21be0a068d7d1b57578bfb2ed850b3f3b1cfe4a4c47981ead95abdb8c20278fe

Resubmissions

02-05-2024 13:12

240502-qfqr8abg26 5

02-05-2024 13:06

240502-qb8ggahe7t 5

Analysis

max time kernel
75s
max time network
159s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02-05-2024 13:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup-v-b5xa3Su.exe
Size

704KB
MD5

d1fc9e6d71a4867ab71af5566e525ba0
SHA1

593b10280a926134839feb8e2f9d0da9ee9c0593
SHA256

21be0a068d7d1b57578bfb2ed850b3f3b1cfe4a4c47981ead95abdb8c20278fe
SHA512

c82a23e5e0e3a38e32fc08401890852a71ec90640bbfb944ed7d45812493a53d2be2c0e4373692e52c77d666b8ae72cd0d15c3dc4bc3cc52887ad4589820658d
SSDEEP

12288:iOIVD3gyucpjRKaDPNKT1zH3ptaR1sDfOQSvJqFZ6rOIIzVFA4+M:iOIyyuUjMaDu173pG1szLSvJwSOZBv

Score

5^/10

discovery execution

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

VLC.exeVLC.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\International\Geo\Nation	VLC.exe
Key value queried	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\International\Geo\Nation	VLC.exe

Drops file in System32 directory 1 IoCs

Processes:

VLC.exe

description ioc process

File created C:\Windows\System32\NvWinSearchOptimizer.ps1 VLC.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

description	ioc	process
File created	C:\Windows\System32\NvWinSearchOptimizer.ps1	VLC.exe

Drops file in Windows directory 64 IoCs

Processes:

Setup-v-b5xa3Su.exepowershell.exe

description	ioc	process
File opened for modification	C:\Windows\NvOptimizerLog\resources\regedit\vbs\regUtil.vbs	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\vk_swiftshader_icd.json	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\locales\fi.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\locales\sk.pak	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\assets\osx.png	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\webpack	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\tr.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\locales\it.pak	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\sr.pak	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\assets\win32.png	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\index.js.map	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\MacOS\applet	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\chrome_100_percent.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\icudtl.dat	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\Elevate\Elevate.vcxproj	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\VLC.exe	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\sl.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\v8_context_snapshot.bin	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk	powershell.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\it.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\locales\mr.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\resources\regedit\vbs\ArchitectureSpecificRegistry.vbs	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\elevate.exe	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\locales\id.pak	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\id.pak	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\LICENSE	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\resources\regedit\vbs\regUtil.vbs	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\elevate.exe	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\ko.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\locales\lt.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\locales\tr.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\lib\utils.js	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\ca.pak	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\es-419.pak	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\Resources\description.rtfd\TXT.rtf	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\gksudo	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\elevate.exe	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\swiftshader\libGLESv2.dll	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\locales\kn.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\assets\win32.png	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\bg.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\locales\gu.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\.babelrc	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\resources\regedit\vbs\ArchitectureAgnosticRegistry.vbs	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources\Scripts	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\locales\bg.pak	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\sk.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\locales\zh-CN.pak	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\libgksu2.so.0.0.2	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\cs.pak	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\en-GB.pak	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\ms.pak	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\.eslintignore	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\libgksu2.so.0.0.2	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\Elevate\resource.h	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\chrome_200_percent.pak	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\fr.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\locales\nl.pak	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\.babelrc	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Info.plist	Setup-v-b5xa3Su.exe

Executes dropped EXE 6 IoCs

Processes:

VLC.exeVLC.exeinstaller.exeVLC.exeVLC.exeVLC.exe

pid process

2652 VLC.exe
2728 VLC.exe
888 installer.exe
3028 VLC.exe
2872 VLC.exe
2072 VLC.exe

pid	process
2652	VLC.exe
2728	VLC.exe
888	installer.exe
3028	VLC.exe
2872	VLC.exe
2072	VLC.exe

Loads dropped DLL 30 IoCs

Processes:

Setup-v-b5xa3Su.exeVLC.exeVLC.exeVLC.exeinstaller.exeVLC.exeVLC.exe

pid	process
2076	Setup-v-b5xa3Su.exe
2076	Setup-v-b5xa3Su.exe
2076	Setup-v-b5xa3Su.exe
2076	Setup-v-b5xa3Su.exe
2076	Setup-v-b5xa3Su.exe
2076	Setup-v-b5xa3Su.exe
2076	Setup-v-b5xa3Su.exe
2076	Setup-v-b5xa3Su.exe
2076	Setup-v-b5xa3Su.exe
2076	Setup-v-b5xa3Su.exe
2076	Setup-v-b5xa3Su.exe
2076	Setup-v-b5xa3Su.exe
1392
2652	VLC.exe
2728	VLC.exe
3028	VLC.exe
888	installer.exe
888	installer.exe
2872	VLC.exe
3028	VLC.exe
3028	VLC.exe
3028	VLC.exe
2072	VLC.exe
2072	VLC.exe
2072	VLC.exe
2072	VLC.exe
1392
1392
1392
1392

Command and Scripting Interpreter: PowerShell 1 TTPs 5 IoCs
Using powershell.exe command.
execution

PowerShell
T1059.001

Processes:

powershell.exepowershell.exepowershell.exepowershell.exepowershell.exe

pid process

1764 powershell.exe
2912 powershell.exe
1132 powershell.exe
1764 powershell.exe
2820 powershell.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exe

pid process

848 schtasks.exe

pid	process
1764	powershell.exe
2912	powershell.exe
1132	powershell.exe
1764	powershell.exe
2820	powershell.exe

pid	process
848	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Gathers system information 1 TTPs 1 IoCs
Runs systeminfo.exe.

System Information Discovery
T1082

Processes:

systeminfo.exe

pid process

1992 systeminfo.exe

pid	process
1992	systeminfo.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

Processes:

Setup-v-b5xa3Su.exechrome.exeVLC.exeVLC.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exe

pid	process
2076	Setup-v-b5xa3Su.exe
2076	Setup-v-b5xa3Su.exe
2076	Setup-v-b5xa3Su.exe
2156	chrome.exe
2156	chrome.exe
2728	VLC.exe
2872	VLC.exe
1764	powershell.exe
2912	powershell.exe
1132	powershell.exe
1764	powershell.exe
1764	powershell.exe
2820	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exeSetup-v-b5xa3Su.exepowershell.exepowershell.exepowershell.exe

description	pid	process
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeSecurityPrivilege	2076	Setup-v-b5xa3Su.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeDebugPrivilege	1764	powershell.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeDebugPrivilege	2912	powershell.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeDebugPrivilege	1132	powershell.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

chrome.exe

pid	process
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2156 wrote to memory of 2640	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 2640	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 2640	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 692	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 572	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 572	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 572	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 1284	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 1284	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 1284	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 1284	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 1284	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 1284	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 1284	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 1284	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 1284	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 1284	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 1284	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 1284	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 1284	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 1284	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 1284	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 1284	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 1284	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 1284	2156	chrome.exe	chrome.exe
PID 2156 wrote to memory of 1284	2156	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Setup-v-b5xa3Su.exe
"C:\Users\Admin\AppData\Local\Temp\Setup-v-b5xa3Su.exe"
1⤵
- Drops file in Windows directory
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6d59758,0x7fef6d59768,0x7fef6d59778
2⤵
PID:2640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1004,i,772791555177901123,11801809691785992842,131072 /prefetch:2
2⤵
PID:692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1004,i,772791555177901123,11801809691785992842,131072 /prefetch:8
2⤵
PID:572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1568 --field-trial-handle=1004,i,772791555177901123,11801809691785992842,131072 /prefetch:8
2⤵
PID:1284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2324 --field-trial-handle=1004,i,772791555177901123,11801809691785992842,131072 /prefetch:1
2⤵
PID:2004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2332 --field-trial-handle=1004,i,772791555177901123,11801809691785992842,131072 /prefetch:1
2⤵
PID:1968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1312 --field-trial-handle=1004,i,772791555177901123,11801809691785992842,131072 /prefetch:2
2⤵
PID:1684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1452 --field-trial-handle=1004,i,772791555177901123,11801809691785992842,131072 /prefetch:1
2⤵
PID:1676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1436 --field-trial-handle=1004,i,772791555177901123,11801809691785992842,131072 /prefetch:8
2⤵
PID:2964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3556 --field-trial-handle=1004,i,772791555177901123,11801809691785992842,131072 /prefetch:8
2⤵
PID:1656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 --field-trial-handle=1004,i,772791555177901123,11801809691785992842,131072 /prefetch:8
2⤵
PID:1588

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2660

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:2652

C:\Windows\NvOptimizerLog\resources\vlc\installer.exe
resources/vlc/installer.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:888

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=gpu-process --field-trial-handle=860,5524209394876812370,14706670970741935242,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=868 /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3028

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=860,5524209394876812370,14706670970741935242,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1124 /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2728

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=renderer --field-trial-handle=860,5524209394876812370,14706670970741935242,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Windows\NvOptimizerLog\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1244 /prefetch:1
2⤵
- Checks computer location settings
- Drops file in System32 directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2872

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "chcp"
3⤵
PID:1292

C:\Windows\system32\chcp.com
chcp
4⤵
PID:620

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
3⤵
- Drops file in Windows directory
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1764

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2912

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1132

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "SCHTASKS /Create /TN "NvOptimizerTaskUpdater_V2" /SC HOURLY /TR "powershell -File C:/Windows/System32/NvWinSearchOptimizer.ps1" /RL HIGHEST /MO 4 /RU System /ST 13:16"
3⤵
PID:2688

C:\Windows\system32\schtasks.exe
SCHTASKS /Create /TN "NvOptimizerTaskUpdater_V2" /SC HOURLY /TR "powershell -File C:/Windows/System32/NvWinSearchOptimizer.ps1" /RL HIGHEST /MO 4 /RU System /ST 13:16
4⤵
- Creates scheduled task(s)
PID:848

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted"
3⤵
PID:2904

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:1764

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ExecutionPolicy"
3⤵
PID:968

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ExecutionPolicy
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:2820

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "systeminfo"
3⤵
PID:3044

C:\Windows\system32\systeminfo.exe
systeminfo
4⤵
- Gathers system information
PID:1992

C:\Windows\system32\cscript.exe
cscript.exe
3⤵
PID:3060

C:\Windows\system32\cscript.exe
cscript.exe //Nologo resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\NvOptimizer
3⤵
PID:2476

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "start chrome "https://mediatrackerr.com/track-install?s=vlc&u=e004490e-54bd-4b1f-824f-42e81ae18584&f=Setup-v-b5xa3Su.exe""
3⤵
PID:2120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mediatrackerr.com/track-install?s=vlc&u=e004490e-54bd-4b1f-824f-42e81ae18584&f=Setup-v-b5xa3Su.exe"
4⤵
PID:2212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6d59758,0x7fef6d59768,0x7fef6d59778
5⤵
PID:1984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 --field-trial-handle=1320,i,17326254911350601908,10395083670424016506,131072 /prefetch:2
5⤵
PID:1188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1320,i,17326254911350601908,10395083670424016506,131072 /prefetch:8
5⤵
PID:936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1320,i,17326254911350601908,10395083670424016506,131072 /prefetch:8
5⤵
PID:2452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2100 --field-trial-handle=1320,i,17326254911350601908,10395083670424016506,131072 /prefetch:1
5⤵
PID:1604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2140 --field-trial-handle=1320,i,17326254911350601908,10395083670424016506,131072 /prefetch:1
5⤵
PID:2704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1572 --field-trial-handle=1320,i,17326254911350601908,10395083670424016506,131072 /prefetch:2
5⤵
PID:2796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2188 --field-trial-handle=1320,i,17326254911350601908,10395083670424016506,131072 /prefetch:1
5⤵
PID:1044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3876 --field-trial-handle=1320,i,17326254911350601908,10395083670424016506,131072 /prefetch:8
5⤵
PID:2444

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://mediatrackerr.com/track-install?s=vlc&u=e004490e-54bd-4b1f-824f-42e81ae18584&f=Setup-v-b5xa3Su.exe
3⤵
PID:2144

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2144 CREDAT:275457 /prefetch:2
4⤵
PID:1624

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe" --type=gpu-process --field-trial-handle=860,5524209394876812370,14706670970741935242,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=868 /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2072

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1780

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
de3d0f8ed315edbf797fc100f00e8c1e

SHA1
2749b127923e94734ec0d89834c41f0465b54b2d

SHA256
7467a4cfbde2ca2287d4b640b9c2af7ea43d14ee91d620bb21db35851daba665

SHA512
f5afbef2282142cffee3c8f096331392379ab46adb6fb145b0d1ed416ac245eabd5c77f994d414cd7e6d3ca592cda58fd705f52333782d30da8597f5d46b773c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
8616e28fe064552dd9ebe606f9608994

SHA1
c8afe69e74278e1a1ff358508d33f13c30caf28f

SHA256
fe24b41e150b7a38d98ca1c4ad9f325b5b16b9a521e59bf514e4efdd1f669d99

SHA512
b15f1bd413b564cb774d268f78f5e0bc8fe61155f1f711e934f06bab66af912ae8f4cbffeb4179d022e3d6452986a9bbea54d9cfb44374c6213cd0d9e216965c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
252B

MD5
aa7db0c356d7a7b665a0ecd19f470c21

SHA1
14cdf259ef4d2a4b13830f827be6434c9b5fede0

SHA256
278bceced72eccb1f4d6501b53c49373b57d0c5ffa227e1f901c998fd62e8e72

SHA512
fa0692fb17e9da64d0fc08c400945b377b0116531ec5920924254b616d3faf82a5023e5512571df7100f2bc1b94349bbbaaa7e8cf7fdea11cb9c15b3d96854a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8584afb8e7082fe15b857647af9ed088

SHA1
b8a7aeef53e3cb24d93d4e1653c7ba8995e32e30

SHA256
c0d0f40bb670e555d09313d66cf8a816e63f17d1dac1487395728730be5ea70a

SHA512
f577aa9540a1fd965aae46842baa65eb7c24a82370781ec74f3924a49b9b057055075377faa3665151130b8d789b5ce5da3a70e488a9cf0a218a034ce9988e79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c9e91d011724fc9b55271df74c7fecb9

SHA1
8c009591f2e5baf2f78f772c32ab94bea25644b3

SHA256
a64824a1f5d02c3be4ef920561a4764de9b8f011666b77468a183a8ce5ad2715

SHA512
fac10b482bb779ae54652670ab45bea48eb4bcd910c6ac77eb989c476e81282c70ccd218778ad30164fa03145c16bf06b4225c82350f4653717c7eafcd7546b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a0c8199522a018e0a875cda962e97adc

SHA1
c23ae8bab6ca5c03fc39997a87fae7bda19309ab

SHA256
70ac2de43b56d1e46f6e3e43ded6de83e82a14bdb9a9df9caab4a1b692c7fa0f

SHA512
f00fc53b502fba41de3d9f1930922bfed59f1412de59cb4813cae0b9963f0b8513785426320d31033a95931eeacfe6b3455e4a63b01c64d7a642a759ffdd7e16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
132510db4d9cdf578539c02159ce2d29

SHA1
0e67faf69bc1896c3bf1d6c9ce7c886949ba471e

SHA256
0700c4c2fde2d3071b209480080e4dbf578fed1b04365a714595aceba03e9e54

SHA512
32778d523fee19c11102f8e84c39049262817eaadecbfeb923c31ab338bcf84a03ffd8135f29962ad40b08b0a4468ed2fe5cd8a860d85311a9f6816c352e8929

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
efb98a99c366e7855c0c0404e7222419

SHA1
536ba114613f507d51b61fb51c02848bee9cebe8

SHA256
a4d356c016362a51b3e13e9db8d1bc04ff3b55524379891cc183cf0b4d09aecf

SHA512
7b5f5468f496966a0f041a50ba26d52c248cc6fe615a06d3db9096a3caee7cbb538ea9fc306fd84acc3546a6c30038213a81e46efe3daf20be39ef9c7b483adf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
95d06e7e792eebc71c695781b4c509e5

SHA1
c76743f01ff1f6f045d2ee805165f57ff686fdd0

SHA256
066bde631e0fdbb2760b3c5df2ec28ae8404adebc7788dbbc7e5659a8254d36b

SHA512
22cd85eb6143d80b6b190b52679bcbff58f4e56e3452965d59ba8e48bb27cf0279f8ae326e10816533356d1ff807dc8480df5cca81fd4f42c9fb96b693ec41c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4624e1fb5f1cbba3eac05cde73b86e23

SHA1
0cf6ba0e7ed56a314e5139bd4c9b3ad20dbe3017

SHA256
1c99b6d86aca1185899d502da347ff2b2e9fb593502ccfa43f389d47ed9c50eb

SHA512
7b75abc955215524b0b095f05e476128654b4a5f904385848be647f8f014a8645a490804f1f4465a9a64ac600c591f52e1203ede7dfd21d0283cbd6552ecc56b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8cbc86c7c1b69ead536b478d3a1f1edd

SHA1
9532a616574ef759607a20f7794e95eba2d39338

SHA256
121d703cf7e37b4a4281e71c450830c73d44c5dda76062a1bbfb7aba991b17ac

SHA512
e11f485a3bae9cc4441a2d9affb0ec22ad46ed39dae9fae3c04e6bccb01b4b7ae7dc24c92f67f2d90da0d7bb12810b5c22fb2bde50e9b10db5a44ea937a7c07d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8e742cc712a022a418cc57de39244231

SHA1
d9500f62bc727428f9e28ed92ec2d2edec691781

SHA256
ef07a256c5933d8a34d3cec5d7dca57d70ae19290bab04f649b53e7220ed3d93

SHA512
b0c0f67378d26cdf9210890ef45d43067808af330c9416495935eebcc4452cd4e5dbef2c9c6be243622237cc0faf4ead0c08ff9dc7e1b3d74679425c3ef52d0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
392B

MD5
f08fb1a9239f8b78a8627ce4ba3ec462

SHA1
4c4866792c4bb89336d2f50c451ac47a95ae1449

SHA256
618d2fb72cf574da1c18b07c121c4057e8b3e5a44642354b3bc2748d5e7f0d39

SHA512
e518babe2442ea7ba8e8fb56d6ac1d53e263ed2506b0c1ea46a885833a9c0dab62c3ca4a7bdead0be046670ba6138a6ea0d97aa44b17db9213978e5ff4713129

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\008670bb-6c67-4db3-9301-056ad8076d89.tmp
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\32e08362-4a6a-4b0e-8af5-ba45be57ceff.tmp
Filesize
265KB

MD5
a11cbbe782e7ce30af6acdc0963ef05d

SHA1
53bf01d602376d3a9a4db2166153d968964bb0a4

SHA256
274ffd135ac0a6e162e925349580aaed7c3118a493ee30765f3a33925bf2833b

SHA512
35edf7b265a9336f8211f678e0efa0ddf645f3771fe01b81e82cd943c1c03f952cf5e5f23e227bda56ccc8e750bcf7f96dc9b790c17778e5e5a879698ae0b1fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\332bad2e-5795-4ac5-bb22-51516a0ee568.tmp
Filesize
139KB

MD5
2b23b034fa1c7c09d50505f57aa5fa89

SHA1
cc49e8ccd47d648ac6082be6ee1f8c9b65db746e

SHA256
c6b96c5990f3656d1bf88454ad1a9d2d221e0c30fc71fcc09a54023a3ec02301

SHA512
db303801aa5cfaf18f696a05cbe4d6c4114968f5c48cac01bf22230f8d39f290041901501f3b18619274b31a24c90fc1269275abb5609a229c000d7a5c74ff52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
ecd8ebd0d441c0b49b641fbcd5444d17

SHA1
75760164655f0e440880cfb868a10a01b67b6c90

SHA256
f46d8cdf1812d342e3b49ee242fdba78935d597ccdf86989d165e28696cf62b7

SHA512
99913f343bc9df93bcd6d789c4ddb2378e7f49778836e844bee55de79a98c39a9793331a22c2e6b6f171fd3289c77586a4e32b9d9bbcefd68a0029f6d11d2256

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
363B

MD5
85981e809b544697d2805829abda103c

SHA1
7d0c28257d509f888f33327bd834521bb928e8dd

SHA256
dd43490b1bea6869ddcdc59b806d7b2fd2a7529f1f67117ee6630407c1d368d4

SHA512
2820ab4188f4cd9328d8eddbc353b6b6e9e8f3d90e3928a41be963ea154b451b8362640ae5893642b60519b6861b220536d76d24bf3c7bf91ca5227e2c35d916

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
e6f1e424e64745daf24b08d8672fb86d

SHA1
14964d295ca9ee6af7d0c9fe0b8e1b7000dd55b4

SHA256
626daea174ea57a7636665573d6c55e029aefcfb1c2160843b28a6a4bf688827

SHA512
6009062ee2a56111c000750ac2db477886f7fbd21cf69d1362174741af34f3f2bdacf2e0ebc09e8cbb3f2ad4217932f4225789da077f90ef4dbd1c5f89e0a71b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
89a69e4f5bd2b71fd2eecb3132a35b7d

SHA1
8b3dbecaba8d409fdab14c5b8775e76c36eb5243

SHA256
56fd7a4fcb176884c80678e796fb717388431204fb9b66aaa8f595942eeaf99f

SHA512
c1f929b3af5db15aaa03ae70998c7fa19bd2415979a009b638f525cfafa2e900ca6ccc9926150d732c71f07f14ca0aab8ae07d55c440455710fcf1d1062c9141

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.dbtmp
Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000010.dbtmp
Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
265KB

MD5
b86a1ee002b778b7dafaf7df28a4161c

SHA1
52b5ee5e94378a3a67b19ba730c6b8610f416542

SHA256
3961fc860ed3e59047332d6ec7d1594f5ed47db02d491f5fdcf5e288386c5b59

SHA512
52d5390ca1548a2459d5e326bc2d86b3710f49dbe1ebb4ce1f194ddf0ad67fd69e2f2e652147664d770f222e46f052cbc788d01be3a4a13bff2b89a278d4f899

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
139KB

MD5
f2de516b25b754dc982cf5ca22b1e201

SHA1
5ed6e9a75ac494c243ec6db68fa0a5b8795f0876

SHA256
bdaaed6f5c76ba1dde1db4f3d7f890b39a3d191ee73b66f1728cc7f39bbc914d

SHA512
5768904fa2addf3d461d62013cda25a09cbb9595f50ce44f1c4d04f7bd2ab3035efeef6f9008751ac219e32327c60fa06d30691abf0dc2e6dc87ce18b1c51143

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\favicon[1].ico
Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA016.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCAEF.tmp
Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCE03.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF4E57DF1E9CAF16B5.TMP
Filesize
16KB

MD5
5655e53adb3f48a25b3a796ab8f66de9

SHA1
36465a029829f95177db457beaf049f9ad828bf7

SHA256
b04e24306bbadb6889b4d7b4e0504bd9a9e8c55d18d5c33dd11cbe9b4c5d16a4

SHA512
11b9d68e01e0204dcb0737049b310b75d145fa477871c377c20e4e6daf84a8a30bc7edf83798cff8374ccc7856cda9280f7788cbdbf3ebc15635337610947fd8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0ITWAA2R5U8DLI176D1W.temp
Filesize
7KB

MD5
209704488fa8ac1bfafd4c38e2681663

SHA1
bc596eb65ced902b269183221e4f1e7fc6cacb5a

SHA256
97c6fb32eb6949df5f87c93d29b45aa7489644b2f610b702f69918911e537191

SHA512
53409ae7c93650254bd0c0a04e0409bd7ec55d747814adb28e86801e931c30688d138a66c774bb4abb3c4c19338ae475ef227d64ac89974a9a1a0d6faef373d6

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Cache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Dictionaries\en-US-9-0.bdic
Filesize
441KB

MD5
a78ad14e77147e7de3647e61964c0335

SHA1
cecc3dd41f4cea0192b24300c71e1911bd4fce45

SHA256
0d6803758ff8f87081fafd62e90f0950dfb2dd7991e9607fe76a8f92d0e893fa

SHA512
dde24d5ad50d68fc91e9e325d31e66ef8f624b6bb3a07d14ffed1104d3ab5f4ef1d7969a5cde0dfbb19cb31c506f7de97af67c2f244f7e7e8e10648ea8321101

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Windows\NvOptimizerLog\D3DCompiler_47.dll
Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Windows\NvOptimizerLog\chrome_100_percent.pak
Filesize
123KB

MD5
a59ea69d64bf4f748401dc5a46a65854

SHA1
111c4cc792991faf947a33386a5862e3205b0cff

SHA256
f1a935db8236203cbc1dcbb9672d98e0bd2fa514429a3f2f82a26e0eb23a4ff9

SHA512
12a1d953df00b6464ecc132a6e5b9ec3b301c7b3cefe12cbcad27a496d2d218f89e2087dd01d293d37f29391937fcbad937f7d5cf2a6f303539883e2afe3dacd

Download Submit
C:\Windows\NvOptimizerLog\chrome_200_percent.pak
Filesize
183KB

MD5
1985b8fc603db4d83df72cfaeeac7c50

SHA1
5b02363de1c193827062bfa628261b1ec16bd8cf

SHA256
7f9ded50d81c50f9c6ed89591fa621fabbd45cef150c8aabcceb3b7a9de5603b

SHA512
27e90dd18cbce0e27c70b395895ef60a8d2f2f3c3f2ca38f48b7ecf6b0d5e6fefbe88df7e7c98224222b34ff0fbd60268fdec17440f1055535a79002044c955b

Download Submit
C:\Windows\NvOptimizerLog\ffmpeg.dll
Filesize
2.7MB

MD5
5c2e6bcfcffc022cfb7e975ad4ce2ea4

SHA1
8f65334f554b02e206faecd2049d31ef678b321d

SHA256
d068695dc8f873caab1db51c179e9696dda2319fa05c0f2d281f9979e2054fc2

SHA512
b5fe0039e1702375a6e1f4ef7bfb24d0acc42c87d02202a488fccf3d161598549055d2ac0103c95dbbc0e46975aed30259edbfef7ce77d00f1de7c1670c00959

Download Submit
C:\Windows\NvOptimizerLog\icudtl.dat
Filesize
9.9MB

MD5
70499b58dc18e7ee1d7452a1d7a8bc6e

SHA1
41c5382f08c6a88670ce73a20c0dcdb3822f19e9

SHA256
02db39ba465fc8b7a4cd280732760f29911edde87b331bf7cea7677e94d483e0

SHA512
a80939e9809bb7d20f00ad685c94d5c182fa729616c975e605abf09afb58376be73a49fefa35b75ed1a284eccf208af7656c8df44c5959df7eaf51367d232dc6

Download Submit
C:\Windows\NvOptimizerLog\locales\en-US.pak
Filesize
85KB

MD5
6bbeeb72daebc3b0cbd9c39e820c87a9

SHA1
bd9ebec2d3fc03a2b27f128cf2660b33a3344f43

SHA256
ac1cdb4fb4d9fb27a908ed0e24cc9cc2bd885bc3ffba7e08b0b907fd4d1a8c4b

SHA512
66944fb1abcc2a7e08e5fd8a2cee53eb9da57653d7880aea226f25879e26379f7d745ebf62a3518378fa503f3a31b3ea3716f49fe4c7db4f4af0228b81b53a10

Download Submit
C:\Windows\NvOptimizerLog\resources.pak
Filesize
4.9MB

MD5
5507bc28022b806ea7a3c3bc65a1c256

SHA1
9f8d3a56fef7374c46cd3557f73855d585692b54

SHA256
367467609a389b67600628760c26732fc1a25f563f73263bc2c4bf6eec9033df

SHA512
ae698d4feacc3e908981ee44df3a9d76e42a39bf083eaf099442ace2b863f882b43232e26e2c18051ca7aec81dccef5742acc7b82fb0cda2e14086b14d5a9a26

Download Submit
C:\Windows\NvOptimizerLog\resources\app.asar
Filesize
4.6MB

MD5
040a8280b01b5a029e50c5d141d555ad

SHA1
ce103568d6ae6456f1d1d718929b6972c0bad1b4

SHA256
6b6309fe0c4ca9c73626f1435ed3332656d9e6b1e500fb85af0ebf9842813485

SHA512
6706c453509bf718d1870c98a49842743cf2e49d22225a3d33051808a3f1045c7d0c065ecafae75f1bb57b4ef4436aa76774ff6553fddf3739bc47d2e9400ce8

Download Submit
C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\libgksu2.so.0
Filesize
68KB

MD5
6dbc4226a62a578b815c4d4be3eda0d7

SHA1
eb23f90635a8366c5c992043ccf2dfb817cf6512

SHA256
0eb70bd4b911c9af7c1c78018742cadb0c5f9b6d394005eaeaa733da4b5766e5

SHA512
3a2836f712ad7048dbeb5b6eec8e163652f97bea521eafcff5c598cbedf062baefaa7079d3a614470ef99ec954dac518224cb3515ca14757721f96412443c7c4

Download Submit
C:\Windows\NvOptimizerLog\resources\vlc\installer.exe
Filesize
42.4MB

MD5
14becb7840eb1d3d46071d2ee65c7be8

SHA1
ff6e6f9359127f836a03dfc2b8bc9ba651c627c4

SHA256
9737843c119905be767de5e94e398be1eb145b0cc6a5a02f057d4022b80da4d8

SHA512
717289d3b514f4daa6b1cf97705c876bbe89fa215084ba8e1abeef3770e0a620d04127ef8de1f2d89477e1fab355526ed584ed3f9c7ecaf0c7d24a9bceee8248

Download Submit
C:\Windows\NvOptimizerLog\v8_context_snapshot.bin
Filesize
160KB

MD5
b64c1fc7d75234994012c86dc5af10a6

SHA1
d0d562b5735d28381d59d0d86078ff6b493a678e

SHA256
31c3aa5645b5487bf484fd910379003786523f3063e946ef9b50d257d0ee5790

SHA512
6218fcb74ef715030a2dd718c87b32f41e976dd4ce459c54a45341ee0f5ca5c927ad507d3afcffe7298b989e969885ed7fb72030ea59387609e8bd5c4b8eb60a

Download Submit
\??\pipe\crashpad_2156_YEIQSKTCWBJEGRJI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\nsd736C.tmp\INetC.dll
Filesize
238KB

MD5
38caa11a462b16538e0a3daeb2fc0eaf

SHA1
c22a190b83f4b6dc0d6a44b98eac1a89a78de55c

SHA256
ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a

SHA512
777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1

Download Submit
\Users\Admin\AppData\Local\Temp\nsd736C.tmp\SpiderBanner.dll
Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsd736C.tmp\StdUtils.dll
Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsd736C.tmp\System.dll
Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsd736C.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsd736C.tmp\nsProcess.dll
Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsd736C.tmp\nsis7z.dll
Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
\Users\Admin\AppData\Local\Temp\nso20BC.tmp\LangDLL.dll
Filesize
7KB

MD5
20850d4d5416fbfd6a02e8a120f360fc

SHA1
ac34f3a34aaa4a21efd6a32bc93102639170e219

SHA256
860b409b065b747aab2a9937f02d08b6fd7309993b50d8e4b53983c8c2b56b61

SHA512
c8048b9ae0ced72a384c5ab781083a76b96ae08d5c8a5c7797f75a7e54e9cd9192349f185ee88c9cf0514fc8d59e37e01d88b9c8106321c0581659ebe1d1c276

Download Submit
\Users\Admin\AppData\Local\Temp\nso20BC.tmp\System.dll
Filesize
26KB

MD5
4f25d99bf1375fe5e61b037b2616695d

SHA1
958fad0e54df0736ddab28ff6cb93e6ed580c862

SHA256
803931797d95777248dee4f2a563aed51fe931d2dd28faec507c69ed0f26f647

SHA512
96a8446f322cd62377a93d2088c0ce06087da27ef95a391e02c505fb4eb1d00419143d67d89494c2ef6f57ae2fd7f049c86e00858d1b193ec6dde4d0fe0e3130

Download Submit
\Windows\NvOptimizerLog\libEGL.dll
Filesize
436KB

MD5
2fe9e551c93156baf537483671ec4ad7

SHA1
08ce2344b2e0a78c2af637f0eae46b948661d5a5

SHA256
f231525ba1ea2522552a722620bced187357d66d945f0cec067c5d858950ea61

SHA512
f93181f1f2268cc380dafef02a93899cb9a19f3287a918bf6ba8eaa69190627d2e2fb0c82b693471e3ca63fbcb07c44212268c1357a5a4cf594a3bd8973eefd2

Download Submit
\Windows\NvOptimizerLog\libGLESv2.dll
Filesize
7.5MB

MD5
5967a9234ec54d734b31cfd12cb67faf

SHA1
536840ddb29ead51d43a506fd493b48c436097d6

SHA256
48ec76bac1ff6647096a9532ac21b4a0d7c6c9c24613971aaa201cce452ce4ce

SHA512
cf8e4c3a838b58a568639ab2778800d776e0171dc34e3b82f537adbadceaa3c292240ec7d8561b5a85df3caef6e001a07ac19e280a5bb8b0607f8ba767461479

Download Submit
\Windows\NvOptimizerLog\swiftshader\libEGL.dll
Filesize
458KB

MD5
dd05d7f61dd6b05e8a5cbaff36c3a48e

SHA1
0411d38dd19b05aac80436783faa83bec31871fe

SHA256
5874825870e6ae10d5e4c06cc061ff729237c43cb2237a1c425d2b1cc49e6ab0

SHA512
edda21fc1797195f15e95d9a0ab6a8aa15805796e42ae5159a813ff339590287743a68186a2dbf0608beb3943794f7773b11c59665f176ae4a1cc6548440370a

Download Submit
\Windows\NvOptimizerLog\swiftshader\libGLESv2.dll
Filesize
3.1MB

MD5
34ae0a64a678d6cff4c5b1f059d0d8e6

SHA1
09392ccb512ffd18e2ce45206437e43728064886

SHA256
d1c6897c2a06033d1734388d5f93adc4423ace9b9b307fe599e63d43f6a218c5

SHA512
ca936805aa3487dbb46544973a5aa284c575897c18578565dd44c7c8e0e1c83c38dfc5e917766fc9d3045168a95bf7d4b3773fa4c8337c8a0730729b541a096a

Download Submit
memory/888-639-0x0000000074A60000-0x0000000074A6E000-memory.dmp

Filesize
56KB

Download
memory/888-1603-0x00000000749B0000-0x00000000749BC000-memory.dmp

Filesize
48KB

Download
memory/888-1600-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/888-638-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/888-1601-0x0000000074A60000-0x0000000074A6E000-memory.dmp

Filesize
56KB

Download
memory/888-1602-0x00000000749C0000-0x00000000749CB000-memory.dmp

Filesize
44KB

Download
memory/888-640-0x0000000074A40000-0x0000000074A49000-memory.dmp

Filesize
36KB

Download
memory/1764-606-0x0000000002390000-0x0000000002398000-memory.dmp

Filesize
32KB

Download
memory/1764-605-0x000000001B240000-0x000000001B522000-memory.dmp

Filesize
2.9MB

Download
memory/2076-433-0x0000000003620000-0x0000000003622000-memory.dmp

Filesize
8KB

Download
memory/2912-616-0x0000000002360000-0x0000000002368000-memory.dmp

Filesize
32KB

Download
memory/2912-615-0x000000001B420000-0x000000001B702000-memory.dmp

Filesize
2.9MB

Download
memory/3028-455-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download
memory/3028-493-0x00000000773C0000-0x00000000773C1000-memory.dmp

Filesize
4KB

Download