000074CBB000-memory.dmp

Filesize
44KB

Download
memory/2644-622-0x0000000074D40000-0x0000000074D4E000-memory.dmp

Filesize
56KB

Download
memory/2644-621-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/3004-558-0x0000000002310000-0x0000000002318000-memory.dmp

Filesize
32KB

Download
memory/3004-557-0x000000001B590000-0x000000001B872000-memory.dmp

Filesize
2.9MB

Download