Analysis Overview
Threat Level: Likely malicious
The file https://www.nvidia.com/en-au/geforce/geforce-experience/download/ was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Checks installed software on the system
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Browser Information Discovery
Suspicious use of AdjustPrivilegeToken
NTFS ADS
Checks SCSI registry key(s)
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-14 23:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 23:22
Reported
2024-11-14 23:23
Platform
win11-20241007-en
Max time kernel
92s
Max time network
99s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\GeForce_Experience_v3.28.0.417.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
Loads dropped DLL
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\restartlater_btn_pressed.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\secondary_btn_focused.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\min.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\json2.js | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\040c.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\041d.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0409.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0419.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0424.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\restartnow_btn_focused.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\GFExperience\EULA.txt | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0407.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0415.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\restartlater_btn_enabled.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{C62B0B44-1D65-414B-86E7-341E0998D5AC}\NVI2UI.dll | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{C62B0B44-1D65-414B-86E7-341E0998D5AC}\NVPrxy64.dll | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0000.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0412.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0422.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\close_pressed.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\frame_divider_bar.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\uninstall_btn_enabled.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\uninstall_btn_hover.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\040e.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0412.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\041f.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\setup.cfg | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0405.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0410.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\080a.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\Installer_ELA_Splash_bg2a.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\DynamicBillboardPresentations.cfg | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\min_pressed.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\041b.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\040a.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\restartnow_btn_pressed.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\041b.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0816.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0410.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0414.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\close.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\installer_bg2.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\primary_btn_enabled.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\primary_btn_pressed.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\theme.cfg | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0415.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{C62B0B44-1D65-414B-86E7-341E0998D5AC}\NvInstallerUtil.dll | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File opened for modification | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\DynamicBillboardPresentations.cfg | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\040a.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\primary_btn_hover.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\secondary_btn_enabled.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0409.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0419.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0424.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0405.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0416.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\GFExperience\PrivacyPolicy\PrivacyPolicy_en-US.htm | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\uninstall_btn_pressed.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0809.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\installer_bg1.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\040b.ui.strings | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\primary_btn_focused.png | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0407.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| File created | C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\0413.ui.forms | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\GeForce_Experience_v3.28.0.417.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\GeForce_Experience_v3.28.0.417.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\RunDll32.EXE | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 57438.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\GeForce_Experience_v3.28.0.417.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\RunDll32.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\GeForce_Experience_v3.28.0.417.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.nvidia.com/en-au/geforce/geforce-experience/download/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff82c083cb8,0x7ff82c083cc8,0x7ff82c083cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5996 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,14018927155700832510,910227679868216950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
C:\Users\Admin\Downloads\GeForce_Experience_v3.28.0.417.exe
"C:\Users\Admin\Downloads\GeForce_Experience_v3.28.0.417.exe"
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe
"C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe"
C:\Windows\SysWOW64\RunDll32.EXE
C:\Windows\SysWOW64\RunDll32.EXE C:\Users\Admin\AppData\Local\Temp\NVI2_29.DLL,DeferredDelete {FC3B99C2-A7F1-472D-BB49-D146CF2C1FAB} 3704 C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.nvidia.com | udp |
| GB | 92.122.54.97:443 | store.nvidia.com | tcp |
| GB | 2.18.108.226:443 | assets.adobedtm.com | tcp |
| US | 104.18.87.42:443 | cdn.cookielaw.org | tcp |
| IE | 18.66.171.97:443 | static.queue-it.net | tcp |
| IE | 18.66.171.97:443 | static.queue-it.net | tcp |
| US | 104.18.87.42:443 | cdn.cookielaw.org | tcp |
| US | 192.229.220.191:443 | images.nvidia.com | tcp |
| US | 8.8.8.8:53 | 226.108.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.87.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.171.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.220.229.192.in-addr.arpa | udp |
| IE | 3.162.140.70:443 | assets.queue-it.net | tcp |
| US | 192.229.220.191:443 | images.nvidia.com | tcp |
| US | 172.64.155.119:443 | privacyportal.onetrust.com | tcp |
| US | 192.229.220.191:443 | images.nvidia.com | tcp |
| US | 151.101.0.114:443 | cdn.evgnet.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 146.75.92.157:443 | static.ads-twitter.com | tcp |
| GB | 2.19.252.133:443 | snap.licdn.com | tcp |
| GB | 92.122.54.2:443 | analytics.tiktok.com | tcp |
| CH | 157.240.17.15:443 | connect.facebook.net | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 216.58.213.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.2:443 | googleads.g.doubleclick.net | tcp |
| US | 172.66.0.227:443 | t.co | tcp |
| US | 172.66.0.227:443 | t.co | tcp |
| US | 172.66.0.227:443 | t.co | tcp |
| US | 172.66.0.227:443 | t.co | tcp |
| US | 172.66.0.227:443 | t.co | tcp |
| US | 104.244.42.195:443 | analytics.twitter.com | tcp |
| US | 104.244.42.195:443 | analytics.twitter.com | tcp |
| US | 104.244.42.195:443 | analytics.twitter.com | tcp |
| US | 104.244.42.195:443 | analytics.twitter.com | tcp |
| US | 104.244.42.195:443 | analytics.twitter.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 3.136.99.121:443 | nvidiacorp.us-5.evergage.com | tcp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| GB | 142.250.179.227:443 | www.google.co.uk | tcp |
| GB | 142.250.179.227:443 | www.google.co.uk | tcp |
| US | 172.67.14.146:443 | cdn.pushcrew.com | tcp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.0.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.99.136.3.in-addr.arpa | udp |
| US | 172.67.14.146:443 | cdn.pushcrew.com | tcp |
| US | 34.102.183.26:443 | pushcrew.com | tcp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| SE | 192.229.221.58:443 | us.download.nvidia.com | tcp |
| SE | 192.229.221.58:443 | us.download.nvidia.com | tcp |
| GB | 20.90.153.243:443 | client.wns.windows.com | tcp |
| US | 34.102.183.26:443 | pushcrew.com | udp |
| US | 34.107.185.167:443 | dacdn.pushcrew.com | tcp |
| US | 34.107.185.167:443 | dacdn.pushcrew.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e11c77d0fa99af6b1b282a22dcb1cf4a |
| SHA1 | 2593a41a6a63143d837700d01aa27b1817d17a4d |
| SHA256 | d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0 |
| SHA512 | c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3 |
\??\pipe\LOCAL\crashpad_1404_BOJGUNPWSVLMORFW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c0a1774f8079fe496e694f35dfdcf8bc |
| SHA1 | da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3 |
| SHA256 | c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb |
| SHA512 | 60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ca94e9ea-ec22-4c3d-ab1a-7d3a9328d754.tmp
| MD5 | 994b294f07377cba084a8d3d5f9e144b |
| SHA1 | 06d3855d97dd4a1ff122ed4d6569964d9a986481 |
| SHA256 | be5f42124580a271f82bc35baa467a512619801a013b2cd7bb2df15ec50ba343 |
| SHA512 | 02233baa76f6cb72fd65c38edc1341bfb112bd95b069b6e31f2849c5b892a4e184c33a58a807f17206c4476f4ef8b08d6cb563106391658edd0d3dfbda2e2277 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a8e196ed320d947a9d2e01a73f6ac1ba |
| SHA1 | 8bdac3bb4431da4de1a06211d921857db7aaf903 |
| SHA256 | b2374f6aada281fef4236ee63831d8474275dc488ed4a63e1f593d611cf3ce66 |
| SHA512 | cbcfdaec6b44ed788f5e2b35c562f1577c3e205ad4f8947d2df2f378ac772a713a3c1fd74c30b092792ea52ec1b511d6d6c2a580af7238b113af7ee9c1c76d62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 951b1ceb3fa81a0529bf5cf4868fa736 |
| SHA1 | 59540331ae28d3d7ec3b36a9ba3596eacdaa0238 |
| SHA256 | 2aa391ba273029a25fa9ac9718a5cf287cc4f8ecd176b54d7cdc767c0b054921 |
| SHA512 | 580f82a04ec2dabecca86ed9f8d7f10bd788ee3f9143c01a865a7e06660f537127da17124bd78f05519156b711c0f74a07094440d57cf4cb6775ccd001f9425f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1e5d12505390fca534937afc040b4f0d |
| SHA1 | 3d3a0273fec1576ea8011988241ef2ed91ae9b29 |
| SHA256 | 5e8f8dbd44b1b2c898b2632c99957a1ad06bc70b8ef35b19f5c24f284c825c25 |
| SHA512 | 63e3699fbd549adfbbd4dcdecae20b9c9ca5ba24d60f44db16228dad4c8aa97556ab622b7bbf01a9a7545e84d9f6c89e3c71231cd31bb381aece69d65eb9d2e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 97799f84dc663702375e04075d43a7f0 |
| SHA1 | 640f6cd738c9853d44c750d288af990f74ab60cd |
| SHA256 | 10d2bb9f75bbd2b842802332ad99eddb2e42a3e2f788c0a58a685516dadcd63f |
| SHA512 | e59a5680fcca3bccf4e71633d81ac87fe2ac2fc2fb8f742130eabdd6aad80d2bd7350ec6e9e31b8e4e6e9bf41d44cd0dd18324ff13ab16999e14dcbddd747db5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 81d5b9b10a874d17215667d7fc2a7769 |
| SHA1 | 419487773f2d85be406b02275ba3815e501d2b91 |
| SHA256 | 4b7aef4c99f7579f2d23416ca7a043a5d89f9cbf6503f9aca41b8fc1b6450c53 |
| SHA512 | 75ec380d422e845e6aa3bfa848a352284760052eadec2fd868e9cceff7724140b0e0d1e781a8dfff78b7c91c88199c653c0b2d0a50a2480344d0d1a0a77e3d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582769.TMP
| MD5 | 61e28b94eeea1cfbc92ebc15e2f22220 |
| SHA1 | 377a36c176783bca5130e74ab7c2ae70afedbe96 |
| SHA256 | a8f5c13f241fec07a270b32e7d2b59aad24172d03c25ed6a213eb5b9bc55aa74 |
| SHA512 | c810a30f07b6e354389eaa008f1ac095f5f80a64aeba145572911ee65d9c9e2da42de4880174cfee4eb655be9860ab2d8b7a7b9387fefb21cb3449b19130e709 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b7b326a36861bb7d0781509bd9af6877 |
| SHA1 | 48a7305a97a00275d3a347f98edd0d66618cbf4d |
| SHA256 | be82771a0765a1860680aefe0a5b6e98278a5b094b63615d3f1a2138ec30f688 |
| SHA512 | 8095e5491784e1f9e4d307bc3d25a91ac2dde7d6feb14ffe96c8fa99fa80581c4e69850e604122cadc8cd0cbf43a4d9ca29e734cb0388e8c4acf68e8ac4677be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7dc18e113212d689ecda97d8511a5ba7 |
| SHA1 | f6f8d94cd66b04799c3deb5c0ae64f442550beb8 |
| SHA256 | e7486b560d0c98afe3a5a93bc28877feedcf59fc738623883162aad2ddff7850 |
| SHA512 | efb1b58ee08b188628b95865882970096d5c6da784125030b2f99a72574cd6afd8fab6f9efc2bd119fc506dc81f898b2d98dc217183454ab876a506f06f760ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587700.TMP
| MD5 | d18d45d088ecba6bcbceebef401d44dc |
| SHA1 | 2c6d32b928c13695c2369b5236ccd72bff4208a0 |
| SHA256 | 43b7f4ee5a69654bc20f127a29fc3dbd752649f1f83e43ab29c122c5f59f0596 |
| SHA512 | 2e08571053418d8e9d137e6f3c514abe9e1424e08241246a1a8cfd2f61860bbbeed105c2f33798ac850c67f90766d023a840f2fdb7340f963ace4137214d8ad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 371f00662ca1b4683de23aba69415daf |
| SHA1 | 4e472b15af1cccf6e6394d0c9bd24e55112f5a38 |
| SHA256 | 30eae99851489f25a19f50de37310b226debe7d0cec8c11cf2962f7a62a7f55f |
| SHA512 | a0f219a8495d81997a27fb1fdbe1478760a63df771ff1cfd208bbfb00ab5e94d11c9304168b7c4b052e3e0626aeb11567cf35587aeaf7502f4a007ccd91ceff0 |
C:\Users\Admin\Downloads\GeForce_Experience_v3.28.0.417.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 084bebcb275f2839f0e4279c5bbb59ae |
| SHA1 | bb8ddf03c2ac1689c8709cae48f553fc5e154852 |
| SHA256 | 7334e8d95d5c7abe6f0eaf29cfe188a0e65ac88b2d230819bbb07c5bbbba07da |
| SHA512 | dc2088066b3288ace9c2b11badc1dbdd6d13032710146b352d67762f3c19846d262be935d4b27ea36e619cbd4fd7499bb3916176c4d245fb53b692e518eb08a5 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.exe
| MD5 | 103fd60de31cceb0290f948e30251259 |
| SHA1 | 518e799ebbabbd02c477e0507ffd26f46e81d789 |
| SHA256 | 76fe28cb93ba6b84b4c9342cb91fa9e2bccb0a05a1b01cb1189deb5c5a6f990a |
| SHA512 | 7cf90a62c3a6bd7da1ac6908b8335e619b75950a0472680caf0d7f52dc02e6c4ec9e785187e8830846c0311ed6f0fce43cc2aa91e159b7b61e1022206d5c14d0 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\NVI2.DLL
| MD5 | ea49d013810bfe52f6528b25394dd04e |
| SHA1 | 5466bdc97d372b3558a9bc504e0f54d1bd1df2c9 |
| SHA256 | 416f469906d931c519576a78aa33b180a8339696d1522757503ae6bb17d6999f |
| SHA512 | 53a414fc76f5ef7fd0b3024743a3e5ce166fd96956ba1b4b2fee4ffeda0ef4f03cd044010a690440c1db9918c0a0382fd713cd93643c1848a5e5d48c965cde52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DC1FDD81FD13E32279FA4275E870FD3E
| MD5 | 921bb3b7e9fa7b158e6c22f01e6a8a37 |
| SHA1 | 0d881bc0894877042d2c77ce5b23b755e217d48d |
| SHA256 | 24347e87b3f8cf8094a139f94d47b6948c0c564c5ac3d31fd085b1e62ee49b34 |
| SHA512 | ee1b58a0e7526c24756a611d4d19cc07857919fc297221c7e3779353269d93efd5b1a4879551e40c93b921175e7dd8018746f6bbbe99842dc346ebfe40089c9d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DC1FDD81FD13E32279FA4275E870FD3E
| MD5 | 1498dfafdf3116f7214b6709616b5770 |
| SHA1 | ca0c0a07fbb3c5bab004e16d6a92d759dad81a3f |
| SHA256 | 7d879aea404f9c1c2eae361017d816c6cec320aecb3f2ad9357e28e4b52cfdec |
| SHA512 | 9ac215c2ca088cb6ab06271dbacaa558f740df4cc8b1fbfa43f18b428f2639709cedaa6d7ba07906e2602b75117f366720988ac2c57136cfed58c8d9d5a311da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | 77f270824d9008ba0b68424f22d14960 |
| SHA1 | ed8b78580f07ccd356d359c3765927a7f136d990 |
| SHA256 | 10f7d180026ec98a6c026ab0144feb472f62c048f6cddf44271c412837d2921a |
| SHA512 | 065930aea875236aef58d8190275f0fdc5eb52843c5d42dbec094f3496aeebaaebdefdb250f25934c620df7a433aca56a65a5104206a5cc3f29e6c89a6a03a7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | 2a058c1fa0a216c419569887990f5b0e |
| SHA1 | 6072615b614d6ccada2e5150153cd397827ad567 |
| SHA256 | cb6efc485676a2ed4c6e3e6935e46c62b945c297474cec89f4af63d7a90d7e9f |
| SHA512 | d7dd82a6c9bd7ce06901cb87dcc4ab5eab5c8a8beaf41fa9b6dddab9f7726274605f5605e9b301e044052db34cea6be39cdd27fbe6bee43c1546a986652e95f8 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\setup.CFG
| MD5 | 32f05780f1b774277ac1291b62641b4c |
| SHA1 | dbcd43f93499924955caece5c940bb52c9b328ac |
| SHA256 | 0696c34e2195eddf3f5a3925312509cbaeff36d6a94fd5ddaefa2277a7ce7f87 |
| SHA512 | a8f198fa706cdc689063034d9a0dc433cbb84cf57bc9b975e57c9180651af3239d0c274eb2366f549345801f130517b37e55609c5c227ee65ec6733ff1f6b5fd |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\DynamicBillboardPresentations.cfg
| MD5 | afb01b092306d419dc1fb0affee49319 |
| SHA1 | 29339afc46baec22001c58a71d3793e74d91b39c |
| SHA256 | ef8f85fa5f18105cb3d5b20bb6f72fda912a74340f4e6dc3302b600a1fb9b3e5 |
| SHA512 | 1d8f5c604b86be8a1f92e247c05685cac5637d9a9223a23e0b8c1a5a7f8bf1d7adda4cf48cbadde7b77ff1cc856d993cb1fbc047866c0d7fc45b83be093e0028 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\json2.js
| MD5 | b9894150338bed779444832aa42952fe |
| SHA1 | 03d32ed753d0b5c93c2e5c41616e57941a88bbbf |
| SHA256 | f31e9f571b47b21946f49f4465dea0c1460d43e6aeddfbb42a787d4a260217cc |
| SHA512 | f753589d6469ba90df67e3869ba05c7ce2779e5b0b80cbed7cad6f16f22c6a4db984a9d5a1341f31b00fd7aa2263dc05a10c0b54ecfa837140a209422609c34e |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\DynamicBillboardPresentations.htm
| MD5 | 5ca3f9dea84fa4ad9360ab943605d7b9 |
| SHA1 | 3990d86e8930f8db0fdc4c16d43face59393bf61 |
| SHA256 | 0af72677221bad8f8b562908c16466ee2344e60bdda10e99402e5c15f6aab75c |
| SHA512 | b298737cc7d5677d6aa73b7348edfc3f821499c30407218399f5c6131f1b05b20a253b1432d38d97f66819d8f8f894ea507d81752fdba07ee0964c8417b3b738 |
C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\GFExperience\FunctionalConsent_en-US.txt
| MD5 | e80ea621e18ecbd92e30de029088954f |
| SHA1 | 3ef8b6f8db4a2847955ca94eceabce917324d2f3 |
| SHA256 | 68797508848a6d0d2b8ec5fb887c43d7a22daf63e3ab4ba3e9659368538e151e |
| SHA512 | 7a649f071bf78eb348ade431f365b5a96fb59bd85863d2942088855f08afc30469ab63289914c5d4d89d1115f1e93dc9461fd0bc8eec103826a0dd196f8e320a |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0404.ui.forms
| MD5 | f19b05d0b03ff5e15b3d452f1e1b7fc2 |
| SHA1 | f99dbf38b7e9ddee61b1f518cad3fb16313e4473 |
| SHA256 | b01ef781c96e3f50a45a3547c45d1837bf59adb86c27e328c1e654fa19ec2daf |
| SHA512 | ebcbf848d83b1456696abb26c343aec43c8d2063eab078e4793e87ee5ffdd9163acbf2df0e497a8e5d7e946ac65c4eaca12f5638c15f49856f0c09b2e055c906 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0411.ui.forms
| MD5 | b1972e41cca36507162ec6bad898eb9a |
| SHA1 | 7e9648e7400b6a294d644e47058c56506357afdb |
| SHA256 | 396062f65a35b0f2b1ad18a24eadad80a45f176a22f429c3fdf74dd63c3bf0fc |
| SHA512 | 584e31f3f080a3c074e878f6d014e93a659c8091a0b57b6878743a4873a6d4497fe274e01b6debcdcc9d3e45d7fe2d122760468b88e01cc1841ee9ecf44142b0 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0416.ui.forms
| MD5 | a8c883aba0d620f4799b46ada0dcdd95 |
| SHA1 | 5a245988b85705aa841d882dbb80d5accbbaa96c |
| SHA256 | 780eb94645ebb9ae7eeb6a67097fbb02d8c7c600d1c0159048061845d26fcf20 |
| SHA512 | 4eece1890ed1c76af66b67b7835190936404414f65baebd9edb9a0e8ca5cd8d98272732bcd8c63be0d9f4dc34e703cdf067c830bedca12d31c4758ffe84e9bac |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0424.ui.forms
| MD5 | 02ecd7b34fb868252c8aa0f1cf43c382 |
| SHA1 | c5297b19453e93eac6f54745999d844fbed803f7 |
| SHA256 | 4086211bac4a28a935b04191e3087eaabf74d158383d51d08ef69b630eead613 |
| SHA512 | 2de2f54b1a8fce6d44cfc1332a7f8b2a4f13fb1d0eeabcc9164f677da4c5e1f1b1ce4d9ce1d32411f2dafc7aa98cea4cdac2bbbe29aa49acb2542536398b4494 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0422.ui.forms
| MD5 | 31dfa7512ff2c4a7bcd06580fc513167 |
| SHA1 | 31c2e9da1c99b717d574b6181d718dfd066d6698 |
| SHA256 | 023f5fd178a5f60a928b600e44f3216ebc3993e4844ffbfa049d39de1f469219 |
| SHA512 | 60f4896539349eea1f2d4c87ca4ab767e4d12c47bdc26eda3e7b9a1687236f672f4c105cf27d5ec5a3b94f52bc317794507346e16fe7f38546100a19491bcd5e |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\041f.ui.forms
| MD5 | 0ec99902be52015af431c5ae3c4771e6 |
| SHA1 | 1c480887e6c68b8b78af3fd6e1666b4b57aa8205 |
| SHA256 | 0217bb9330b0a287e3a54b3017b298989e6bf54b5783142b429b239399d3dc07 |
| SHA512 | 5b154e4273ce8436c458c74e652e619dabba2ecb323d92867d1cf918ee1f1b144323da1deb0bb756972d56b4cbf264228977464cfd74e9c15173b94480a2d36d |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\041e.ui.forms
| MD5 | db93990873ebc8e8cd8942ded7012a05 |
| SHA1 | 35af342fa9618ff83d9db17f6379f94f21286a6d |
| SHA256 | 7e68b78351008e37ca52cac8c1492382e78a4b1f787f18948bdc6787bfcb2889 |
| SHA512 | d70947fedc5506057a2fcfde13f8c7c9dfd872bbad0522606a1fb189a32ddd7e36116bee0f755043dd0ffae67092157fd2577a923f9ad40f068c53daf15c79a1 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\041d.ui.forms
| MD5 | deef2b89bc203e1b2e74d7b0dea91e50 |
| SHA1 | d5c2c8b35f23cdc5c4879aa172a1e119045150fd |
| SHA256 | 2079232ad4415058fb5e76e5b01826dadc7fba5d3335235cd261962f5dbe8135 |
| SHA512 | 7b59e3b56d1883606b6e3fe26bb5d7630b3c04bee97e132ecc089b707b4fb7bea659294781549afb742d306a19f7b3f6f839bc6d35b40ad36e43e58e1d77b3d8 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\041b.ui.forms
| MD5 | 15a6724d0f3b4a534c50556f9f2eb60d |
| SHA1 | 70ab1b3983459741c4e47b295996fb995dd6e61c |
| SHA256 | 16ca1b05ac680b26d70485dae87707839cfb7de81e6b1cfab144900398ebaaf4 |
| SHA512 | e84f4cbf8f7a019d7cd1d60da5afc00acb2e8243a2223c567a8caf54607d660e7d8b3b30b0264052a4a0e57b8cc2daa9ed94adc24ff02551724e15f9f3e32127 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0419.ui.forms
| MD5 | 081557c35b9a7f3c1d64e364f2796c69 |
| SHA1 | 37c5bf5a4da5f37b9ba70b681d5dd2241b72fae1 |
| SHA256 | 827847d57981847c9d15f2f356f37fc2660deb05c1ddade9cdb399e2347aefae |
| SHA512 | d776f1b3643922208955ba485b4d1a70b75eedc02059615d53b9415a04be74b0a193384dd67181418ea7ba0f06611d67f1e8b963d266db422fd42c3f249c561d |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0415.ui.forms
| MD5 | 910abbda8bb821d40c993e125876ba6a |
| SHA1 | 344895f2c5e5b448aaa9d313a1763c610511bb4c |
| SHA256 | 5d8ebe8031875c473d5d424487ad4738186c654c6fc577e3fac929e4123c61a3 |
| SHA512 | 0bf7c1f1264aca3a16f1e47b32bf79b2d7cae8ec448e8d0afbced2cd99d30e180021009115e29571046f32741b3f6cafcbd11aed9981cae888b5dc56268b836c |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0414.ui.forms
| MD5 | 502f71862c4325ca9be01fdbd88e6f7b |
| SHA1 | 5f5a463ca238c3a177943c68cf698134ba6aff5f |
| SHA256 | b7151037d63b5d6735f097b0967229080e4a035bf1f447b5aef3b026dec04021 |
| SHA512 | 7fc6d38092bb08ad510e80d6c12bf9b30c428b948494b0821fb0cc02e8b978a588cf63f23f6f4c62234ac432e1f3e2cc5ae7603e647bb2141cd81d6bb66ab4ef |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0413.ui.forms
| MD5 | da335bac10b0a70623a06b1dc0a2b47b |
| SHA1 | 45f7a3b2843d181611c7b2088fcab3476089dba5 |
| SHA256 | 451f8f5e441f59d7cc6021c1b378af32fd9d149aebb8071b25121e1822f5102a |
| SHA512 | 7f2482a861b9accd4ec9938a469fa22b3cc53cb24066eb5adf834651fc55a28cad036bb49cf05859ccebffbb4c39fcbf33d073d977dcc3964475b7647dc9b11e |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0412.ui.forms
| MD5 | 5d3d1e8e7ee6e4c6210e1371bf07e373 |
| SHA1 | cf2ef27699a11a1024bbbbc80dc89d29bcf5a5a2 |
| SHA256 | 93562da1c41718d3a1ace7927a5f5094f2fc841cc74486d17be2c2df4cd37a51 |
| SHA512 | 84f7a6ec2e2765d927209b10544114718119a5445f777668ecff3899eb0800d97e0f1d8fd3f58faf32d64be029044c345721d73706984c42c63ba2722ab13c98 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0410.ui.forms
| MD5 | 7ded8c36d661275ae1bfa62be7a8590a |
| SHA1 | 5d30c33dcfaaf54fe690427389a811d45e541972 |
| SHA256 | 73b414fe68ac63499b7adc50d089b9ed619492d66e2bc7250c24c053ecccd93b |
| SHA512 | 69576c3f68d851190eba4acfd3f604e40d2367f13de97bcf89bfcb24173f326549deea37fe1e822e2e0c0997917a7cf725ab6c798f693befa61dd7697edc6291 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\040e.ui.forms
| MD5 | 63d190e0428028c156d9e3afb86acaa3 |
| SHA1 | bfc715bebe016a650560374101b694c8ca32d8e9 |
| SHA256 | db9eb7d8440c99f474a775d79bcc0864b06ceb3bc38feb88aec4633d471f8886 |
| SHA512 | d03e3aa27c80504b0c6ce4535a68f0dbff9cb1a23d74f19f04e21612a845b5536fa0bccff6a3430e20007980a0610c321f8eeef736ef67771f3dbd4727d44877 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\040c.ui.forms
| MD5 | 531ba8817b5cee98021f856e91548b4b |
| SHA1 | 549177d0b7a57b5356b6bc717def28a0a122db7f |
| SHA256 | 44ca9ec4a300ce5e623af6e75060b467876eff5e190ad2bb67e9cc580c94c639 |
| SHA512 | 519fd13a367f70d40d9ffec0391cfd8ee9acbc22731cfad06c66782c2c36524c77233f0f3e4b1bfaa24754c3a4a4aa78d03fd35c81ac8291b9bbfaeca6dc4d86 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\040b.ui.forms
| MD5 | d09be4479fc55ef8ef9e5d06c1923ac1 |
| SHA1 | f69e0108bba8ab99903fa709faec33c89d7ee983 |
| SHA256 | a6e40eef7e43546e98798c142cb55df1158a5fa0678274174a74e1dc6e2a51ef |
| SHA512 | e640c93fabfa4ba64069f1fa7d034edcf568d514b31af346803f260578f3f992954c2289363d033b888061e67ff0b66a89710c8cb10b3d083e9aca7f5589476a |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0404.ui.strings
| MD5 | 95f6407c629b427b5fa269005b7fd396 |
| SHA1 | ba761001e18b6aad1b20772c347828378cc8aeca |
| SHA256 | deca360f2e38bbed0d63203d040b4434a99999be4c29ff1d5903ca5b21220319 |
| SHA512 | 8615595a667a6f159dc15597e182dbed156a5831e76bc25aa551f0240e5b13758b40f2da4dcd6bbbfc3ef4f108e0feb357bebc0438d7b0472ec8af88d36fdfc2 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0000.ui.strings
| MD5 | 40daaf261dbe301aa4e72a994e524b10 |
| SHA1 | e366ca1aa25c3cbafd54a6bdb344ba48e651d5e2 |
| SHA256 | cc29f5ccbc467a4c0d88560f01d07ba5337e3560259b87ebc75e1859752f6b30 |
| SHA512 | af67cb52df6c06c81b1c656e6a2f6d4c993569bfbcec1930563ada54443db19d6574b1236f9b37c4e5cf9ff143689411bd7f6f786eecf8afc906bc729fcac66a |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0816.ui.forms
| MD5 | 193bf7bf99febb554a2edf4a1414c0be |
| SHA1 | 11e58e8493b4c1e09d5f2236c4ed02bec7c3a309 |
| SHA256 | b53a19c9e2023cdcfe3b26f3bff6286c44acbc87b6c736e616615645f34d023d |
| SHA512 | 0a7b9e05b4877789d6228afa481c16ba399b8dc9ac0616ec796871851af3af27b8f11a97da83258df06a1b5e2dc94a9ed36001d00570d96ad4d4829d9e1df251 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\040a.ui.forms
| MD5 | dbaba2d9738a8082bb14ed49d3457c27 |
| SHA1 | 3c5c72dac5002302a68b014ce883ea4212efc3c3 |
| SHA256 | 60467876c5aa7251d5ff2213c0666cc9e98f4680364f9aa1328dc861a173373b |
| SHA512 | e63de26dd77ea309b88472379ba090a0d125959a67c674b1e3235434ec7f35d93cf5558ed525a8aeed106782135d39b6ce3c3d74f461fd598161df5a70e083c5 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0409.ui.forms
| MD5 | 250cf87647de675423d2b414b8dc846f |
| SHA1 | 5ca9e6920b0757a1c6c2fb070c42b1bd4b34ae0f |
| SHA256 | a2b3a2f20cc164ee22e9a0ce4fbfaac8db288bde8efa5c3c8ca567be63bc0782 |
| SHA512 | f46f785ff4be2249a5094c8e8d46d72f1d850674e6a66abeba50748302079e7c1f58948d63c7bf4954dbc53c545823ad3ba33ec2e1c0f24974775df18bbcafe7 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0408.ui.forms
| MD5 | 0b4526aba732f7adc94988e3958688f8 |
| SHA1 | bc6152e96c25fc705c93cd58edc447cbc9f11646 |
| SHA256 | 9a0c91051e16b75a630a76b39c04d4dacb07ed00522e67502271ef378ee43d97 |
| SHA512 | 500792a8e1b2f945789d1313966c19585d0de96bddc43927778b3b4a82f1b421afeaa9dd369895f30491ff1c91ad9ac47b942a325a28f97974d79e5d7e47ec98 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0407.ui.forms
| MD5 | 225a52850bec8d8116d7e3bc63c0f125 |
| SHA1 | 160d5e13da644d9c0719dfa45486b47bc49bb8d5 |
| SHA256 | 917d491b008d0c2c7e46ee47e8862cd8a6b2a6a85545773aafab168e45e63138 |
| SHA512 | 0a41c91e16d36895ec3902d64dd9a221e505675b4346b978c4bea89310c9c5c5d4dbaca97f5a9dfa59ab7312e9f090bb31ded20eb95676780b7cdc823789b106 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0406.ui.forms
| MD5 | dba64e3cd8775660e9c57b7164b9721c |
| SHA1 | 35dbb5b239d3a6cb438ecbada0301ed456ff4bef |
| SHA256 | fad9bb64495ab479fc6db7a0b94f8535fa07d62615f9170b8aea4914d7950e3c |
| SHA512 | da07be3babd74207fb6ec453424792220cd9c8cd423f6e56c879a85d172415efe53d20d4b6e8d758f2a5b696bedd7ac5d01579958c05c5b7b48276062e81b4bb |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0405.ui.forms
| MD5 | eb0026ac03b9b0b1d8dbd42ba261300e |
| SHA1 | 3e45d731046a507986da45f89b576b2b664e6413 |
| SHA256 | 36ebc97d7dcd1edbb6de89cd4aba6375e9c1cc9b940239a68de825307a1f2599 |
| SHA512 | b358cfaca27e1d393cb4877d1f6597f5fc0c0cd7ddc41899207e2fd590742fcfcef8832b1afcfbad76fdb794e8c9b0b868631ff4503b32e70b329fe2bf1f257a |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\0000.ui.forms
| MD5 | 8bd78d4a249f4f50a16d3d126ecc1a06 |
| SHA1 | e2cd578565d0e2260a0864f085758cdcbbd6cae2 |
| SHA256 | e9196614efd22409b33eab4dfdb53a7ff72ca8e14aeafd1bb81c0ef78ccc33d2 |
| SHA512 | 20755171f77a5efb1fe23bd06740449fe725518b09add9b02cf35892b033fb180cbcc521538a6841600dd7ff5b88a7de2d9be283eade1417434eef196818e706 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\theme.cfg
| MD5 | ed3736737d627c389a1bc8c8797b7300 |
| SHA1 | ec7c79c5ea2bc0381b85c166e136dd9eee4bf9b8 |
| SHA256 | 6db7a6ef35817aa12540be07aee25e18322e6573d013699134e705e875be5ad6 |
| SHA512 | 1b86bda45a427d321ee0594525c1ab08610870919e2e3288ab1788e6d1b3cbf16657791f67233f62e7f1b88d0948c3b9383c085917d6dacafec81a8def6cc092 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\PrivacyPolicy\PrivacyPolicy_en-US.htm
| MD5 | c5828bae57eceb2b67d4e02baad1b553 |
| SHA1 | baf245981722964d2cd560e9e95b5b56e636f490 |
| SHA256 | 707aa636d174b7d4056baabc134b073d0b792ac1bec447559e3c323afdc68429 |
| SHA512 | 22ce68b01a7287b0d77ce329c3727c4ec46b8fa3d0805c3e785b5034bdeff2af3c4efeaf1afc3725ff7c952d39fc5c633e4552942003636f6ea47c6dc1d693e8 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\EULA.txt
| MD5 | 26f0afd7a3843521a432540013e06b92 |
| SHA1 | c1537ef4d740e1e3862fa1d87dc4a4b46dbd4f68 |
| SHA256 | 0bd7a95de056fba436c333ef8df870c37f7ef04229c73cf62eaf67a662035fb3 |
| SHA512 | 3052b5437e90d293b9dd949d6ed10c28284d99d1dff5be1da9710b84386cdab667d93a13ece9e20af2c3829ea9842806cb2387750702e021d4e8b88830a66b51 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\NVI2\DynamicBillboardPresentations.dll
| MD5 | eb381ed3cdfc1b46f17a2fda9417cb16 |
| SHA1 | 9c2da62d753504dfab5caf9877516be19010605c |
| SHA256 | d5bb892509e97d2dbca6720dca40187bee969d3b0631bc8a9c079ee809b30e5d |
| SHA512 | bf569e4732ef50e4c387396f296a41a4fae0ac6502b4b9b8dc381bce48b3fc76f79200682e7997cc3c73a3b3aebdf9dbf03a5b425890c2d12440dfeab280f8f1 |
C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{C62B0B44-1D65-414B-86E7-341E0998D5AC}\NVI2UI.dll
| MD5 | 8573f64ff65810e83822d1bc62deeeef |
| SHA1 | bb880e087c784698937ef683e12f72735c7aa88e |
| SHA256 | 713daea7f59e8dbb2952d35ad29e38d6cdcca6dfa2fb83d797304ffdc4fc08d6 |
| SHA512 | b920b6b70e39b464112ed55f4e8355bf342a2954719393ca2569c8363919e4d472d34af2013207ab9eb3e440a404b7b2ba4ec254e3f2c115e95f638c56d47140 |
C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\secondary_btn_enabled.png
| MD5 | 63674adabbc82d7b1f79f06f6fc790f6 |
| SHA1 | 2d12cb48459f52d6f981ed9b264db63f237c3d10 |
| SHA256 | 0827749e22907f0f732d2fcc4f3b73ce73986d61704c8cac1f6c737acc4b6aba |
| SHA512 | 7e625f7f7ae3119370dd61e82bf89fef5111e037f653652328b39b6798a5c71c8250978de6859982f4988c4ebd8b31b546740f079a03a6edf7f79692b64fecf2 |
C:\Program Files\NVIDIA Corporation\Installer2\installer.{33DDC9CC-D10B-4CFE-BCB7-9E7DE6D851DC}\secondary_btn_hover.png
| MD5 | 00e9167f523be89ac9fcaea7612c6bb8 |
| SHA1 | 0484077c6775be036d49ccdd5f0e1fb2bce35739 |
| SHA256 | 0516f8ca19e93589852dd6419ac8981a3029f6fe33b93bafc43113deb23150cc |
| SHA512 | 3a8708a720a1aeb28a13485ed6b44037d517dbea9781e2b5571614f37d69f953559c63c158c376f4d39d29ea66098454512f5954f256e74a20fb045a5089c595 |
C:\Users\Admin\AppData\Local\Temp\NvidiaLogging\Log.3704setup.exe.log
| MD5 | b7fc7120350f8e9b5e34c7dd45085967 |
| SHA1 | c1e2c24614470e8250d948c75b96a39435fdf1a8 |
| SHA256 | b06894cb5e0a828e2dc36a0ff2b556c92d060883e0fe94e31fe5eee48999906b |
| SHA512 | 76cf668f3c1ef57f3b58e387caf92daf687e488605f6c25338c11120e6660f3069092c4f6b9d3ebcafc22217de553bbfc94ef8bcf8e388d5725a28c0d15eea85 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\FrameViewSDK\SDK\Public_Debug\FvSDK.h
| MD5 | 7fe2ec77049357ffad14eaf8abd437df |
| SHA1 | 8514dd3a6bd0a38ef9b1cc70b801553ae88105cf |
| SHA256 | 3533e4624d8e78b7f928caf75d3168d8001ba4d43da9799b9b4c914398ca88db |
| SHA512 | 95bce5879c6e067deae17d6251f15dda3b930af49d54c19bfb742cb2c06cd8f03cef81b6a403ddeffd7fbca6c5539b85e5f1805d9e673cc47dd9951e89bb57f2 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\data\configs\OverClocking.json
| MD5 | c84c8de82a29c5ba589c10dc63180d28 |
| SHA1 | 24f57e28fbb9cdbc3b88f049aa7a08f6ad425dfd |
| SHA256 | 5cf578ceeb96b03fb5970440a1dcb6d81e71ea71819d3834fd0d6c4246491f00 |
| SHA512 | b5a80e81e3683b5667730ad226acdae1d7309f0b58b9c2f0f32f0bcbd0f65a13feba3efe20df20358f8dedd621d76d536c06ba403a38b08e1df14942723badfd |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\FrameViewSDK\SDK\Private_Release\FvSDK_x86.pdb
| MD5 | 0cffdbd3724e7f8602d1dcb4453acf6c |
| SHA1 | 1b6d2d0fd50007de6a38fae060e7d7372209a3c1 |
| SHA256 | b1e13d492bf614d253dcb9bddc15fe24f1e441b5bf05e1a6f366f0024dd49bcb |
| SHA512 | 69e68c367822f3ba9b150a7b1bd59ec9c5e85bd0e350916ba65b5155b1f6232fa5d732e2ad0e62bbd1e72aa33453c1501c6cb233074c83de25e80455f24be7f0 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\FrameViewSDK\SDK\Private_Release\FvSDK_x64.pdb
| MD5 | 3a3983769932ab1f67a878e78a9d163b |
| SHA1 | 843d10d56dbf5447a2267cfde2e073f7200964aa |
| SHA256 | efee05283211637c81ec18b060a2f7c65147bffcbcc0a819831e9b5abc01ac4a |
| SHA512 | 122808c20b823b9c4bdb1f8e91dd6da83a7461f59a93499bc7f69466b62d7e8ef6f7047443b9749798915511a656742f16706922df034350483e0e646adc47e1 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\FrameViewSDK\SDK\Private_Debug\FvSDK_x86.pdb
| MD5 | a49a0fc4671c4da86a25a6ab23e49f6e |
| SHA1 | 2876da1ef800b834c793c88a07cde1840d344767 |
| SHA256 | 255f531439ae0826a1a5aadea1cc5f1c09fd4d79d098815ff7e276531c535f8f |
| SHA512 | 217808a9c5aac0f08303250aa59cfe801933fba97ac58e8dc4185dd866ab6f1c9a570a34549ed8fa33f1711fb937281a76b711f452564576c4f43ad640462a05 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\FrameViewSDK\SDK\Private_Debug\FvSDK_x64.pdb
| MD5 | 207cf3c7b9cc61d67a3d87fe27067cc0 |
| SHA1 | aeae841e0d4f1d5b7a980812828fc186c564607c |
| SHA256 | a391ce11ee2667e701014212f9b02a69e5ad4bed50c4b184164e5aeb64b8dcf8 |
| SHA512 | 4da274709cfa98932764968780b28708243a5d404ef57125a54fc1b231733ab2fd7cbf96d560dbc42a0aaa7af0bb777cc72b401a92550dca8ba33867f5a424da |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\FrameViewSDK\SDK\Private_Debug\FvSDK.h
| MD5 | 9c940cd0757452c460d0aeb3c2ec4565 |
| SHA1 | e8d5f1fad7c885b57230ed0add3f419328a0a807 |
| SHA256 | c10f10e64cad3d94cd771c0e4654664a1bd7fbf0bf7fc44a94e1e548fba8589d |
| SHA512 | 9d0a1277c10f1694f5f4d4ec2e961c35fa92aacc681b7e0e2cdc6c991af58fd9d2f14eb564d43414c523c1ef233b37d86b97ff15b5f52f7d3f0fc35cbc5683d5 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\PrivacyPolicy\PrivacyPolicy_pt-BR.htm
| MD5 | 3e7b3e08433904539b279bb4dabb155a |
| SHA1 | ac85c924dc03881895a7874f5f374705c9c15495 |
| SHA256 | b1b5e429046a19988fcd84296ef6cb92bcb8f1d1e09193a51a9a2bfa133c8e6b |
| SHA512 | cca771c8a2957ee802a2c7d6b8a93b9a28a0e7aceff2e34e50a9287e1f8f0a79d24f79bb48a458e6f6772c6132645eedc08582191fa5855df0480c9fe6d0ee8f |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\osc\wm_on.svg
| MD5 | 6651caef9950b720310186155508c746 |
| SHA1 | 3db8b9214d51e04e4b2877f4d9a93ef43378c791 |
| SHA256 | d1f1de2bc50f3b16c32cc385dcb7704ee773d01c146c96ce104b3935be6ec0ca |
| SHA512 | bf5941a4333427d60f4240b6213c8cb309e948419759cfd607ac2756f589d13411962122eac4d134d89946898072c19661275d92c4c3818094c641c38b80e600 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\osc\wm_off.svg
| MD5 | d519afb343fe93a00a7988744e66f3cf |
| SHA1 | cf423cec31c952a5b316bb5f59a4fee4953cf92a |
| SHA256 | 6e9005614ba9f7913550e56166eab66bbcd192521ac64cfcb53efa29b6f6994d |
| SHA512 | df198d85a2a52ed554d28e9bd254396f1cf19cf341aee68be6bc43bc049f1298f47b96698e28bc7a48d487ac79218deb28e33c15eee15fc70c1c8f02838965d6 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\www\l10n\gfn\en-GB.json
| MD5 | 1b58466d8277a8995919792cf1aeae0a |
| SHA1 | 20878c202fcf1fd8521a28185364bcef5416dbc7 |
| SHA256 | 4761d8beeec64836e9228839e4733b75e5b81b5f8317f3c0ec878888def24dc3 |
| SHA512 | d2ad29517606ce0019acd02d038f879fc4c889e12e28140f61ac480e81a0c08e545736ca7e30ec2cbdbd8bf1d58dfea529e588dc423243e0062cdb560f912761 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\www\l10n\gallery\en-GB.json
| MD5 | 052a01624414c50764a073250c229aaf |
| SHA1 | cb688e592361cec76b153feb21752e424365a7f1 |
| SHA256 | b27d4812afafe6486744541e9507cd2a7b5fa2e555f0ae0c182f9a55acf9ce9e |
| SHA512 | 934f270a97cc80da912a0405b11c548a66039f3d71cca25dfec826252f9319cdf30c6135177a8c4ea95dfecc886f3c41969f402b9880dce31a4a87f99ddc2f29 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\www\l10n\friends\en-GB.json
| MD5 | 6aeaf4074175998af56ab41703887ddf |
| SHA1 | d75bd9419f54bdc2848bbcf13b2c9988fbb23538 |
| SHA256 | 384da424c001beaf39e830f3a32ac1c2679dcd7180af699a7b4eab8d50256324 |
| SHA512 | 37c7006107a00fd23160142bb4e91c576a3b12df652ed2904a26634a976de20c54b1953edf8cb65cedf8b6807c28d647ff34a4ba4a3394569301ae3b6c6d4594 |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience\www\l10n\settings\en-GB.json
| MD5 | a6f257aa67c1f69e78d6c3cfea1eb7f1 |
| SHA1 | b1de507f66d00698060b4dd7f90a2f3ae61eff13 |
| SHA256 | 2671bf7cfe5c8ad730a0d5802c3df59c3686044b21257e627ef92c0bdb56888d |
| SHA512 | 54854b42e14f51b56e87dafbba0bb7ddacb1f90f54ae7e083967f84492820c4cf461be3096ee4acf1757c91bf35809474924e3a69450a57a88160c55edef4bbb |
C:\Users\Admin\AppData\Local\Temp\NVIDIA\GFE\GFExperience.NvStreamSrv\amd64\server\steam_appid.txt
| MD5 | 9dc952af111a394709621878f61ee0e4 |
| SHA1 | 51208326f336f2f385854b155cacfa7db382e3f6 |
| SHA256 | bb663ac530c6c35408549e04bdde97dd02e1b992dfcfb8931b8f0fab093eb01a |
| SHA512 | cef375f95fdd20464ed4d1ab37afedd6f3b5fa237e0758114328975ea0d02e3a73132741e46c680e226e12e7e7fb774fec5bf0eceab36948e7595a63346aefe1 |