hxxps://www[.]nvidia[.]com/en-au/geforce/geforce-experience/download/

Resubmissions

14-11-2024 23:22

241114-3cks1syldm 8

14-11-2024 11:35

241114-nqg7qayekf 10

Analysis

max time kernel
92s
max time network
99s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
14-11-2024 23:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.nvidia.com/en-au/geforce/geforce-experience/download/

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
4224	GeForce_Experience_v3.28.0.417.exe
3704	setup.exe

Loads dropped DLL 17 IoCs

pid	Process
3704	setup.exe
3704	setup.exe
3704	setup.exe
3704	setup.exe
3704	setup.exe
3704	setup.exe
3704	setup.exe
3704	setup.exe
3704	setup.exe
3704	setup.exe
3704	setup.exe
3704	setup.exe
3704	setup.exe
3704	setup.exe
3704	setup.exe
3704	setup.exe
1756	RunDll32.EXE

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\restartlater_btn_pressed.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\secondary_btn_focused.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\min.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\json2.js	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\040c.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\041d.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0409.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0419.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0424.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\restartnow_btn_focused.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\GFExperience\EULA.txt	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0407.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0415.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\restartlater_btn_enabled.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{C62B0B44-1D65-414B-86E7-341E0998D5AC}\NVI2UI.dll	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{C62B0B44-1D65-414B-86E7-341E0998D5AC}\NVPrxy64.dll	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0000.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0412.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0422.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\close_pressed.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\frame_divider_bar.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\uninstall_btn_enabled.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\uninstall_btn_hover.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\040e.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0412.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\041f.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\setup.cfg	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0405.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0410.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\080a.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\Installer_ELA_Splash_bg2a.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\DynamicBillboardPresentations.cfg	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\min_pressed.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\041b.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\040a.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\restartnow_btn_pressed.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\041b.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0816.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0410.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0414.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\close.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\installer_bg2.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\primary_btn_enabled.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\primary_btn_pressed.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\theme.cfg	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0415.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{C62B0B44-1D65-414B-86E7-341E0998D5AC}\NvInstallerUtil.dll	setup.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\DynamicBillboardPresentations.cfg	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\040a.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\primary_btn_hover.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\secondary_btn_enabled.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0409.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0419.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0424.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0405.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0416.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\GFExperience\PrivacyPolicy\PrivacyPolicy_en-US.htm	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\uninstall_btn_pressed.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0809.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\installer_bg1.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\040b.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\primary_btn_focused.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0407.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0413.ui.forms	setup.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\GeForce_Experience_v3.28.0.417.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GeForce_Experience_v3.28.0.417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RunDll32.EXE

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	setup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	setup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	setup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	setup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 57438.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\GeForce_Experience_v3.28.0.417.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
3144	msedge.exe
3144	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1548	identity_helper.exe
1548	identity_helper.exe
2040	msedge.exe
2040	msedge.exe
1028	msedge.exe
1028	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3704	setup.exe
Token: SeDebugPrivilege	3704	setup.exe
Token: SeDebugPrivilege	1756	RunDll32.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4224	GeForce_Experience_v3.28.0.417.exe
3704	setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 2872	1404	msedge.exe	79
PID 1404 wrote to memory of 2872	1404	msedge.exe	79
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 4560	1404	msedge.exe	80
PID 1404 wrote to memory of 3144	1404	msedge.exe	81
PID 1404 wrote to memory of 3144	1404	msedge.exe	81
PID 1404 wrote to memory of 2932	1404	msedge.exe	82
PID 1404 wrote to memory of 2932	1404	msedge.exe	82
PID 1404 wrote to memory of 2932	1404	msedge.exe	82
PID 1404 wrote to memory of 2932	1404	msedge.exe	82
PID 1404 wrote to memory of 2932	1404	msedge.exe	82
PID 1404 wrote to memory of 2932	1404	msedge.exe	82
PID 1404 wrote to memory of 2932	1404	msedge.exe	82
PID 1404 wrote to memory of 2932	1404	msedge.exe	82
PID 1404 wrote to memory of 2932	1404	msedge.exe	82
PID 1404 wrote to memory of 2932	1404	msedge.exe	82
PID 1404 wrote to memory of 2932	1404	msedge.exe	82
PID 1404 wrote to memory of 2932	1404	msedge.exe	82
PID 1404 wrote to memory of 2932	1404	msedge.exe	82
PID 1404 wrote to memory of 2932	1404	msedge.exe	82
PID 1404 wrote to memory of 2932	1404	msedge.exe	82
PID 1404 wrote to memory of 2932	1404	msedge.exe	82
PID 1404 wrote to memory of 2932	1404	msedge.exe	82
PID 1404 wrote to memory of 2932	1404	msedge.exe	82
PID 1404 wrote to memory of 2932	1404	msedge.exe	82
PID 1404 wrote to memory of 2932	1404	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.nvidia.com/en-au/geforce/geforce-experience/download/
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff82c083cb8,0x7ff82c083cc8,0x7ff82c083cd8
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1028
- C:\Users\Admin\Downloads\GeForce_Experience_v3.28.0.417.exe
  "C:\Users\Admin\Downloads\GeForce_Experience_v3.28.0.417.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4224
- - C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Checks SCSI registry key(s)
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:3704
  - - C:\Windows\SysWOW64\RunDll32.EXE
      C:\Windows\SysWOW64\RunDll32.EXE C:\Users\Admin\AppData\Local\Temp\NVI2_29.DLL,DeferredDelete {FC3B99C2-A7F1-472D-BB49-D146CF2C1FAB} 3704 C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of AdjustPrivilegeToken
      PID:1756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{C62B0B44-1D65-414B-86E7-341E0998D5AC}\NVI2UI.dll

Filesize
1.9MB

MD5
8573f64ff65810e83822d1bc62deeeef

SHA1
bb880e087c784698937ef683e12f72735c7aa88e

SHA256
713daea7f59e8dbb2952d35ad29e38d6cdcca6dfa2fb83d797304ffdc4fc08d6

SHA512
b920b6b70e39b464112ed55f4e8355bf342a2954719393ca2569c8363919e4d472d34af2013207ab9eb3e440a404b7b2ba4ec254e3f2c115e95f638c56d47140

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\GFExperience\FunctionalConsent_en-US.txt

Filesize
554B

MD5
e80ea621e18ecbd92e30de029088954f

SHA1
3ef8b6f8db4a2847955ca94eceabce917324d2f3

SHA256
68797508848a6d0d2b8ec5fb887c43d7a22daf63e3ab4ba3e9659368538e151e

SHA512
7a649f071bf78eb348ade431f365b5a96fb59bd85863d2942088855f08afc30469ab63289914c5d4d89d1115f1e93dc9461fd0bc8eec103826a0dd196f8e320a

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\secondary_btn_enabled.png

Filesize
15KB

MD5
63674adabbc82d7b1f79f06f6fc790f6

SHA1
2d12cb48459f52d6f981ed9b264db63f237c3d10

SHA256
0827749e22907f0f732d2fcc4f3b73ce73986d61704c8cac1f6c737acc4b6aba

SHA512
7e625f7f7ae3119370dd61e82bf89fef5111e037f653652328b39b6798a5c71c8250978de6859982f4988c4ebd8b31b546740f079a03a6edf7f79692b64fecf2

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\secondary_btn_hover.png

Filesize
1KB

MD5
00e9167f523be89ac9fcaea7612c6bb8

SHA1
0484077c6775be036d49ccdd5f0e1fb2bce35739

SHA256
0516f8ca19e93589852dd6419ac8981a3029f6fe33b93bafc43113deb23150cc

SHA512
3a8708a720a1aeb28a13485ed6b44037d517dbea9781e2b5571614f37d69f953559c63c158c376f4d39d29ea66098454512f5954f256e74a20fb045a5089c595

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DC1FDD81FD13E32279FA4275E870FD3E

Filesize
727B

MD5
921bb3b7e9fa7b158e6c22f01e6a8a37

SHA1
0d881bc0894877042d2c77ce5b23b755e217d48d

SHA256
24347e87b3f8cf8094a139f94d47b6948c0c564c5ac3d31fd085b1e62ee49b34

SHA512
ee1b58a0e7526c24756a611d4d19cc07857919fc297221c7e3779353269d93efd5b1a4879551e40c93b921175e7dd8018746f6bbbe99842dc346ebfe40089c9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
77f270824d9008ba0b68424f22d14960

SHA1
ed8b78580f07ccd356d359c3765927a7f136d990

SHA256
10f7d180026ec98a6c026ab0144feb472f62c048f6cddf44271c412837d2921a

SHA512
065930aea875236aef58d8190275f0fdc5eb52843c5d42dbec094f3496aeebaaebdefdb250f25934c620df7a433aca56a65a5104206a5cc3f29e6c89a6a03a7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DC1FDD81FD13E32279FA4275E870FD3E

Filesize
408B

MD5
1498dfafdf3116f7214b6709616b5770

SHA1
ca0c0a07fbb3c5bab004e16d6a92d759dad81a3f

SHA256
7d879aea404f9c1c2eae361017d816c6cec320aecb3f2ad9357e28e4b52cfdec

SHA512
9ac215c2ca088cb6ab06271dbacaa558f740df4cc8b1fbfa43f18b428f2639709cedaa6d7ba07906e2602b75117f366720988ac2c57136cfed58c8d9d5a311da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
2a058c1fa0a216c419569887990f5b0e

SHA1
6072615b614d6ccada2e5150153cd397827ad567

SHA256
cb6efc485676a2ed4c6e3e6935e46c62b945c297474cec89f4af63d7a90d7e9f

SHA512
d7dd82a6c9bd7ce06901cb87dcc4ab5eab5c8a8beaf41fa9b6dddab9f7726274605f5605e9b301e044052db34cea6be39cdd27fbe6bee43c1546a986652e95f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
97799f84dc663702375e04075d43a7f0

SHA1
640f6cd738c9853d44c750d288af990f74ab60cd

SHA256
10d2bb9f75bbd2b842802332ad99eddb2e42a3e2f788c0a58a685516dadcd63f

SHA512
e59a5680fcca3bccf4e71633d81ac87fe2ac2fc2fb8f742130eabdd6aad80d2bd7350ec6e9e31b8e4e6e9bf41d44cd0dd18324ff13ab16999e14dcbddd747db5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
084bebcb275f2839f0e4279c5bbb59ae

SHA1
bb8ddf03c2ac1689c8709cae48f553fc5e154852

SHA256
7334e8d95d5c7abe6f0eaf29cfe188a0e65ac88b2d230819bbb07c5bbbba07da

SHA512
dc2088066b3288ace9c2b11badc1dbdd6d13032710146b352d67762f3c19846d262be935d4b27ea36e619cbd4fd7499bb3916176c4d245fb53b692e518eb08a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b7b326a36861bb7d0781509bd9af6877

SHA1
48a7305a97a00275d3a347f98edd0d66618cbf4d

SHA256
be82771a0765a1860680aefe0a5b6e98278a5b094b63615d3f1a2138ec30f688

SHA512
8095e5491784e1f9e4d307bc3d25a91ac2dde7d6feb14ffe96c8fa99fa80581c4e69850e604122cadc8cd0cbf43a4d9ca29e734cb0388e8c4acf68e8ac4677be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
951b1ceb3fa81a0529bf5cf4868fa736

SHA1
59540331ae28d3d7ec3b36a9ba3596eacdaa0238

SHA256
2aa391ba273029a25fa9ac9718a5cf287cc4f8ecd176b54d7cdc767c0b054921

SHA512
580f82a04ec2dabecca86ed9f8d7f10bd788ee3f9143c01a865a7e06660f537127da17124bd78f05519156b711c0f74a07094440d57cf4cb6775ccd001f9425f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
81d5b9b10a874d17215667d7fc2a7769

SHA1
419487773f2d85be406b02275ba3815e501d2b91

SHA256
4b7aef4c99f7579f2d23416ca7a043a5d89f9cbf6503f9aca41b8fc1b6450c53

SHA512
75ec380d422e845e6aa3bfa848a352284760052eadec2fd868e9cceff7724140b0e0d1e781a8dfff78b7c91c88199c653c0b2d0a50a2480344d0d1a0a77e3d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582769.TMP

Filesize
48B

MD5
61e28b94eeea1cfbc92ebc15e2f22220

SHA1
377a36c176783bca5130e74ab7c2ae70afedbe96

SHA256
a8f5c13f241fec07a270b32e7d2b59aad24172d03c25ed6a213eb5b9bc55aa74

SHA512
c810a30f07b6e354389eaa008f1ac095f5f80a64aeba145572911ee65d9c9e2da42de4880174cfee4eb655be9860ab2d8b7a7b9387fefb21cb3449b19130e709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7dc18e113212d689ecda97d8511a5ba7

SHA1
f6f8d94cd66b04799c3deb5c0ae64f442550beb8

SHA256
e7486b560d0c98afe3a5a93bc28877feedcf59fc738623883162aad2ddff7850

SHA512
efb1b58ee08b188628b95865882970096d5c6da784125030b2f99a72574cd6afd8fab6f9efc2bd119fc506dc81f898b2d98dc217183454ab876a506f06f760ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587700.TMP

Filesize
1KB

MD5
d18d45d088ecba6bcbceebef401d44dc

SHA1
2c6d32b928c13695c2369b5236ccd72bff4208a0

SHA256
43b7f4ee5a69654bc20f127a29fc3dbd752649f1f83e43ab29c122c5f59f0596

SHA512
2e08571053418d8e9d137e6f3c514abe9e1424e08241246a1a8cfd2f61860bbbeed105c2f33798ac850c67f90766d023a840f2fdb7340f963ace4137214d8ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ca94e9ea-ec22-4c3d-ab1a-7d3a9328d754.tmp

Filesize
5KB

MD5
994b294f07377cba084a8d3d5f9e144b

SHA1
06d3855d97dd4a1ff122ed4d6569964d9a986481

SHA256
be5f42124580a271f82bc35baa467a512619801a013b2cd7bb2df15ec50ba343

SHA512
02233baa76f6cb72fd65c38edc1341bfb112bd95b069b6e31f2849c5b892a4e184c33a58a807f17206c4476f4ef8b08d6cb563106391658edd0d3dfbda2e2277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1e5d12505390fca534937afc040b4f0d

SHA1
3d3a0273fec1576ea8011988241ef2ed91ae9b29

SHA256
5e8f8dbd44b1b2c898b2632c99957a1ad06bc70b8ef35b19f5c24f284c825c25

SHA512
63e3699fbd549adfbbd4dcdecae20b9c9ca5ba24d60f44db16228dad4c8aa97556ab622b7bbf01a9a7545e84d9f6c89e3c71231cd31bb381aece69d65eb9d2e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
371f00662ca1b4683de23aba69415daf

SHA1
4e472b15af1cccf6e6394d0c9bd24e55112f5a38

SHA256
30eae99851489f25a19f50de37310b226debe7d0cec8c11cf2962f7a62a7f55f

SHA512
a0f219a8495d81997a27fb1fdbe1478760a63df771ff1cfd208bbfb00ab5e94d11c9304168b7c4b052e3e0626aeb11567cf35587aeaf7502f4a007ccd91ceff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a8e196ed320d947a9d2e01a73f6ac1ba

SHA1
8bdac3bb4431da4de1a06211d921857db7aaf903

SHA256
b2374f6aada281fef4236ee63831d8474275dc488ed4a63e1f593d611cf3ce66

SHA512
cbcfdaec6b44ed788f5e2b35c562f1577c3e205ad4f8947d2df2f378ac772a713a3c1fd74c30b092792ea52ec1b511d6d6c2a580af7238b113af7ee9c1c76d62

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\FrameViewSDK\SDK\Private_Debug\FvSDK.h

Filesize
31KB

MD5
9c940cd0757452c460d0aeb3c2ec4565

SHA1
e8d5f1fad7c885b57230ed0add3f419328a0a807

SHA256
c10f10e64cad3d94cd771c0e4654664a1bd7fbf0bf7fc44a94e1e548fba8589d

SHA512
9d0a1277c10f1694f5f4d4ec2e961c35fa92aacc681b7e0e2cdc6c991af58fd9d2f14eb564d43414c523c1ef233b37d86b97ff15b5f52f7d3f0fc35cbc5683d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\FrameViewSDK\SDK\Private_Debug\FvSDK_x64.pdb

Filesize
4.4MB

MD5
207cf3c7b9cc61d67a3d87fe27067cc0

SHA1
aeae841e0d4f1d5b7a980812828fc186c564607c

SHA256
a391ce11ee2667e701014212f9b02a69e5ad4bed50c4b184164e5aeb64b8dcf8

SHA512
4da274709cfa98932764968780b28708243a5d404ef57125a54fc1b231733ab2fd7cbf96d560dbc42a0aaa7af0bb777cc72b401a92550dca8ba33867f5a424da

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\FrameViewSDK\SDK\Private_Debug\FvSDK_x86.pdb

Filesize
4.3MB

MD5
a49a0fc4671c4da86a25a6ab23e49f6e

SHA1
2876da1ef800b834c793c88a07cde1840d344767

SHA256
255f531439ae0826a1a5aadea1cc5f1c09fd4d79d098815ff7e276531c535f8f

SHA512
217808a9c5aac0f08303250aa59cfe801933fba97ac58e8dc4185dd866ab6f1c9a570a34549ed8fa33f1711fb937281a76b711f452564576c4f43ad640462a05

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\FrameViewSDK\SDK\Private_Release\FvSDK_x64.pdb

Filesize
2.0MB

MD5
3a3983769932ab1f67a878e78a9d163b

SHA1
843d10d56dbf5447a2267cfde2e073f7200964aa

SHA256
efee05283211637c81ec18b060a2f7c65147bffcbcc0a819831e9b5abc01ac4a

SHA512
122808c20b823b9c4bdb1f8e91dd6da83a7461f59a93499bc7f69466b62d7e8ef6f7047443b9749798915511a656742f16706922df034350483e0e646adc47e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\FrameViewSDK\SDK\Private_Release\FvSDK_x86.pdb

Filesize
2.0MB

MD5
0cffdbd3724e7f8602d1dcb4453acf6c

SHA1
1b6d2d0fd50007de6a38fae060e7d7372209a3c1

SHA256
b1e13d492bf614d253dcb9bddc15fe24f1e441b5bf05e1a6f366f0024dd49bcb

SHA512
69e68c367822f3ba9b150a7b1bd59ec9c5e85bd0e350916ba65b5155b1f6232fa5d732e2ad0e62bbd1e72aa33453c1501c6cb233074c83de25e80455f24be7f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\FrameViewSDK\SDK\Public_Debug\FvSDK.h

Filesize
23KB

MD5
7fe2ec77049357ffad14eaf8abd437df

SHA1
8514dd3a6bd0a38ef9b1cc70b801553ae88105cf

SHA256
3533e4624d8e78b7f928caf75d3168d8001ba4d43da9799b9b4c914398ca88db

SHA512
95bce5879c6e067deae17d6251f15dda3b930af49d54c19bfb742cb2c06cd8f03cef81b6a403ddeffd7fbca6c5539b85e5f1805d9e673cc47dd9951e89bb57f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience.NvStreamSrv\amd64\server\steam_appid.txt

Filesize
6B

MD5
9dc952af111a394709621878f61ee0e4

SHA1
51208326f336f2f385854b155cacfa7db382e3f6

SHA256
bb663ac530c6c35408549e04bdde97dd02e1b992dfcfb8931b8f0fab093eb01a

SHA512
cef375f95fdd20464ed4d1ab37afedd6f3b5fa237e0758114328975ea0d02e3a73132741e46c680e226e12e7e7fb774fec5bf0eceab36948e7595a63346aefe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\EULA.txt

Filesize
14KB

MD5
26f0afd7a3843521a432540013e06b92

SHA1
c1537ef4d740e1e3862fa1d87dc4a4b46dbd4f68

SHA256
0bd7a95de056fba436c333ef8df870c37f7ef04229c73cf62eaf67a662035fb3

SHA512
3052b5437e90d293b9dd949d6ed10c28284d99d1dff5be1da9710b84386cdab667d93a13ece9e20af2c3829ea9842806cb2387750702e021d4e8b88830a66b51

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\PrivacyPolicy\PrivacyPolicy_en-US.htm

Filesize
164KB

MD5
c5828bae57eceb2b67d4e02baad1b553

SHA1
baf245981722964d2cd560e9e95b5b56e636f490

SHA256
707aa636d174b7d4056baabc134b073d0b792ac1bec447559e3c323afdc68429

SHA512
22ce68b01a7287b0d77ce329c3727c4ec46b8fa3d0805c3e785b5034bdeff2af3c4efeaf1afc3725ff7c952d39fc5c633e4552942003636f6ea47c6dc1d693e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\PrivacyPolicy\PrivacyPolicy_pt-BR.htm

Filesize
164KB

MD5
3e7b3e08433904539b279bb4dabb155a

SHA1
ac85c924dc03881895a7874f5f374705c9c15495

SHA256
b1b5e429046a19988fcd84296ef6cb92bcb8f1d1e09193a51a9a2bfa133c8e6b

SHA512
cca771c8a2957ee802a2c7d6b8a93b9a28a0e7aceff2e34e50a9287e1f8f0a79d24f79bb48a458e6f6772c6132645eedc08582191fa5855df0480c9fe6d0ee8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\data\configs\OverClocking.json

Filesize
192B

MD5
c84c8de82a29c5ba589c10dc63180d28

SHA1
24f57e28fbb9cdbc3b88f049aa7a08f6ad425dfd

SHA256
5cf578ceeb96b03fb5970440a1dcb6d81e71ea71819d3834fd0d6c4246491f00

SHA512
b5a80e81e3683b5667730ad226acdae1d7309f0b58b9c2f0f32f0bcbd0f65a13feba3efe20df20358f8dedd621d76d536c06ba403a38b08e1df14942723badfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\osc\wm_off.svg

Filesize
1KB

MD5
d519afb343fe93a00a7988744e66f3cf

SHA1
cf423cec31c952a5b316bb5f59a4fee4953cf92a

SHA256
6e9005614ba9f7913550e56166eab66bbcd192521ac64cfcb53efa29b6f6994d

SHA512
df198d85a2a52ed554d28e9bd254396f1cf19cf341aee68be6bc43bc049f1298f47b96698e28bc7a48d487ac79218deb28e33c15eee15fc70c1c8f02838965d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\osc\wm_on.svg

Filesize
1KB

MD5
6651caef9950b720310186155508c746

SHA1
3db8b9214d51e04e4b2877f4d9a93ef43378c791

SHA256
d1f1de2bc50f3b16c32cc385dcb7704ee773d01c146c96ce104b3935be6ec0ca

SHA512
bf5941a4333427d60f4240b6213c8cb309e948419759cfd607ac2756f589d13411962122eac4d134d89946898072c19661275d92c4c3818094c641c38b80e600

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\www\l10n\friends\en-GB.json

Filesize
1KB

MD5
6aeaf4074175998af56ab41703887ddf

SHA1
d75bd9419f54bdc2848bbcf13b2c9988fbb23538

SHA256
384da424c001beaf39e830f3a32ac1c2679dcd7180af699a7b4eab8d50256324

SHA512
37c7006107a00fd23160142bb4e91c576a3b12df652ed2904a26634a976de20c54b1953edf8cb65cedf8b6807c28d647ff34a4ba4a3394569301ae3b6c6d4594

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\www\l10n\gallery\en-GB.json

Filesize
288B

MD5
052a01624414c50764a073250c229aaf

SHA1
cb688e592361cec76b153feb21752e424365a7f1

SHA256
b27d4812afafe6486744541e9507cd2a7b5fa2e555f0ae0c182f9a55acf9ce9e

SHA512
934f270a97cc80da912a0405b11c548a66039f3d71cca25dfec826252f9319cdf30c6135177a8c4ea95dfecc886f3c41969f402b9880dce31a4a87f99ddc2f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\www\l10n\gfn\en-GB.json

Filesize
319B

MD5
1b58466d8277a8995919792cf1aeae0a

SHA1
20878c202fcf1fd8521a28185364bcef5416dbc7

SHA256
4761d8beeec64836e9228839e4733b75e5b81b5f8317f3c0ec878888def24dc3

SHA512
d2ad29517606ce0019acd02d038f879fc4c889e12e28140f61ac480e81a0c08e545736ca7e30ec2cbdbd8bf1d58dfea529e588dc423243e0062cdb560f912761

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\www\l10n\settings\en-GB.json

Filesize
124B

MD5
a6f257aa67c1f69e78d6c3cfea1eb7f1

SHA1
b1de507f66d00698060b4dd7f90a2f3ae61eff13

SHA256
2671bf7cfe5c8ad730a0d5802c3df59c3686044b21257e627ef92c0bdb56888d

SHA512
54854b42e14f51b56e87dafbba0bb7ddacb1f90f54ae7e083967f84492820c4cf461be3096ee4acf1757c91bf35809474924e3a69450a57a88160c55edef4bbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0000.ui.forms

Filesize
60KB

MD5
8bd78d4a249f4f50a16d3d126ecc1a06

SHA1
e2cd578565d0e2260a0864f085758cdcbbd6cae2

SHA256
e9196614efd22409b33eab4dfdb53a7ff72ca8e14aeafd1bb81c0ef78ccc33d2

SHA512
20755171f77a5efb1fe23bd06740449fe725518b09add9b02cf35892b033fb180cbcc521538a6841600dd7ff5b88a7de2d9be283eade1417434eef196818e706

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0000.ui.strings

Filesize
1KB

MD5
40daaf261dbe301aa4e72a994e524b10

SHA1
e366ca1aa25c3cbafd54a6bdb344ba48e651d5e2

SHA256
cc29f5ccbc467a4c0d88560f01d07ba5337e3560259b87ebc75e1859752f6b30

SHA512
af67cb52df6c06c81b1c656e6a2f6d4c993569bfbcec1930563ada54443db19d6574b1236f9b37c4e5cf9ff143689411bd7f6f786eecf8afc906bc729fcac66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0404.ui.forms

Filesize
5KB

MD5
f19b05d0b03ff5e15b3d452f1e1b7fc2

SHA1
f99dbf38b7e9ddee61b1f518cad3fb16313e4473

SHA256
b01ef781c96e3f50a45a3547c45d1837bf59adb86c27e328c1e654fa19ec2daf

SHA512
ebcbf848d83b1456696abb26c343aec43c8d2063eab078e4793e87ee5ffdd9163acbf2df0e497a8e5d7e946ac65c4eaca12f5638c15f49856f0c09b2e055c906

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0404.ui.strings

Filesize
10KB

MD5
95f6407c629b427b5fa269005b7fd396

SHA1
ba761001e18b6aad1b20772c347828378cc8aeca

SHA256
deca360f2e38bbed0d63203d040b4434a99999be4c29ff1d5903ca5b21220319

SHA512
8615595a667a6f159dc15597e182dbed156a5831e76bc25aa551f0240e5b13758b40f2da4dcd6bbbfc3ef4f108e0feb357bebc0438d7b0472ec8af88d36fdfc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0405.ui.forms

Filesize
5KB

MD5
eb0026ac03b9b0b1d8dbd42ba261300e

SHA1
3e45d731046a507986da45f89b576b2b664e6413

SHA256
36ebc97d7dcd1edbb6de89cd4aba6375e9c1cc9b940239a68de825307a1f2599

SHA512
b358cfaca27e1d393cb4877d1f6597f5fc0c0cd7ddc41899207e2fd590742fcfcef8832b1afcfbad76fdb794e8c9b0b868631ff4503b32e70b329fe2bf1f257a

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0406.ui.forms

Filesize
5KB

MD5
dba64e3cd8775660e9c57b7164b9721c

SHA1
35dbb5b239d3a6cb438ecbada0301ed456ff4bef

SHA256
fad9bb64495ab479fc6db7a0b94f8535fa07d62615f9170b8aea4914d7950e3c

SHA512
da07be3babd74207fb6ec453424792220cd9c8cd423f6e56c879a85d172415efe53d20d4b6e8d758f2a5b696bedd7ac5d01579958c05c5b7b48276062e81b4bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0407.ui.forms

Filesize
5KB

MD5
225a52850bec8d8116d7e3bc63c0f125

SHA1
160d5e13da644d9c0719dfa45486b47bc49bb8d5

SHA256
917d491b008d0c2c7e46ee47e8862cd8a6b2a6a85545773aafab168e45e63138

SHA512
0a41c91e16d36895ec3902d64dd9a221e505675b4346b978c4bea89310c9c5c5d4dbaca97f5a9dfa59ab7312e9f090bb31ded20eb95676780b7cdc823789b106

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0408.ui.forms

Filesize
5KB

MD5
0b4526aba732f7adc94988e3958688f8

SHA1
bc6152e96c25fc705c93cd58edc447cbc9f11646

SHA256
9a0c91051e16b75a630a76b39c04d4dacb07ed00522e67502271ef378ee43d97

SHA512
500792a8e1b2f945789d1313966c19585d0de96bddc43927778b3b4a82f1b421afeaa9dd369895f30491ff1c91ad9ac47b942a325a28f97974d79e5d7e47ec98

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0409.ui.forms

Filesize
5KB

MD5
250cf87647de675423d2b414b8dc846f

SHA1
5ca9e6920b0757a1c6c2fb070c42b1bd4b34ae0f

SHA256
a2b3a2f20cc164ee22e9a0ce4fbfaac8db288bde8efa5c3c8ca567be63bc0782

SHA512
f46f785ff4be2249a5094c8e8d46d72f1d850674e6a66abeba50748302079e7c1f58948d63c7bf4954dbc53c545823ad3ba33ec2e1c0f24974775df18bbcafe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\040a.ui.forms

Filesize
5KB

MD5
dbaba2d9738a8082bb14ed49d3457c27

SHA1
3c5c72dac5002302a68b014ce883ea4212efc3c3

SHA256
60467876c5aa7251d5ff2213c0666cc9e98f4680364f9aa1328dc861a173373b

SHA512
e63de26dd77ea309b88472379ba090a0d125959a67c674b1e3235434ec7f35d93cf5558ed525a8aeed106782135d39b6ce3c3d74f461fd598161df5a70e083c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\040b.ui.forms

Filesize
5KB

MD5
d09be4479fc55ef8ef9e5d06c1923ac1

SHA1
f69e0108bba8ab99903fa709faec33c89d7ee983

SHA256
a6e40eef7e43546e98798c142cb55df1158a5fa0678274174a74e1dc6e2a51ef

SHA512
e640c93fabfa4ba64069f1fa7d034edcf568d514b31af346803f260578f3f992954c2289363d033b888061e67ff0b66a89710c8cb10b3d083e9aca7f5589476a

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\040c.ui.forms

Filesize
5KB

MD5
531ba8817b5cee98021f856e91548b4b

SHA1
549177d0b7a57b5356b6bc717def28a0a122db7f

SHA256
44ca9ec4a300ce5e623af6e75060b467876eff5e190ad2bb67e9cc580c94c639

SHA512
519fd13a367f70d40d9ffec0391cfd8ee9acbc22731cfad06c66782c2c36524c77233f0f3e4b1bfaa24754c3a4a4aa78d03fd35c81ac8291b9bbfaeca6dc4d86

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\040e.ui.forms

Filesize
5KB

MD5
63d190e0428028c156d9e3afb86acaa3

SHA1
bfc715bebe016a650560374101b694c8ca32d8e9

SHA256
db9eb7d8440c99f474a775d79bcc0864b06ceb3bc38feb88aec4633d471f8886

SHA512
d03e3aa27c80504b0c6ce4535a68f0dbff9cb1a23d74f19f04e21612a845b5536fa0bccff6a3430e20007980a0610c321f8eeef736ef67771f3dbd4727d44877

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0410.ui.forms

Filesize
5KB

MD5
7ded8c36d661275ae1bfa62be7a8590a

SHA1
5d30c33dcfaaf54fe690427389a811d45e541972

SHA256
73b414fe68ac63499b7adc50d089b9ed619492d66e2bc7250c24c053ecccd93b

SHA512
69576c3f68d851190eba4acfd3f604e40d2367f13de97bcf89bfcb24173f326549deea37fe1e822e2e0c0997917a7cf725ab6c798f693befa61dd7697edc6291

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0411.ui.forms

Filesize
5KB

MD5
b1972e41cca36507162ec6bad898eb9a

SHA1
7e9648e7400b6a294d644e47058c56506357afdb

SHA256
396062f65a35b0f2b1ad18a24eadad80a45f176a22f429c3fdf74dd63c3bf0fc

SHA512
584e31f3f080a3c074e878f6d014e93a659c8091a0b57b6878743a4873a6d4497fe274e01b6debcdcc9d3e45d7fe2d122760468b88e01cc1841ee9ecf44142b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0412.ui.forms

Filesize
5KB

MD5
5d3d1e8e7ee6e4c6210e1371bf07e373

SHA1
cf2ef27699a11a1024bbbbc80dc89d29bcf5a5a2

SHA256
93562da1c41718d3a1ace7927a5f5094f2fc841cc74486d17be2c2df4cd37a51

SHA512
84f7a6ec2e2765d927209b10544114718119a5445f777668ecff3899eb0800d97e0f1d8fd3f58faf32d64be029044c345721d73706984c42c63ba2722ab13c98

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0413.ui.forms

Filesize
5KB

MD5
da335bac10b0a70623a06b1dc0a2b47b

SHA1
45f7a3b2843d181611c7b2088fcab3476089dba5

SHA256
451f8f5e441f59d7cc6021c1b378af32fd9d149aebb8071b25121e1822f5102a

SHA512
7f2482a861b9accd4ec9938a469fa22b3cc53cb24066eb5adf834651fc55a28cad036bb49cf05859ccebffbb4c39fcbf33d073d977dcc3964475b7647dc9b11e

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0414.ui.forms

Filesize
5KB

MD5
502f71862c4325ca9be01fdbd88e6f7b

SHA1
5f5a463ca238c3a177943c68cf698134ba6aff5f

SHA256
b7151037d63b5d6735f097b0967229080e4a035bf1f447b5aef3b026dec04021

SHA512
7fc6d38092bb08ad510e80d6c12bf9b30c428b948494b0821fb0cc02e8b978a588cf63f23f6f4c62234ac432e1f3e2cc5ae7603e647bb2141cd81d6bb66ab4ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0415.ui.forms

Filesize
5KB

MD5
910abbda8bb821d40c993e125876ba6a

SHA1
344895f2c5e5b448aaa9d313a1763c610511bb4c

SHA256
5d8ebe8031875c473d5d424487ad4738186c654c6fc577e3fac929e4123c61a3

SHA512
0bf7c1f1264aca3a16f1e47b32bf79b2d7cae8ec448e8d0afbced2cd99d30e180021009115e29571046f32741b3f6cafcbd11aed9981cae888b5dc56268b836c

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0416.ui.forms

Filesize
5KB

MD5
a8c883aba0d620f4799b46ada0dcdd95

SHA1
5a245988b85705aa841d882dbb80d5accbbaa96c

SHA256
780eb94645ebb9ae7eeb6a67097fbb02d8c7c600d1c0159048061845d26fcf20

SHA512
4eece1890ed1c76af66b67b7835190936404414f65baebd9edb9a0e8ca5cd8d98272732bcd8c63be0d9f4dc34e703cdf067c830bedca12d31c4758ffe84e9bac

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0419.ui.forms

Filesize
5KB

MD5
081557c35b9a7f3c1d64e364f2796c69

SHA1
37c5bf5a4da5f37b9ba70b681d5dd2241b72fae1

SHA256
827847d57981847c9d15f2f356f37fc2660deb05c1ddade9cdb399e2347aefae

SHA512
d776f1b3643922208955ba485b4d1a70b75eedc02059615d53b9415a04be74b0a193384dd67181418ea7ba0f06611d67f1e8b963d266db422fd42c3f249c561d

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\041b.ui.forms

Filesize
5KB

MD5
15a6724d0f3b4a534c50556f9f2eb60d

SHA1
70ab1b3983459741c4e47b295996fb995dd6e61c

SHA256
16ca1b05ac680b26d70485dae87707839cfb7de81e6b1cfab144900398ebaaf4

SHA512
e84f4cbf8f7a019d7cd1d60da5afc00acb2e8243a2223c567a8caf54607d660e7d8b3b30b0264052a4a0e57b8cc2daa9ed94adc24ff02551724e15f9f3e32127

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\041d.ui.forms

Filesize
5KB

MD5
deef2b89bc203e1b2e74d7b0dea91e50

SHA1
d5c2c8b35f23cdc5c4879aa172a1e119045150fd

SHA256
2079232ad4415058fb5e76e5b01826dadc7fba5d3335235cd261962f5dbe8135

SHA512
7b59e3b56d1883606b6e3fe26bb5d7630b3c04bee97e132ecc089b707b4fb7bea659294781549afb742d306a19f7b3f6f839bc6d35b40ad36e43e58e1d77b3d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\041e.ui.forms

Filesize
5KB

MD5
db93990873ebc8e8cd8942ded7012a05

SHA1
35af342fa9618ff83d9db17f6379f94f21286a6d

SHA256
7e68b78351008e37ca52cac8c1492382e78a4b1f787f18948bdc6787bfcb2889

SHA512
d70947fedc5506057a2fcfde13f8c7c9dfd872bbad0522606a1fb189a32ddd7e36116bee0f755043dd0ffae67092157fd2577a923f9ad40f068c53daf15c79a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\041f.ui.forms

Filesize
5KB

MD5
0ec99902be52015af431c5ae3c4771e6

SHA1
1c480887e6c68b8b78af3fd6e1666b4b57aa8205

SHA256
0217bb9330b0a287e3a54b3017b298989e6bf54b5783142b429b239399d3dc07

SHA512
5b154e4273ce8436c458c74e652e619dabba2ecb323d92867d1cf918ee1f1b144323da1deb0bb756972d56b4cbf264228977464cfd74e9c15173b94480a2d36d

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0422.ui.forms

Filesize
6KB

MD5
31dfa7512ff2c4a7bcd06580fc513167

SHA1
31c2e9da1c99b717d574b6181d718dfd066d6698

SHA256
023f5fd178a5f60a928b600e44f3216ebc3993e4844ffbfa049d39de1f469219

SHA512
60f4896539349eea1f2d4c87ca4ab767e4d12c47bdc26eda3e7b9a1687236f672f4c105cf27d5ec5a3b94f52bc317794507346e16fe7f38546100a19491bcd5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0424.ui.forms

Filesize
5KB

MD5
02ecd7b34fb868252c8aa0f1cf43c382

SHA1
c5297b19453e93eac6f54745999d844fbed803f7

SHA256
4086211bac4a28a935b04191e3087eaabf74d158383d51d08ef69b630eead613

SHA512
2de2f54b1a8fce6d44cfc1332a7f8b2a4f13fb1d0eeabcc9164f677da4c5e1f1b1ce4d9ce1d32411f2dafc7aa98cea4cdac2bbbe29aa49acb2542536398b4494

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0816.ui.forms

Filesize
5KB

MD5
193bf7bf99febb554a2edf4a1414c0be

SHA1
11e58e8493b4c1e09d5f2236c4ed02bec7c3a309

SHA256
b53a19c9e2023cdcfe3b26f3bff6286c44acbc87b6c736e616615645f34d023d

SHA512
0a7b9e05b4877789d6228afa481c16ba399b8dc9ac0616ec796871851af3af27b8f11a97da83258df06a1b5e2dc94a9ed36001d00570d96ad4d4829d9e1df251

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\DynamicBillboardPresentations.cfg

Filesize
1KB

MD5
afb01b092306d419dc1fb0affee49319

SHA1
29339afc46baec22001c58a71d3793e74d91b39c

SHA256
ef8f85fa5f18105cb3d5b20bb6f72fda912a74340f4e6dc3302b600a1fb9b3e5

SHA512
1d8f5c604b86be8a1f92e247c05685cac5637d9a9223a23e0b8c1a5a7f8bf1d7adda4cf48cbadde7b77ff1cc856d993cb1fbc047866c0d7fc45b83be093e0028

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\DynamicBillboardPresentations.dll

Filesize
963KB

MD5
eb381ed3cdfc1b46f17a2fda9417cb16

SHA1
9c2da62d753504dfab5caf9877516be19010605c

SHA256
d5bb892509e97d2dbca6720dca40187bee969d3b0631bc8a9c079ee809b30e5d

SHA512
bf569e4732ef50e4c387396f296a41a4fae0ac6502b4b9b8dc381bce48b3fc76f79200682e7997cc3c73a3b3aebdf9dbf03a5b425890c2d12440dfeab280f8f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\DynamicBillboardPresentations.htm

Filesize
10KB

MD5
5ca3f9dea84fa4ad9360ab943605d7b9

SHA1
3990d86e8930f8db0fdc4c16d43face59393bf61

SHA256
0af72677221bad8f8b562908c16466ee2344e60bdda10e99402e5c15f6aab75c

SHA512
b298737cc7d5677d6aa73b7348edfc3f821499c30407218399f5c6131f1b05b20a253b1432d38d97f66819d8f8f894ea507d81752fdba07ee0964c8417b3b738

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\NVI2.DLL

Filesize
6.5MB

MD5
ea49d013810bfe52f6528b25394dd04e

SHA1
5466bdc97d372b3558a9bc504e0f54d1bd1df2c9

SHA256
416f469906d931c519576a78aa33b180a8339696d1522757503ae6bb17d6999f

SHA512
53a414fc76f5ef7fd0b3024743a3e5ce166fd96956ba1b4b2fee4ffeda0ef4f03cd044010a690440c1db9918c0a0382fd713cd93643c1848a5e5d48c965cde52

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\json2.js

Filesize
18KB

MD5
b9894150338bed779444832aa42952fe

SHA1
03d32ed753d0b5c93c2e5c41616e57941a88bbbf

SHA256
f31e9f571b47b21946f49f4465dea0c1460d43e6aeddfbb42a787d4a260217cc

SHA512
f753589d6469ba90df67e3869ba05c7ce2779e5b0b80cbed7cad6f16f22c6a4db984a9d5a1341f31b00fd7aa2263dc05a10c0b54ecfa837140a209422609c34e

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\theme.cfg

Filesize
9KB

MD5
ed3736737d627c389a1bc8c8797b7300

SHA1
ec7c79c5ea2bc0381b85c166e136dd9eee4bf9b8

SHA256
6db7a6ef35817aa12540be07aee25e18322e6573d013699134e705e875be5ad6

SHA512
1b86bda45a427d321ee0594525c1ab08610870919e2e3288ab1788e6d1b3cbf16657791f67233f62e7f1b88d0948c3b9383c085917d6dacafec81a8def6cc092

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.CFG

Filesize
35KB

MD5
32f05780f1b774277ac1291b62641b4c

SHA1
dbcd43f93499924955caece5c940bb52c9b328ac

SHA256
0696c34e2195eddf3f5a3925312509cbaeff36d6a94fd5ddaefa2277a7ce7f87

SHA512
a8f198fa706cdc689063034d9a0dc433cbb84cf57bc9b975e57c9180651af3239d0c274eb2366f549345801f130517b37e55609c5c227ee65ec6733ff1f6b5fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe

Filesize
632KB

MD5
103fd60de31cceb0290f948e30251259

SHA1
518e799ebbabbd02c477e0507ffd26f46e81d789

SHA256
76fe28cb93ba6b84b4c9342cb91fa9e2bccb0a05a1b01cb1189deb5c5a6f990a

SHA512
7cf90a62c3a6bd7da1ac6908b8335e619b75950a0472680caf0d7f52dc02e6c4ec9e785187e8830846c0311ed6f0fce43cc2aa91e159b7b61e1022206d5c14d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\NvidiaLogging\Log.3704setup.exe.log

Filesize
376KB

MD5
b7fc7120350f8e9b5e34c7dd45085967

SHA1
c1e2c24614470e8250d948c75b96a39435fdf1a8

SHA256
b06894cb5e0a828e2dc36a0ff2b556c92d060883e0fe94e31fe5eee48999906b

SHA512
76cf668f3c1ef57f3b58e387caf92daf687e488605f6c25338c11120e6660f3069092c4f6b9d3ebcafc22217de553bbfc94ef8bcf8e388d5725a28c0d15eea85

Download Submit
C:\Users\Admin\Downloads\GeForce_Experience_v3.28.0.417.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit