21be0a068d7d1b57578bfb2ed850b3f3b1cfe4a4c47981ead95abdb8c20278fe

Resubmissions

02-05-2024 13:12

240502-qfqr8abg26 5

02-05-2024 13:06

240502-qb8ggahe7t 5

Analysis

max time kernel
153s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
02-05-2024 13:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup-v-b5xa3Su.exe
Size

704KB
MD5

d1fc9e6d71a4867ab71af5566e525ba0
SHA1

593b10280a926134839feb8e2f9d0da9ee9c0593
SHA256

21be0a068d7d1b57578bfb2ed850b3f3b1cfe4a4c47981ead95abdb8c20278fe
SHA512

c82a23e5e0e3a38e32fc08401890852a71ec90640bbfb944ed7d45812493a53d2be2c0e4373692e52c77d666b8ae72cd0d15c3dc4bc3cc52887ad4589820658d
SSDEEP

12288:iOIVD3gyucpjRKaDPNKT1zH3ptaR1sDfOQSvJqFZ6rOIIzVFA4+M:iOIyyuUjMaDu173pG1szLSvJwSOZBv

Score

5^/10

discovery execution

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2818691465-3043947619-2475182763-1000\Control Panel\International\Geo\Nation	VLC.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2818691465-3043947619-2475182763-1000\Control Panel\International\Geo\Nation	cmd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2818691465-3043947619-2475182763-1000\Control Panel\International\Geo\Nation	VLC.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\System32\NvWinSearchOptimizer.ps1	VLC.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\NvOptimizerLog\locales\sw.pak	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\vlc\installer.exe	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\locales\am.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\locales\hu.pak	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\Resources\description.rtfd\TXT.rtf	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\libgksu2.so.0.0.2	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\Elevate\resource.h	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\vk_swiftshader_icd.json	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\applet.app\Contents\Resources	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\Resources\Scripts	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\elevate.exe	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\locales\pt-BR.pak	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\sk.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\locales\zh-TW.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\assets\linux.png	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\Resources\description.rtfd\TXT.rtf	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\resources\regedit\vbs\regCreateKey.wsf	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\ca.pak	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\et.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\resources\regedit\vbs\regListStream.wsf	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\regedit\vbs\regPutValue.wsf	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\locales\ko.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\locales\mr.pak	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\sl.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\locales\ca.pak	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\fr.pak	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\libgksu2.so.0	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\regedit\vbs\regDeleteKey.wsf	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\lib	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\vi.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\index.js.map	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\vulkan-1.dll	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\vk_swiftshader_icd.json	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\swiftshader\libGLESv2.dll	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\locales\ro.pak	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\.babelrc	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\locales\sk.pak	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\gksudo	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\Elevate\Elevate.vcxproj.filters	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\bn.pak	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\hi.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\resources\vlc\installer.exe	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\cs.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\libGLESv2.dll	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\assets\linux.png	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\Info.plist	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\index.js	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\ffmpeg.dll	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\hu.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\locales\kn.pak	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\Contents\Resources\Scripts\main.scpt	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\bin\applet.app\LICENSE	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\dist\index.js.map	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\libgksu2.so.0.0.2	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\locales\ja.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\locales\te.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\elevate.exe	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\LICENSE.electron.txt	Setup-v-b5xa3Su.exe
File opened for modification	C:\Windows\NvOptimizerLog\locales\pt-PT.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\resources.pak	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\vendor\win32\Elevate\main.c	Setup-v-b5xa3Su.exe
File created	C:\Windows\NvOptimizerLog\locales\hi.pak	Setup-v-b5xa3Su.exe

Executes dropped EXE 5 IoCs

pid	Process
5048	VLC.exe
4824	VLC.exe
4720	VLC.exe
4580	VLC.exe
2808	installer.exe

Loads dropped DLL 21 IoCs

pid	Process
404	Setup-v-b5xa3Su.exe
404	Setup-v-b5xa3Su.exe
404	Setup-v-b5xa3Su.exe
404	Setup-v-b5xa3Su.exe
404	Setup-v-b5xa3Su.exe
404	Setup-v-b5xa3Su.exe
404	Setup-v-b5xa3Su.exe
404	Setup-v-b5xa3Su.exe
404	Setup-v-b5xa3Su.exe
404	Setup-v-b5xa3Su.exe
5048	VLC.exe
4720	VLC.exe
4824	VLC.exe
4580	VLC.exe
4824	VLC.exe
4824	VLC.exe
4824	VLC.exe
2808	installer.exe
2808	installer.exe
2808	installer.exe
2808	installer.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 5 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
5676	powershell.exe
5976	powershell.exe
232	powershell.exe
5428	powershell.exe
5604	powershell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
5356	schtasks.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Gathers system information 1 TTPs 1 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
5760	systeminfo.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133591292006998068"	chrome.exe

Suspicious behavior: EnumeratesProcesses 44 IoCs

pid	Process
404	Setup-v-b5xa3Su.exe
404	Setup-v-b5xa3Su.exe
404	Setup-v-b5xa3Su.exe
404	Setup-v-b5xa3Su.exe
404	Setup-v-b5xa3Su.exe
404	Setup-v-b5xa3Su.exe
1352	chrome.exe
1352	chrome.exe
4720	VLC.exe
4720	VLC.exe
4580	VLC.exe
4580	VLC.exe
5676	powershell.exe
5676	powershell.exe
5676	powershell.exe
5976	powershell.exe
5976	powershell.exe
5976	powershell.exe
232	powershell.exe
232	powershell.exe
232	powershell.exe
5428	powershell.exe
5428	powershell.exe
5428	powershell.exe
5428	powershell.exe
5604	powershell.exe
5604	powershell.exe
5604	powershell.exe
5884	msedge.exe
5884	msedge.exe
5152	msedge.exe
5152	msedge.exe
6404	identity_helper.exe
6404	identity_helper.exe
2808	installer.exe
2808	installer.exe
2808	installer.exe
2808	installer.exe
2808	installer.exe
2808	installer.exe
2808	installer.exe
2808	installer.exe
2808	installer.exe
2808	installer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
5152	msedge.exe
5152	msedge.exe
1352	chrome.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	404	Setup-v-b5xa3Su.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeDebugPrivilege	5676	powershell.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeIncreaseQuotaPrivilege	5676	powershell.exe
Token: SeSecurityPrivilege	5676	powershell.exe
Token: SeTakeOwnershipPrivilege	5676	powershell.exe
Token: SeLoadDriverPrivilege	5676	powershell.exe
Token: SeSystemProfilePrivilege	5676	powershell.exe
Token: SeSystemtimePrivilege	5676	powershell.exe
Token: SeProfSingleProcessPrivilege	5676	powershell.exe
Token: SeIncBasePriorityPrivilege	5676	powershell.exe
Token: SeCreatePagefilePrivilege	5676	powershell.exe
Token: SeBackupPrivilege	5676	powershell.exe
Token: SeRestorePrivilege	5676	powershell.exe
Token: SeShutdownPrivilege	5676	powershell.exe
Token: SeDebugPrivilege	5676	powershell.exe
Token: SeSystemEnvironmentPrivilege	5676	powershell.exe
Token: SeRemoteShutdownPrivilege	5676	powershell.exe
Token: SeUndockPrivilege	5676	powershell.exe
Token: SeManageVolumePrivilege	5676	powershell.exe
Token: 33	5676	powershell.exe
Token: 34	5676	powershell.exe
Token: 35	5676	powershell.exe
Token: 36	5676	powershell.exe
Token: SeDebugPrivilege	5976	powershell.exe
Token: SeIncreaseQuotaPrivilege	5976	powershell.exe
Token: SeSecurityPrivilege	5976	powershell.exe
Token: SeTakeOwnershipPrivilege	5976	powershell.exe
Token: SeLoadDriverPrivilege	5976	powershell.exe
Token: SeSystemProfilePrivilege	5976	powershell.exe
Token: SeSystemtimePrivilege	5976	powershell.exe
Token: SeProfSingleProcessPrivilege	5976	powershell.exe
Token: SeIncBasePriorityPrivilege	5976	powershell.exe
Token: SeCreatePagefilePrivilege	5976	powershell.exe
Token: SeBackupPrivilege	5976	powershell.exe
Token: SeRestorePrivilege	5976	powershell.exe
Token: SeShutdownPrivilege	5976	powershell.exe
Token: SeDebugPrivilege	5976	powershell.exe
Token: SeSystemEnvironmentPrivilege	5976	powershell.exe
Token: SeRemoteShutdownPrivilege	5976	powershell.exe
Token: SeUndockPrivilege	5976	powershell.exe
Token: SeManageVolumePrivilege	5976	powershell.exe
Token: 33	5976	powershell.exe
Token: 34	5976	powershell.exe
Token: 35	5976	powershell.exe
Token: 36	5976	powershell.exe
Token: SeDebugPrivilege	232	powershell.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
1352	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
5048	VLC.exe
4720	VLC.exe
4824	VLC.exe
4580	VLC.exe
2808	installer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 3684	1352	chrome.exe	98
PID 1352 wrote to memory of 3684	1352	chrome.exe	98
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 4548	1352	chrome.exe	99
PID 1352 wrote to memory of 2744	1352	chrome.exe	100
PID 1352 wrote to memory of 2744	1352	chrome.exe	100
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101
PID 1352 wrote to memory of 544	1352	chrome.exe	101

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Setup-v-b5xa3Su.exe
"C:\Users\Admin\AppData\Local\Temp\Setup-v-b5xa3Su.exe"
1⤵
- Drops file in Windows directory
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9402dcc40,0x7ff9402dcc4c,0x7ff9402dcc58
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,6514847163952418594,9119172892034717532,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,6514847163952418594,9119172892034717532,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2484 /prefetch:3
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2112,i,6514847163952418594,9119172892034717532,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2596 /prefetch:8
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,6514847163952418594,9119172892034717532,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,6514847163952418594,9119172892034717532,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4572,i,6514847163952418594,9119172892034717532,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,6514847163952418594,9119172892034717532,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4524,i,6514847163952418594,9119172892034717532,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4856,i,6514847163952418594,9119172892034717532,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,6514847163952418594,9119172892034717532,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5100,i,6514847163952418594,9119172892034717532,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5188,i,6514847163952418594,9119172892034717532,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:5744

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2044

C:\Windows\NvOptimizerLog\VLC.exe
"C:\Windows\NvOptimizerLog\VLC.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:5048
- C:\Windows\NvOptimizerLog\VLC.exe
  "C:\Windows\NvOptimizerLog\VLC.exe" --type=gpu-process --field-trial-handle=1600,11536218394677768970,1262547877487435095,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1608 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:4824
- C:\Windows\NvOptimizerLog\VLC.exe
  "C:\Windows\NvOptimizerLog\VLC.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1600,11536218394677768970,1262547877487435095,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1992 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4720
- C:\Windows\NvOptimizerLog\VLC.exe
  "C:\Windows\NvOptimizerLog\VLC.exe" --type=renderer --field-trial-handle=1600,11536218394677768970,1262547877487435095,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Windows\NvOptimizerLog\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2164 /prefetch:1
  2⤵
  - Checks computer location settings
  - Drops file in System32 directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4580
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp"
    3⤵
    PID:5388
  - - C:\Windows\system32\chcp.com
      chcp
      4⤵
      PID:5480
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5676
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5976
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:232
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "SCHTASKS /Create /TN "NvOptimizerTaskUpdater_V2" /SC HOURLY /TR "powershell -File C:/Windows/System32/NvWinSearchOptimizer.ps1" /RL HIGHEST /MO 4 /RU System /ST 13:16"
    3⤵
    PID:5260
  - - C:\Windows\system32\schtasks.exe
      SCHTASKS /Create /TN "NvOptimizerTaskUpdater_V2" /SC HOURLY /TR "powershell -File C:/Windows/System32/NvWinSearchOptimizer.ps1" /RL HIGHEST /MO 4 /RU System /ST 13:16
      4⤵
      Creates scheduled task(s)
      PID:5356
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted"
    3⤵
    PID:5400
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:5428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ExecutionPolicy"
    3⤵
    PID:5556
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-ExecutionPolicy
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:5604
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "systeminfo"
    3⤵
    PID:5908
  - - C:\Windows\system32\systeminfo.exe
      systeminfo
      4⤵
      Gathers system information
      PID:5760
- - C:\Windows\system32\cscript.exe
    cscript.exe
    3⤵
    PID:6052
- - C:\Windows\system32\cscript.exe
    cscript.exe //Nologo resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\NvOptimizer
    3⤵
    PID:6004
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "start chrome "https://mediatrackerr.com/track-install?s=vlc&u=df3667ad-2989-418a-8bc9-be5ba87b8e1f&f=Setup-v-b5xa3Su.exe""
    3⤵
    - Checks computer location settings
    PID:5280
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mediatrackerr.com/track-install?s=vlc&u=df3667ad-2989-418a-8bc9-be5ba87b8e1f&f=Setup-v-b5xa3Su.exe"
      4⤵
      PID:5352
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9402dcc40,0x7ff9402dcc4c,0x7ff9402dcc58
        5⤵
        
        PID:5332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mediatrackerr.com/track-install?s=vlc&u=df3667ad-2989-418a-8bc9-be5ba87b8e1f&f=Setup-v-b5xa3Su.exe
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:5152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff93cc946f8,0x7ff93cc94708,0x7ff93cc94718
      4⤵
      PID:2052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,559905264410613806,1022513209402460485,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
      4⤵
      PID:5828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,559905264410613806,1022513209402460485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,559905264410613806,1022513209402460485,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
      4⤵
      PID:5644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,559905264410613806,1022513209402460485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
      4⤵
      PID:5896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,559905264410613806,1022513209402460485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
      4⤵
      PID:5732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,559905264410613806,1022513209402460485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
      4⤵
      PID:5548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,559905264410613806,1022513209402460485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
      4⤵
      PID:6268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,559905264410613806,1022513209402460485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,559905264410613806,1022513209402460485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
      4⤵
      PID:6512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,559905264410613806,1022513209402460485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
      4⤵
      PID:6524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,559905264410613806,1022513209402460485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
      4⤵
      PID:6692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,559905264410613806,1022513209402460485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
      4⤵
      PID:6700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,559905264410613806,1022513209402460485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
      4⤵
      PID:856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,559905264410613806,1022513209402460485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2804 /prefetch:1
      4⤵
      PID:3616
- C:\Windows\NvOptimizerLog\resources\vlc\installer.exe
  resources/vlc/installer.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2808

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
de3d0f8ed315edbf797fc100f00e8c1e

SHA1
2749b127923e94734ec0d89834c41f0465b54b2d

SHA256
7467a4cfbde2ca2287d4b640b9c2af7ea43d14ee91d620bb21db35851daba665

SHA512
f5afbef2282142cffee3c8f096331392379ab46adb6fb145b0d1ed416ac245eabd5c77f994d414cd7e6d3ca592cda58fd705f52333782d30da8597f5d46b773c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
27152f439e93c143d2bfca7c537a3f14

SHA1
c40b03d6e51bccfc61a8ce7d1624e6c189ea119c

SHA256
afdcbc475f256d63bcabb5f3c6bdbe2a539b5f697c8145ad86456d78711bf599

SHA512
4fd49da87f96433f04eccf3bc62356e63d126e9b977df38e6a12ec1b000a1383d915513706521bbeec47a2b1f9a9ccea89ea7894d4f4110e962154be1f04e223

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
46c7e923e380ae9cf20f04f38f925390

SHA1
885cb7c0255aa01c66244961ff427fac057a2a6a

SHA256
b88b5d6327956c3b2fa94bae899797fbdaebb5b206cc6b212b7d2c08dd5078aa

SHA512
b19530b6647f666328e4b4ffcfe9e256a64f93be151590a5ba8ff8fbf375398ee0ccf6556ad6b3e5d378a0252af3a1c36c029e6a2b11890f1eb7dac689832146

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
160a2acc6e79070ce34a89ae5822e202

SHA1
a7c0817b8f6923a11d8d3ef1068513170677ccb3

SHA256
2a662e49c24e96708c0f328913523e8eff9d424177f609ad5f49717fd8a0efcc

SHA512
3b674d530ae5f0032eddd256d0716b81ef2c5291ee05c5b91901c69ea37165415f7ded5828207c24fd24624894557155ce44aa3c9e3673518197d021c93fb5e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ab68c7cea1d75a6448d01ee7a2caf134

SHA1
1d596235091b511f8785edc3ca78bab2e7ea3277

SHA256
1cba46a08889b16c850b51949f3da893dae534389873befd8ca842674a10cf42

SHA512
cd66d2abe7b3cf9fc4020814568566d5a27f3f80bb92cf85b20bb384b2ee723699ccbedd46be135d91febff0b4a7176113e4ab0ce9e4fb4b51ac41642fe0c500

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
d672572f34db8edafbe301946b62fa22

SHA1
619bfcf6b609b9ebbdcac7a373fbbe0749e91c00

SHA256
7e04b5abed7db118588f5fdcc43c068b64df4f9407bed7d5b933f79df2a152ed

SHA512
fdbbe9e6832d2e8afbea299f0e60d26541ef0ee0af1fb19eec8b4bfe6de8bc71000360eb5df61bd800e771253ff3ec973ec2f252437a5c237fd2443e61448936

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5b078646e13c3ed7a443ed55f75b70e1

SHA1
205114c9f85ff8a1e0d51eebe1872039c36a8356

SHA256
d3511ba4f9e7426bcc3735b097cfbc59c24e6e9ee4e64d18f711eed8b8ab1d9d

SHA512
52a0c7a3208852a567028d2b4a54114547fb33a676a8aaaa889f062f96fbe71969cc5ff173b96b1340ed8f6702f5b34256b22d4653073b9185b5d0980e77a55f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d892bd714f35e0dd3ad9591a169177ed

SHA1
c0058b71591a42ccaa6990824ac59082c29a168a

SHA256
c2c2e07b5199affd8fdd9aed83d86d2f9c0b6ae0db355fc062333f2d0be622c1

SHA512
3a433f3c170f011e647e4b72f103274674253087003cd278f6f4ededbc5330deeafa05a7933c883e384503af46817e31377e4ecbce3bfef18977017a7de587d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
619b415798895f96ba0219275ddf9978

SHA1
f2dc14e43e25a61113e3348d099e66198d830745

SHA256
c6ffca7ddb315ad76ce85856a2dc292547678ed41f38e8c204a18354b5788327

SHA512
b084471d81edc0b30ff9cbca26e20dd3c29fff7959f7aab92237fa826f7ac8ee1e74ebb9c8bb92538123310d8bb028344f0425724f5c5516f6117621a4ca7ea5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ecfa335cc022e45d6ade8846880f10f1

SHA1
2901b5495086224b0f398b15cbfc0057698403a1

SHA256
c43b119ca729256c0a47cd7a0dcffdc8e61c2c78a6634568fc13b1a94429f750

SHA512
427336744ffce4821ff221c271d2aff7ac4cd03758bb4f0fa9c6311364eec49b0582501c50510652ca1fa05df4c924d32763c17737200c80ae18b65dc4002981

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5078eb69682c37938cebe2feb822f671

SHA1
7b1025ca9f733f26870655409d6a341503f8a20c

SHA256
03174597ca7266bc897f5f595a53b4a7762f5052162292d60c8da94959b6858c

SHA512
4df4a463ad1b8cd2cb20ee90007d92ed10006c7be5ff8dbcd79708465ed4a09f0f0168d4ce22649350cff875e77a061f1248d06e2fb49874fd87b2a1144bb112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ecd8783cea24b4724386092c98472e38

SHA1
8e5bfd612c4f481518ee47ccbf5d580bbbd6654f

SHA256
086de80a24f1e089cf553a488ead173388595c8958dc065d4f022234b1426e64

SHA512
066e910773aa6614a2ad239829fa629223520be9082084aa5b4209586a04ad9c76193c7c3cfaef606f24ff5d49aafd215a12e591a9b9374a20402ef38cccead4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b3ad38000647c9eb803da97687b69011

SHA1
c5e9a17bf0b4b77b4bbd50eb1c44f6798f186643

SHA256
f4112fff01c27f1d4d5954ee9ed1e7188f2b266ec44bdf7460833c2a99da5301

SHA512
9878e0c4c7f1c1f3a27e6f59b7ad3aee760ad1d94e22ec5e24f0520f3de2c9530095f202b703f0f8607ddfb7f37c084729b2fd0f5bf01088786a4a3591e19536

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0037c8ac572e99827e283b66dac54b1e

SHA1
95ff1c5c6e5c34ba7f4d4073ad8352be5ffdcda1

SHA256
ec9f0f2803e9aaae568c0c74d86d9e861fe921e16b88a03698a7b201ad294e85

SHA512
92e6e35aa7b02d6c6ddef771b884674c9c1c14e2ee8960da02eb5d075aeadde5b408c6f44d2ea8e3b4ec723e985b76bf25c937aac25c194de29c98eeec1a5f3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4e5657716ac21173fca839b111958417

SHA1
cf15c402a1f14126e12e21c7b1aba8e6121c210c

SHA256
751e44effe38ce2f04ebd429f21b9893101ff78efacb36385f3b9ee947295c77

SHA512
73942afd53fd449954d110d08cc6cd07d8e1ee95dd266bde05ad1635698937a04a894031c36baefd52741d5bccd6c8c80365397a6b2dce52f85fc8ef47bc58d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
cd215353e7c7ce090902e988d048efb1

SHA1
9ad126c5aee6d5e8aa4c4f538bc45a5947d3e98e

SHA256
025912aa3f1dc13f25e56631218d84e358a39909932b29eb21df226b342e2244

SHA512
cbb6a9fbf9034c6b41d091ac4fdb0161b0c2d0222dde1bec75049f3246ad7c223fac165549b1261ebe361b798a0cc099d6a6018bc023cfe853dd5ff02d74de50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
173fa66cad59a44fc6ce00bc4872b919

SHA1
aef3fe5a7c7ca6686d36ce14471d608f39d1e008

SHA256
41a367c27d4ef042531fb4d2f9eae44dcc02488aacbd7c7f9905f7a95a99391a

SHA512
7f053de832ef9db2b81c2f865fb18032daf72725fb6fb14cb7d65deefaca86d2cff29f5e0add9574e1d9fe9303610e3227c8ece6f5a24fc5e1111bfca6198587

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
bb41c50e1b5a3dddc6eea4a59ba9088c

SHA1
ed042202eee1e49fbb408b150bccb68757fc5118

SHA256
535e6b0d214ee28939f79a5db9f7e3f935c8a4fdc8b83f14ecc6085636c2bbc1

SHA512
17b2b97bb63c478698df48d91e93838603b0b4adc59fc8507720c3ad3494bdd41c9093b402eda105dce0c8b704aa075c808a9ca7b6a0947dc54c35753890933c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
e423b9e194cacb7733e3201535ec880c

SHA1
a62b5b3822e907fbbc9c908febda7f0f7b502e45

SHA256
9c9064f7720062007dee8c9a073fd8a28d6e63baa1051fb1d2260e1ea0905279

SHA512
5c0e6f706340bf84314af82c699ad806df4f342ee827ddc4120a7b4345f9746dc0a028771def51151d8ab9d032a6aaa7bdcc72353cc312dcef00c8ee15ec0107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
1c0ab095ad71a922425d5f71e5791e37

SHA1
c538392b36e41958698b9e012e9d37b39326b267

SHA256
24bfdc77579776317b5bbc905a5495a1d34b0151dff7b4bd42e55778f298773a

SHA512
58805240f46331c1442edd8d520bb253835ced509ac5202c5174e7d3ce45df7671ce6ac4d1838847abb1200514009eb2281c006209283ce1598c5af56916578f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
5c3cc3c6ae2c1e0b92b502859ce79d0c

SHA1
bde46d0f91ad780ce5cba924f8d9f4c175c5b83d

SHA256
5a48860ad5bdf15d7a241aa16124163ec48adc0f0af758e43561ac07e4f163b2

SHA512
269b79931df92c30741c9a42a013cb24935887272ed8077653f0b6525793da52c5004c70329d8e0e7b2776fc1aba6e32da5dadf237ae42f7398fdf35a930663e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
40KB

MD5
5ce7bdeeea547dc5e395554f1de0b179

SHA1
3dba53fa4da7c828a468d17abc09b265b664078a

SHA256
675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

SHA512
0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
dac6f2db3a527a6bc55168eb3ee8267e

SHA1
61608eba63cde6a0b3ad6c0da45964e8ab1e3132

SHA256
0f43b14b5328b910c9b10eccac8a877fddf83f243c0cc99a5c80c0366f2d2ef6

SHA512
5fdb88dbf11351358ba148ba33d958d68b8f3445581e9cec9613ba7686847fb1f4a87615c802f1c44d8975111ebdb882f831c076dfdc785f31fd439eabe512a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
feaa353f6aab25013068024dd6dd18d3

SHA1
71ad08448269c253fd624238e7aa3347aa70a88a

SHA256
26bf612beed816b479d9ac53f57fbecaa561f80b8c399f262cea150c9ec42064

SHA512
4d8cde1f7a50c0257c1f8843d0a2d077f4c2c1b2c802292fd164e61093bd9722d0b28acc5b7569f370cf0fa8d8b1523e19ef534345f59cb426646ffab30ec9d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3e0871ea6ffe89606b8abe0970c59e86

SHA1
b532b14d9fd7ee64e4bf33b2f4f343506d4b61ab

SHA256
9639e12051f86278d8f64eadd96d6862506f9457ac830dc937b6fe1a29bbc206

SHA512
07a1c18bb7927281b6cad10ec3acd4f461dd4aac42a965f7f54fa161fd022cd6cedb613519ce5894f783fabebe82bc034dbaaa6b41f10a9441325d6297ed4d5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
762eb2b3459012084f8e8298c4f83422

SHA1
f32ad9ab569f0ad8acab21d4f16a3ee22ea7d970

SHA256
843aadab6fd7a4aecbb55d06e26a0d3496c3fd0f10b49897b98d1d7ed4504a32

SHA512
5494dceddc326a5ee1b694fdada89a7a171a752f128cd199a5ef6289a3c1712a9bd305bb82b6edc398891997598aaf9e571109b903404d442cc15f57e2169b8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0ef8edbad57af3786959ce6f0f0d4491

SHA1
7e3460c2147d39700ef23d4d2579b3c664fdd510

SHA256
635cc3bf9b25b4f5e59b298bc47f979725e156a1e8e774b5d563aa1999fcb549

SHA512
245bbd01f383eddd638fa5e28492b2b70ce92d1eb44db53a340e9693ca05d98a43818c4e83b79a1ac003e04e22ea64f112fc2d2064327a5238d3baee6239234d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c0c4c07bcac5a8b69327763fce3cc91

SHA1
55bc2499bc817bd2fdde3b0dca5f7096c38ab65a

SHA256
28ea37f180192035eb7746ff38de886b64251700563d5f1694bb42068d2ae35b

SHA512
7715707d02954308fdff1e70be189c9e4047296ebbfbf9bd2bbfa283119a6fa5c661b543bd13b1d6a754b81d81885a8c5e038b70332afff3bf22d2c31da4714d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ca51eb5e73241bf022b982b6d87c80c5

SHA1
aed49f667ffd1789b68e611e4742b6db0321e4b2

SHA256
9d037c44d8c5e8dcb7067583895defb504bd31c6a3d63fd9bcd1198a24c48105

SHA512
2113b2b3d2f154e95de80a131edb293df96a5b4b83135846e1eb7e63176afd726128ac8ce8cd918a19016d6d55c208db0c53c3d977187b7aa95b9c26dc39a1ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9e87dc65625efbe1aa44852204928194

SHA1
81e2e9bdabc9d95f02f632c0bc0d685750996f3e

SHA256
c762b20122b3b683f54973c0b8c5c89f52247d8eeea326046f4c060c759e04bd

SHA512
fec4c51771b94213a691015893059b76c867f78b2fcd1a845d873d66aa5341363676f75955b3bc79e009e91a0e54dc5df1f1468430a65ef4422b6ba68793f57b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
2f87410b0d834a14ceff69e18946d066

SHA1
f2ec80550202d493db61806693439a57b76634f3

SHA256
5422bc17b852ad463110de0db9b59ffa4219e065d3e2843618d6ebbd14273c65

SHA512
a313702f22450ceff0a1d7f890b0c16cf667dbcd668dbafa6dbecd0791236c0bc68e834d12113cc75352365c2a2b6cfcf30b6ef7c97ea53ed135da50de389db4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
65151b72e36e99591e473cfa52b8d681

SHA1
9912955f25e7f5450b0c277b3a7a230b1e5452a5

SHA256
9a40ed60a2afac3e0b351e4a7e5f62bf01ef476490a321fdd6abe52857b780c6

SHA512
06ae10d81abc24fcde4472cec777a7fa6d0ecccb0dead116417d6143c9392cbb4f53dd60d4458e9ded75605cc537aa1219ff269babfe9c78654ea9ba39c1f559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
64B

MD5
d8b9a260789a22d72263ef3bb119108c

SHA1
376a9bd48726f422679f2cd65003442c0b6f6dd5

SHA256
d69d47e428298f194850d14c3ce375e7926128a0bfb62c1e75940ab206f8fddc

SHA512
550314fab1e363851a7543c989996a440d95f7c9db9695cce5abaad64523f377f48790aa091d66368f50f941179440b1fa94448289ee514d5b5a2f4fe6225e9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bi2e5zzt.3m2.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso36B1.tmp\INetC.dll

Filesize
238KB

MD5
38caa11a462b16538e0a3daeb2fc0eaf

SHA1
c22a190b83f4b6dc0d6a44b98eac1a89a78de55c

SHA256
ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a

SHA512
777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso36B1.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso36B1.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso36B1.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso36B1.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso36B1.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso36B1.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssBFB8.tmp\LangDLL.dll

Filesize
7KB

MD5
20850d4d5416fbfd6a02e8a120f360fc

SHA1
ac34f3a34aaa4a21efd6a32bc93102639170e219

SHA256
860b409b065b747aab2a9937f02d08b6fd7309993b50d8e4b53983c8c2b56b61

SHA512
c8048b9ae0ced72a384c5ab781083a76b96ae08d5c8a5c7797f75a7e54e9cd9192349f185ee88c9cf0514fc8d59e37e01d88b9c8106321c0581659ebe1d1c276

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssBFB8.tmp\System.dll

Filesize
26KB

MD5
4f25d99bf1375fe5e61b037b2616695d

SHA1
958fad0e54df0736ddab28ff6cb93e6ed580c862

SHA256
803931797d95777248dee4f2a563aed51fe931d2dd28faec507c69ed0f26f647

SHA512
96a8446f322cd62377a93d2088c0ce06087da27ef95a391e02c505fb4eb1d00419143d67d89494c2ef6f57ae2fd7f049c86e00858d1b193ec6dde4d0fe0e3130

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Network Persistent State~RFe59098b.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\VLC\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Windows\NvOptimizerLog\chrome_100_percent.pak

Filesize
123KB

MD5
a59ea69d64bf4f748401dc5a46a65854

SHA1
111c4cc792991faf947a33386a5862e3205b0cff

SHA256
f1a935db8236203cbc1dcbb9672d98e0bd2fa514429a3f2f82a26e0eb23a4ff9

SHA512
12a1d953df00b6464ecc132a6e5b9ec3b301c7b3cefe12cbcad27a496d2d218f89e2087dd01d293d37f29391937fcbad937f7d5cf2a6f303539883e2afe3dacd

Download Submit
C:\Windows\NvOptimizerLog\chrome_200_percent.pak

Filesize
183KB

MD5
1985b8fc603db4d83df72cfaeeac7c50

SHA1
5b02363de1c193827062bfa628261b1ec16bd8cf

SHA256
7f9ded50d81c50f9c6ed89591fa621fabbd45cef150c8aabcceb3b7a9de5603b

SHA512
27e90dd18cbce0e27c70b395895ef60a8d2f2f3c3f2ca38f48b7ecf6b0d5e6fefbe88df7e7c98224222b34ff0fbd60268fdec17440f1055535a79002044c955b

Download Submit
C:\Windows\NvOptimizerLog\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Windows\NvOptimizerLog\ffmpeg.dll

Filesize
2.7MB

MD5
5c2e6bcfcffc022cfb7e975ad4ce2ea4

SHA1
8f65334f554b02e206faecd2049d31ef678b321d

SHA256
d068695dc8f873caab1db51c179e9696dda2319fa05c0f2d281f9979e2054fc2

SHA512
b5fe0039e1702375a6e1f4ef7bfb24d0acc42c87d02202a488fccf3d161598549055d2ac0103c95dbbc0e46975aed30259edbfef7ce77d00f1de7c1670c00959

Download Submit
C:\Windows\NvOptimizerLog\icudtl.dat

Filesize
9.9MB

MD5
70499b58dc18e7ee1d7452a1d7a8bc6e

SHA1
41c5382f08c6a88670ce73a20c0dcdb3822f19e9

SHA256
02db39ba465fc8b7a4cd280732760f29911edde87b331bf7cea7677e94d483e0

SHA512
a80939e9809bb7d20f00ad685c94d5c182fa729616c975e605abf09afb58376be73a49fefa35b75ed1a284eccf208af7656c8df44c5959df7eaf51367d232dc6

Download Submit
C:\Windows\NvOptimizerLog\libEGL.dll

Filesize
436KB

MD5
2fe9e551c93156baf537483671ec4ad7

SHA1
08ce2344b2e0a78c2af637f0eae46b948661d5a5

SHA256
f231525ba1ea2522552a722620bced187357d66d945f0cec067c5d858950ea61

SHA512
f93181f1f2268cc380dafef02a93899cb9a19f3287a918bf6ba8eaa69190627d2e2fb0c82b693471e3ca63fbcb07c44212268c1357a5a4cf594a3bd8973eefd2

Download Submit
C:\Windows\NvOptimizerLog\libGLESv2.dll

Filesize
7.5MB

MD5
5967a9234ec54d734b31cfd12cb67faf

SHA1
536840ddb29ead51d43a506fd493b48c436097d6

SHA256
48ec76bac1ff6647096a9532ac21b4a0d7c6c9c24613971aaa201cce452ce4ce

SHA512
cf8e4c3a838b58a568639ab2778800d776e0171dc34e3b82f537adbadceaa3c292240ec7d8561b5a85df3caef6e001a07ac19e280a5bb8b0607f8ba767461479

Download Submit
C:\Windows\NvOptimizerLog\locales\en-US.pak

Filesize
85KB

MD5
6bbeeb72daebc3b0cbd9c39e820c87a9

SHA1
bd9ebec2d3fc03a2b27f128cf2660b33a3344f43

SHA256
ac1cdb4fb4d9fb27a908ed0e24cc9cc2bd885bc3ffba7e08b0b907fd4d1a8c4b

SHA512
66944fb1abcc2a7e08e5fd8a2cee53eb9da57653d7880aea226f25879e26379f7d745ebf62a3518378fa503f3a31b3ea3716f49fe4c7db4f4af0228b81b53a10

Download Submit
C:\Windows\NvOptimizerLog\resources.pak

Filesize
4.9MB

MD5
5507bc28022b806ea7a3c3bc65a1c256

SHA1
9f8d3a56fef7374c46cd3557f73855d585692b54

SHA256
367467609a389b67600628760c26732fc1a25f563f73263bc2c4bf6eec9033df

SHA512
ae698d4feacc3e908981ee44df3a9d76e42a39bf083eaf099442ace2b863f882b43232e26e2c18051ca7aec81dccef5742acc7b82fb0cda2e14086b14d5a9a26

Download Submit
C:\Windows\NvOptimizerLog\resources\app.asar

Filesize
4.6MB

MD5
040a8280b01b5a029e50c5d141d555ad

SHA1
ce103568d6ae6456f1d1d718929b6972c0bad1b4

SHA256
6b6309fe0c4ca9c73626f1435ed3332656d9e6b1e500fb85af0ebf9842813485

SHA512
6706c453509bf718d1870c98a49842743cf2e49d22225a3d33051808a3f1045c7d0c065ecafae75f1bb57b4ef4436aa76774ff6553fddf3739bc47d2e9400ce8

Download Submit
C:\Windows\NvOptimizerLog\resources\app.asar.unpacked\node_modules\electron-sudo\src\bin\libgksu2.so.0

Filesize
68KB

MD5
6dbc4226a62a578b815c4d4be3eda0d7

SHA1
eb23f90635a8366c5c992043ccf2dfb817cf6512

SHA256
0eb70bd4b911c9af7c1c78018742cadb0c5f9b6d394005eaeaa733da4b5766e5

SHA512
3a2836f712ad7048dbeb5b6eec8e163652f97bea521eafcff5c598cbedf062baefaa7079d3a614470ef99ec954dac518224cb3515ca14757721f96412443c7c4

Download Submit
C:\Windows\NvOptimizerLog\resources\regedit\vbs\ArchitectureAgnosticRegistry.vbs

Filesize
2KB

MD5
310a042dca2144c9cda556e9bc4b0c02

SHA1
d2032af7eea0dbd027a36e577567e85486496949

SHA256
caa82e59ca92629057791cb1e0ba0b74c90f561fac81b029033fc081a83431b0

SHA512
843d9f6f300caba8df41511473c43f4d5029fa0012e593677c83f196c8d595194d1409069fb4b8616e0118f37ba943bbe656b29de40f0ad70997ab610fd98db8

Download Submit
C:\Windows\NvOptimizerLog\resources\regedit\vbs\regList.wsf

Filesize
985B

MD5
cae7db4194de43346121a463596e4f4f

SHA1
f72843fa7e2a8d75616787b49f77b4380367ff26

SHA256
b65c5af7dbeb43c62f6a5528af6db3cb1ca2a71735a8e7a1451796f834e355c2

SHA512
ccee660cc4878301c743d3ebde4557dc180d8b6f77c97de5e36c95f6e4d2446ef7be28ebc787fdea2f2d817890ac7bdb713196c755a51677dc127cce77670026

Download Submit
C:\Windows\NvOptimizerLog\resources\regedit\vbs\regUtil.vbs

Filesize
7KB

MD5
77e85aa761f75466e78ce420fdf67a31

SHA1
4470bd4d215d7682828cbc5f7f64993c078b2caa

SHA256
350dea3d6c8e65372f8d12a5fd92a3a46a7519610c69564e8185a2ed66b00d59

SHA512
50af664777545ced78c34a6ea35dae542fdb85b8b307a4a4a95db25a808a695d3fe8840edb36325279c2381fbae071f6b509f7491185cef2f42afcb7672cfd13

Download Submit
C:\Windows\NvOptimizerLog\resources\regedit\vbs\util.vbs

Filesize
4KB

MD5
e2be267c02d51df566fa726fc8aa075a

SHA1
c9b9ae17f36e23d5d3cbbf2d6f17a954bfa87d24

SHA256
b2efd5e0c2f695063a8bce40c8182aa70f33c4b1b77d232b7530d89fb9646f0c

SHA512
b6f80622a9f61f636f7786d91a1b9e06a64602f0898425e90a1a696d0a4855c8c08cbd6e6b98b9a3a1a24de354b26260247953b5273f7d57ea87294b4b142e8a

Download Submit
C:\Windows\NvOptimizerLog\resources\vlc\installer.exe

Filesize
42.4MB

MD5
14becb7840eb1d3d46071d2ee65c7be8

SHA1
ff6e6f9359127f836a03dfc2b8bc9ba651c627c4

SHA256
9737843c119905be767de5e94e398be1eb145b0cc6a5a02f057d4022b80da4d8

SHA512
717289d3b514f4daa6b1cf97705c876bbe89fa215084ba8e1abeef3770e0a620d04127ef8de1f2d89477e1fab355526ed584ed3f9c7ecaf0c7d24a9bceee8248

Download Submit
C:\Windows\NvOptimizerLog\v8_context_snapshot.bin

Filesize
160KB

MD5
b64c1fc7d75234994012c86dc5af10a6

SHA1
d0d562b5735d28381d59d0d86078ff6b493a678e

SHA256
31c3aa5645b5487bf484fd910379003786523f3063e946ef9b50d257d0ee5790

SHA512
6218fcb74ef715030a2dd718c87b32f41e976dd4ce459c54a45341ee0f5ca5c927ad507d3afcffe7298b989e969885ed7fb72030ea59387609e8bd5c4b8eb60a

Download Submit
memory/2808-1045-0x0000000074380000-0x000000007438B000-memory.dmp

Filesize
44KB

Download
memory/2808-566-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/2808-1086-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/2808-1089-0x0000000073D30000-0x0000000073D3C000-memory.dmp

Filesize
48KB

Download
memory/2808-1041-0x0000000074380000-0x000000007438B000-memory.dmp

Filesize
44KB

Download
memory/2808-1039-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/2808-1043-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/2808-568-0x0000000074380000-0x0000000074389000-memory.dmp

Filesize
36KB

Download
memory/2808-567-0x0000000074390000-0x000000007439E000-memory.dmp

Filesize
56KB

Download
memory/4824-412-0x00007FF95C3B0000-0x00007FF95C3B1000-memory.dmp

Filesize
4KB

Download
memory/4824-756-0x00000166C8F40000-0x00000166C9CE5000-memory.dmp

Filesize
13.6MB

Download
memory/4824-1085-0x00000166C8F40000-0x00000166C9CE5000-memory.dmp

Filesize
13.6MB

Download
memory/4824-565-0x00000166C8F40000-0x00000166C9CE5000-memory.dmp

Filesize
13.6MB

Download
memory/5676-492-0x000001FCF2910000-0x000001FCF2986000-memory.dmp

Filesize
472KB

Download
memory/5676-500-0x000001FCF2600000-0x000001FCF2624000-memory.dmp

Filesize
144KB

Download
memory/5676-499-0x000001FCF2600000-0x000001FCF262A000-memory.dmp

Filesize
168KB

Download
memory/5676-490-0x000001FCF2460000-0x000001FCF2482000-memory.dmp

Filesize
136KB

Download
memory/5676-491-0x000001FCF2840000-0x000001FCF2884000-memory.dmp

Filesize
272KB

Download