hxxps://drive[.]google[.]com/drive/folders/1AMYiBcKM44SMngrOLIazvvlxJiZe5npf

Analysis

max time kernel
642s
max time network
642s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-01-2025 06:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1AMYiBcKM44SMngrOLIazvvlxJiZe5npf

Score

10^/10

defense_evasion discovery spyware stealer trojan

Malware Config

Signatures

UAC bypass 3 TTPs 2 IoCs

defense_evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLua = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

Modifies boot configuration data using bcdedit 3 IoCs

pid	Process
6136	bcdedit.exe
5372	bcdedit.exe
5876	bcdedit.exe

Downloads MZ/PE file 1 IoCs

flow	pid	Process
128	4088	msedge.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	NVIDIA_app_v11.0.1.189.exe

Executes dropped EXE 3 IoCs

pid	Process
5860	NVIDIA_app_v11.0.1.189.exe
5896	NVIDIA_app_v11.0.1.189.exe
5460	setup.exe

Loads dropped DLL 9 IoCs

pid	Process
5460	setup.exe
5460	setup.exe
5460	setup.exe
5460	setup.exe
5460	setup.exe
5460	setup.exe
5460	setup.exe
5460	setup.exe
5580	RunDll32.EXE

Modifies file permissions 1 TTPs 4 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1752	takeown.exe
5456	takeown.exe
5568	takeown.exe
4640	takeown.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Unexpected DNS network traffic destination 6 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	flow	ioc	pid	Process
Destination IP	359	208.67.220.220	4088	msedge.exe
Destination IP	360	199.85.126.10	4088	msedge.exe
Destination IP	361	199.85.127.10	4088	msedge.exe
Destination IP	362	77.88.8.8	4088	msedge.exe
Destination IP	363	77.88.8.1	4088	msedge.exe
Destination IP	358	208.67.222.222	4088	msedge.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
10	drive.google.com
328	drive.google.com
377	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\json2.js	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\min_focus.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0419.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\040d.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\041d.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\uninstall_btn_enabled.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\041e.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\restartnow_btn_pressed.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\NVIDIASans_LtIt.ttf	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\NvApp\EULA.txt	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0409.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0816.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\NVIDIASans_Lt.ttf	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0408.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0422.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0412.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\041f.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\040c.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0804.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\restartlater_btn_enabled.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\040d.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0424.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0816.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\gfe-migration_bg.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0411.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0408.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\primary_btn_hover.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\NVIDIASans_MdIt.ttf	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0412.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0401.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0404.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\040c.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\alert-circle.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\Green_btn_Enabled.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0000.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0407.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0414.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0416.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\secondary_btn_hover.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{C6DA6E07-EFE2-4ECB-B6D3-7BE36F9FD5B0}\NVPrxy32.dll	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\DynamicBillboardPresentations.cfg	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0414.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\041e.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\080a.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\restartnow_btn_hover.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\NVIDIASans_Md.ttf	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\NVIDIASans_Rg.ttf	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\primary_btn_pressed.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\restartlater_btn_focused.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\uninstall_btn_hover.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\Main_BG.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\close.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\Installer_ELA_Splash_bg2a.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\uninstall_btn_focused.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\NVIDIASans_It.ttf	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\DynamicBillboardPresentations.htm	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0804.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\040b.ui.strings	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\Green_btn_Focus.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\restartnow_btn_focused.png	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\NvApp\PrivacyPolicy\PrivacyPolicy_en-US.htm	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0404.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0415.ui.forms	setup.exe
File created	C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\041b.ui.forms	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NVIDIA_app_v11.0.1.189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NVIDIA_app_v11.0.1.189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RunDll32.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1 DnsJumper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ipconfig.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ipconfig.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
5512	cmd.exe

Checks SCSI registry key(s) 3 TTPs 9 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	setup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	setup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	setup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	setup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Gathers network information 2 TTPs 3 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
4956	ipconfig.exe
5872	ipconfig.exe
6000	ipconfig.exe

Modifies registry class 13 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\.ARN\ = "Autoruns.Logfile.1"	1 Uncheck any unwanted startup app.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Autoruns.Logfile.1\DefaultIcon	1 Uncheck any unwanted startup app.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Autoruns.Logfile.1\DefaultIcon\ = "\"C:\\Users\\Admin\\Downloads\\FPS Boost Pack-20250126T062646Z-001\\FPS Boost Pack\\0 Start\\1 Uncheck any unwanted startup app.exe\",0"	1 Uncheck any unwanted startup app.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DesktopBackground\Shell\UWTSettings	Ultimate Windows Tweaker 4.8.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DesktopBackground\Shell\UWTSettings\Shell	Ultimate Windows Tweaker 4.8.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\.ARN	1 Uncheck any unwanted startup app.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Autoruns.Logfile.1	1 Uncheck any unwanted startup app.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Autoruns.Logfile.1\ = "Autoruns Log File"	1 Uncheck any unwanted startup app.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Autoruns.Logfile.1\shell\open\command	1 Uncheck any unwanted startup app.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Autoruns.Logfile.1\shell	1 Uncheck any unwanted startup app.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Autoruns.Logfile.1\shell\open	1 Uncheck any unwanted startup app.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Autoruns.Logfile.1\shell\open\command\ = "\"C:\\Users\\Admin\\Downloads\\FPS Boost Pack-20250126T062646Z-001\\FPS Boost Pack\\0 Start\\1 Uncheck any unwanted startup app.exe\" \"%1\""	1 Uncheck any unwanted startup app.exe

Modifies system certificate store 2 TTPs 3 IoCs

defense_evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	setup.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 29666.crdownload:SmartScreen	msedge.exe

Runs .reg file with regedit 4 IoCs

pid	Process
3268	regedit.exe
3712	regedit.exe
116	regedit.exe
2268	regedit.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 45 IoCs

pid	Process
4088	msedge.exe
4088	msedge.exe
3864	msedge.exe
3864	msedge.exe
4812	identity_helper.exe
4812	identity_helper.exe
5716	msedge.exe
5716	msedge.exe
1544	msedge.exe
1544	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
2016	msedge.exe
2016	msedge.exe
5196	1 Uncheck any unwanted startup app.exe
5196	1 Uncheck any unwanted startup app.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
836	taskmgr.exe
836	taskmgr.exe
836	taskmgr.exe
836	taskmgr.exe
836	taskmgr.exe
836	taskmgr.exe
836	taskmgr.exe
836	taskmgr.exe
836	taskmgr.exe
836	taskmgr.exe
836	taskmgr.exe
836	taskmgr.exe
836	taskmgr.exe
836	taskmgr.exe
836	taskmgr.exe
836	taskmgr.exe
836	taskmgr.exe
836	taskmgr.exe
836	taskmgr.exe
836	taskmgr.exe
836	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
5196	1 Uncheck any unwanted startup app.exe
4900	1 DnsJumper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: SeDebugPrivilege	5460	setup.exe
Token: SeDebugPrivilege	5460	setup.exe
Token: SeDebugPrivilege	5580	RunDll32.EXE
Token: SeDebugPrivilege	5196	1 Uncheck any unwanted startup app.exe
Token: SeImpersonatePrivilege	5196	1 Uncheck any unwanted startup app.exe
Token: SeSecurityPrivilege	5196	1 Uncheck any unwanted startup app.exe
Token: SeDebugPrivilege	5196	1 Uncheck any unwanted startup app.exe
Token: SeBackupPrivilege	5196	1 Uncheck any unwanted startup app.exe
Token: SeRestorePrivilege	5196	1 Uncheck any unwanted startup app.exe
Token: 33	3676	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3676	AUDIODG.EXE
Token: SeDebugPrivilege	836	taskmgr.exe
Token: SeSystemProfilePrivilege	836	taskmgr.exe
Token: SeCreateGlobalPrivilege	836	taskmgr.exe
Token: 33	836	taskmgr.exe
Token: SeIncBasePriorityPrivilege	836	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe
4900	1 DnsJumper.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
5860	NVIDIA_app_v11.0.1.189.exe
5896	NVIDIA_app_v11.0.1.189.exe
5460	setup.exe
4900	1 DnsJumper.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3864 wrote to memory of 2792	3864	msedge.exe	84
PID 3864 wrote to memory of 2792	3864	msedge.exe	84
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 5040	3864	msedge.exe	85
PID 3864 wrote to memory of 4088	3864	msedge.exe	86
PID 3864 wrote to memory of 4088	3864	msedge.exe	86
PID 3864 wrote to memory of 4520	3864	msedge.exe	87
PID 3864 wrote to memory of 4520	3864	msedge.exe	87
PID 3864 wrote to memory of 4520	3864	msedge.exe	87
PID 3864 wrote to memory of 4520	3864	msedge.exe	87
PID 3864 wrote to memory of 4520	3864	msedge.exe	87
PID 3864 wrote to memory of 4520	3864	msedge.exe	87
PID 3864 wrote to memory of 4520	3864	msedge.exe	87
PID 3864 wrote to memory of 4520	3864	msedge.exe	87
PID 3864 wrote to memory of 4520	3864	msedge.exe	87
PID 3864 wrote to memory of 4520	3864	msedge.exe	87
PID 3864 wrote to memory of 4520	3864	msedge.exe	87
PID 3864 wrote to memory of 4520	3864	msedge.exe	87
PID 3864 wrote to memory of 4520	3864	msedge.exe	87
PID 3864 wrote to memory of 4520	3864	msedge.exe	87
PID 3864 wrote to memory of 4520	3864	msedge.exe	87
PID 3864 wrote to memory of 4520	3864	msedge.exe	87
PID 3864 wrote to memory of 4520	3864	msedge.exe	87
PID 3864 wrote to memory of 4520	3864	msedge.exe	87
PID 3864 wrote to memory of 4520	3864	msedge.exe	87
PID 3864 wrote to memory of 4520	3864	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1AMYiBcKM44SMngrOLIazvvlxJiZe5npf
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfcbe46f8,0x7ffcfcbe4708,0x7ffcfcbe4718
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Unexpected DNS network traffic destination
  - Suspicious behavior: EnumeratesProcesses
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2752 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2940 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2308 /prefetch:1
  2⤵
  PID:604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6408 /prefetch:8
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6156 /prefetch:8
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5716
- C:\Users\Admin\Downloads\NVIDIA_app_v11.0.1.189.exe
  "C:\Users\Admin\Downloads\NVIDIA_app_v11.0.1.189.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5860
- - C:\NVIDIA\NVAPP2\setup.exe
    "C:\NVIDIA\NVAPP2\setup.exe" -log:"C:\ProgramData\\NVIDIA Corporation\\NVIDIA app\\Installer\\Logs" -loglevel:6
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Checks SCSI registry key(s)
    - Modifies system certificate store
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:5460
  - - C:\Windows\SysWOW64\RunDll32.EXE
      C:\Windows\SysWOW64\RunDll32.EXE C:\Users\Admin\AppData\Local\Temp\NVI2_29.DLL,DeferredDelete {2813A621-D084-4F79-BA24-CA9F008CF0AD} 5460 C:\NVIDIA\NVAPP2\setup.exe
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of AdjustPrivilegeToken
      PID:5580
- C:\Users\Admin\Downloads\NVIDIA_app_v11.0.1.189.exe
  "C:\Users\Admin\Downloads\NVIDIA_app_v11.0.1.189.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6428 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,18441851362225777892,13132195455699604570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:984

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4684

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\KeyboardDelay.cmd" "
1⤵
PID:5188
- C:\Windows\system32\net.exe
  NET SESSION
  2⤵
  PID:2456
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 SESSION
    3⤵
    PID:5300
- C:\Windows\system32\reg.exe
  reg import C:\Users\Admin\AppData\Local\Temp\KeyboardSettings.reg
  2⤵
  PID:5928

C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\Windows10Debloater-master\Windows10Debloater.ps1"
1⤵
PID:5152

C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\0 Start\1 Uncheck any unwanted startup app.exe
"C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\0 Start\1 Uncheck any unwanted startup app.exe"
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:5196

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\BcdEdit Tweaks\Latency BCD Tweaks.bat" "
1⤵
PID:6116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c findstr /b ::: "C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\BcdEdit Tweaks\Latency BCD Tweaks.bat"
  2⤵
  PID:5264
- - C:\Windows\system32\findstr.exe
    findstr /b ::: "C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\BcdEdit Tweaks\Latency BCD Tweaks.bat"
    3⤵
    PID:2956

C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\Network\1 DnsJumper.exe
"C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\Network\1 DnsJumper.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4900
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig.exe /flushdns
  2⤵
  - System Location Discovery: System Language Discovery
  - Gathers network information
  PID:4956
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig.exe /flushdns
  2⤵
  - System Location Discovery: System Language Discovery
  - Gathers network information
  PID:5872

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x49c 0x474
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3676

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\Windows Settings\Windows Settings.bat" "
1⤵
PID:2016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c findstr /b ::: "C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\Windows Settings\Windows Settings.bat"
  2⤵
  PID:4460
- - C:\Windows\system32\findstr.exe
    findstr /b ::: "C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\Windows Settings\Windows Settings.bat"
    3⤵
    PID:5492
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync" /v "SyncPolicy" /t REG_DWORD /d "5" /f
  2⤵
  PID:4332
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Personalization" /v "Enabled" /t REG_DWORD /d "0" /f
  2⤵
  PID:1620
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\BrowserSettings" /v "Enabled" /t REG_DWORD /d "0" /f
  2⤵
  PID:3448
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Credentials" /v "Enabled" /t REG_DWORD /d "0" /f
  2⤵
  PID:3680
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Accessibility" /v "Enabled" /t REG_DWORD /d "0" /f
  2⤵
  PID:5600
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Windows" /v "Enabled" /t REG_DWORD /d "0" /f
  2⤵
  PID:1736
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "EnableTransparency" /t REG_DWORD /d "0" /f
  2⤵
  PID:2612
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\ApplicationManagement\AllowGameDVR" /v "value" /t REG_DWORD /d "0" /f
  2⤵
  PID:2668
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /v "AllowGameDVR" /t REG_DWORD /d "0" /f
  2⤵
  PID:5984
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\System\GameConfigStore" /v "GameDVR_Enabled" /t REG_DWORD /d "0" /f
  2⤵
  PID:4408
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\System\GameConfigStore" /v "GameDVR_FSEBehaviorMode" /t REG_DWORD /d "2" /f
  2⤵
  PID:1404
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\System\GameConfigStore" /v "GameDVR_HonorUserFSEBehaviorMode" /t REG_DWORD /d "0" /f
  2⤵
  PID:4148
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\System\GameConfigStore" /v "GameDVR_DXGIHonorFSEWindowsCompatible" /t REG_DWORD /d "1" /f
  2⤵
  PID:5648
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\System\GameConfigStore" /v "GameDVR_EFSEFeatureFlags" /t REG_DWORD /d "0" /f
  2⤵
  PID:3904
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\GameDVR" /v "AppCaptureEnabled" /t REG_DWORD /d "0" /f
  2⤵
  PID:1852
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\XblGameSave" /v "Start" /t REG_DWORD /d "4" /f
  2⤵
  PID:236
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\XboxNetApiSvc" /v "Start" /t REG_DWORD /d "4" /f
  2⤵
  PID:5276
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\XboxGipSvc" /v "Start" /t REG_DWORD /d "4" /f
  2⤵
  PID:2548
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\XblAuthManager" /v "Start" /t REG_DWORD /d "4" /f
  2⤵
  PID:3268
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" /v "HwSchMode" /t REG_DWORD /d "2" /f
  2⤵
  PID:5468
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\SOFTWARE\Microsoft\DirectX\UserGpuPreferences" /v "DirectXUserGlobalSettings" /t REG_SZ /d "VRROptimizeEnable=0;" /f
  2⤵
  PID:5732
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\Control Panel\Accessibility\MouseKeys" /v "Flags" /t REG_SZ /d "0" /f
  2⤵
  PID:3632
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d "0" /f
  2⤵
  PID:632
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\Control Panel\Accessibility\Keyboard Response" /v "Flags" /t REG_SZ /d "0" /f
  2⤵
  PID:1696
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\Control Panel\Accessibility\ToggleKeys" /v "Flags" /t REG_SZ /d "0" /f
  2⤵
  PID:4532
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" /v "Enabled" /t REG_DWORD /d "0" /f
  2⤵
  PID:3408
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\Control Panel\International\User Profile" /v "HttpAcceptLanguageOptOut" /t REG_DWORD /d "1" /f
  2⤵
  PID:224
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Start_TrackProgs" /t REG_DWORD /d "0" /f
  2⤵
  PID:4140

C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\Windows Optimizations\Ultimate Windows Tweaker 4.8.exe
"C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\Windows Optimizations\Ultimate Windows Tweaker 4.8.exe"
1⤵
- Modifies registry class
PID:1740

C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\Windows Optimizations\Ultimate Windows Tweaker 4.8.exe
"C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\Windows Optimizations\Ultimate Windows Tweaker 4.8.exe"
1⤵
PID:1372

C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\Windows Optimizations\Ultimate Windows Tweaker 4.8.exe
"C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\Windows Optimizations\Ultimate Windows Tweaker 4.8.exe"
1⤵
PID:5888

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\Registry Tweaks\1 ABDO registry tweaks\85+ Registry Tweaks.bat" "
1⤵
PID:5520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c findstr /b ::: "C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\Registry Tweaks\1 ABDO registry tweaks\85+ Registry Tweaks.bat"
  2⤵
  PID:1164
- - C:\Windows\system32\findstr.exe
    findstr /b ::: "C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\Registry Tweaks\1 ABDO registry tweaks\85+ Registry Tweaks.bat"
    3⤵
    PID:3540
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\PriorityControl" /v "ConvertibleSlateMode" /t REG_DWORD /d "0" /f
  2⤵
  PID:1156
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\PriorityControl" /v "Win32PrioritySeparation" /t REG_DWORD /d "56" /f
  2⤵
  PID:4628
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\usbxhci\Parameters" /v "ThreadPriority" /t REG_DWORD /d "31" /f
  2⤵
  PID:5832
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\USBHUB3\Parameters" /v "ThreadPriority" /t REG_DWORD /d "31" /f
  2⤵
  PID:1576
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm\Parameters" /v "ThreadPriority" /t REG_DWORD /d "31" /f
  2⤵
  PID:1780
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\NDIS\Parameters" /v "ThreadPriority" /t REG_DWORD /d "31" /f
  2⤵
  PID:5192
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider" /v "LocalPriority" /t REG_DWORD /d "4" /f
  2⤵
  PID:2312
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider" /v "HostsPriority" /t REG_DWORD /d "5" /f
  2⤵
  PID:324
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider" /v "DnsPriority" /t REG_DWORD /d "6" /f
  2⤵
  PID:5988
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider" /v "NetbtPriority" /t REG_DWORD /d "7" /f
  2⤵
  PID:5712
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /v "CoalescingTimerInterval" /t REG_DWORD /d "0" /f
  2⤵
  PID:2404
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\75b0ae3f-bce0-45a7-8c89-c9611c25e100" /v "Attributes" /t REG_DWORD /d "2" /f
  2⤵
  PID:5092
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\75b0ae3f-bce0-45a7-8c89-c9611c25e100" /v "Affinity" /t REG_DWORD /d "0" /f
  2⤵
  PID:4884
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\75b0ae3f-bce0-45a7-8c89-c9611c25e100" /v "Background Only" /t REG_SZ /d "False" /f
  2⤵
  PID:3116
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\75b0ae3f-bce0-45a7-8c89-c9611c25e100" /v "Clock Rate" /t REG_DWORD /d "10000" /f
  2⤵
  PID:5728
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\75b0ae3f-bce0-45a7-8c89-c9611c25e100" /v "GPU Priority" /t REG_DWORD /d "8" /f
  2⤵
  PID:2360
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\75b0ae3f-bce0-45a7-8c89-c9611c25e100" /v "Priority" /t REG_DWORD /d "6" /f
  2⤵
  PID:6056
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\75b0ae3f-bce0-45a7-8c89-c9611c25e100" /v "Scheduling Category" /t REG_SZ /d "High" /f
  2⤵
  PID:5208
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\75b0ae3f-bce0-45a7-8c89-c9611c25e100" /v "SFIO Priority" /t REG_SZ /d "High" /f
  2⤵
  PID:5476
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\75b0ae3f-bce0-45a7-8c89-c9611c25e100" /v "BackgroundPriority" /t REG_DWORD /d "0" /f
  2⤵
  PID:944
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\75b0ae3f-bce0-45a7-8c89-c9611c25e100" /v "Latency Sensitive" /t REG_SZ /d "True" /f
  2⤵
  PID:216
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\Control Panel\Desktop" /v "AutoEndTasks" /t REG_SZ /d "1" /f
  2⤵
  PID:5420
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\Control Panel\Desktop" /v "HungAppTimeout" /t REG_SZ /d "1000" /f
  2⤵
  PID:5916
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\Control Panel\Desktop" /v "WaitToKillAppTimeout" /t REG_SZ /d "2000" /f
  2⤵
  PID:3344
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\Control Panel\Desktop" /v "LowLevelHooksTimeout" /t REG_SZ /d "1000" /f
  2⤵
  PID:5972
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\Control Panel\Desktop" /v "MenuShowDelay" /t REG_SZ /d "0" /f
  2⤵
  PID:1472
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control" /v "WaitToKillServiceTimeout" /t REG_SZ /d "2000" /f
  2⤵
  PID:4948
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Maintenance" /v "MaintenanceDisabled" /t REG_DWORD /d "1" /f
  2⤵
  PID:3292
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d "0" /f
  2⤵
  PID:5036
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters" /v "EnablePrefetcher" /t REG_DWORD /d "3" /f
  2⤵
  PID:4332
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters" /v "EnableSuperfetch" /t REG_DWORD /d "0" /f
  2⤵
  PID:2576
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "ClearPageFileAtShutdown" /t REG_DWORD /d "0" /f
  2⤵
  PID:864
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "DisablePagingExecutive" /t REG_DWORD /d "1" /f
  2⤵
  PID:3712
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "LargeSystemCache" /t REG_DWORD /d "0" /f
  2⤵
  PID:5632
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "NonPagedPoolQuota" /t REG_DWORD /d "0" /f
  2⤵
  PID:5836
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "NonPagedPoolSize" /t REG_DWORD /d "0" /f
  2⤵
  PID:1736
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "PagedPoolQuota" /t REG_DWORD /d "0" /f
  2⤵
  PID:4772
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "PagedPoolSize" /t REG_DWORD /d "192" /f
  2⤵
  PID:2780
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "SecondLevelDataCache" /t REG_DWORD /d "1024" /f
  2⤵
  PID:5168
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "SessionPoolSize" /t REG_DWORD /d "192" /f
  2⤵
  PID:3144
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "SessionViewSize" /t REG_DWORD /d "192" /f
  2⤵
  PID:5328
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "SystemPages" /t REG_DWORD /d "4294967295" /f
  2⤵
  PID:4744
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "PhysicalAddressExtension" /t REG_DWORD /d "1" /f
  2⤵
  PID:5136
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "FeatureSettings" /t REG_DWORD /d "1" /f
  2⤵
  PID:1624
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "FeatureSettingsOverride" /t REG_DWORD /d "3" /f
  2⤵
  PID:348
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "FeatureSettingsOverrideMask" /t REG_DWORD /d "3" /f
  2⤵
  PID:6044
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "IoPageLockLimit" /t REG_DWORD /d "16710656" /f
  2⤵
  PID:1808
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "PoolUsageMaximum" /t REG_DWORD /d "96" /f
  2⤵
  PID:4720
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "Start" /t REG_DWORD /d "4" /f
  2⤵
  PID:4320
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\XboxNetApiSvc" /v "Start" /t REG_DWORD /d "4" /f
  2⤵
  PID:4416
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\XboxGipSvc" /v "Start" /t REG_DWORD /d "4" /f
  2⤵
  PID:5252
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\XblAuthManager" /v "Start" /t REG_DWORD /d "4" /f
  2⤵
  PID:5264
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching" /v "SearchOrderConfig" /t REG_DWORD /d "0" /f
  2⤵
  PID:4468
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLua" /t REG_DWORD /d "0" /f
  2⤵
  - UAC bypass
  PID:1632
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\ApplicationManagement\AllowGameDVR" /v "value" /t REG_SZ /d "00000000" /f
  2⤵
  PID:3856
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\ApplicationManagement\AllowSharedUserAppData" /v "value" /t REG_DWORD /d "0" /f
  2⤵
  PID:3024
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\ApplicationManagement\AllowStore" /v "value" /t REG_DWORD /d "0" /f
  2⤵
  PID:1732
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Maintenance" /v "MaintenanceDisabled" /t REG_DWORD /d "1" /f
  2⤵
  PID:3512
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces" /v "DisableTaskOffload" /t REG_DWORD /d "1" /f
  2⤵
  PID:6052
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "FeatureSettingsOverride" /t REG_DWORD /d "3" /f
  2⤵
  PID:4348
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "FeatureSettingsOverrideMask" /t REG_DWORD /d "3" /f
  2⤵
  PID:4924
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\Spooler" /v "Start" /t REG_DWORD /d "4" /f
  2⤵
  PID:3532
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\PrintNotify" /v "Start" /t REG_DWORD /d "4" /f
  2⤵
  PID:4464
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\MapsBroker" /v "Start" /t REG_DWORD /d "4" /f
  2⤵
  PID:1800
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerThrottling" /v "PowerThrottlingOff" /t REG_DWORD /d "1" /f
  2⤵
  PID:5080
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\GpuEnergyDrv" /v "Start" /t REG_DWORD /d "4" /f
  2⤵
  PID:5408
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d "0" /f
  2⤵
  - UAC bypass
  PID:4324
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Scheduler" /v "EnablePreemption" /t REG_DWORD /d "0" /f
  2⤵
  PID:5496
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" /v "GlobalUserDisabled" /t REG_DWORD /d "1" /f
  2⤵
  PID:4496
- C:\Windows\system32\reg.exe
  Reg.exe add "HKCU\Software\Microsoft\Windows\CurrentVersion\Search" /v "BackgroundAppGlobalToggle" /t REG_DWORD /d "0" /f
  2⤵
  PID:5724
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters" /v "autodisconnect" /t REG_DWORD /d "4294967295" /f
  2⤵
  PID:868
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters" /v "Size" /t REG_DWORD /d "3" /f
  2⤵
  PID:1616
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters" /v "EnableOplocks" /t REG_DWORD /d "0" /f
  2⤵
  PID:6036
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters" /v "IRPStackSize" /t REG_DWORD /d "32" /f
  2⤵
  PID:2844
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters" /v "SharingViolationDelay" /t REG_DWORD /d "0" /f
  2⤵
  PID:5448
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters" /v "SharingViolationRetries" /t REG_DWORD /d "0" /f
  2⤵
  PID:4548
- C:\Windows\system32\reg.exe
  Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Maintenance" /v "MaintenanceDisabled" /t REG_DWORD /d "1" /f
  2⤵
  PID:4452

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:836

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\Registry Tweaks\2 Svc Host Split\16GB Ram.reg"
1⤵
- Runs .reg file with regedit
PID:3712

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\Registry Tweaks\Full Screen Optimization.reg"
1⤵
- Runs .reg file with regedit
PID:116

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\Registry Tweaks\Ping Reduction Registry.reg"
1⤵
- Runs .reg file with regedit
PID:2268

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\Registry Tweaks\Wake Up All Cores.reg"
1⤵
- Runs .reg file with regedit
PID:3268

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\Batch Optimizations\Delete Log Files.cmd" "
1⤵
PID:4532

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\Batch Optimizations\Clear DNS Cache (Ping Improve).cmd" "
1⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:5512
- C:\Windows\system32\ipconfig.exe
  ipconfig /flushdns
  2⤵
  - Gathers network information
  PID:6000

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\Batch Optimizations\Delete Temporary Files.cmd" "
1⤵
PID:3288
- C:\Windows\system32\takeown.exe
  takeown /f "C:\Users\Admin\AppData\Local\Temp" /r /d y
  2⤵
  - Modifies file permissions
  PID:1752
- C:\Windows\system32\takeown.exe
  takeown /f "C:\Windows\Temp" /r /d y
  2⤵
  - Modifies file permissions
  PID:5456
- C:\Windows\system32\takeown.exe
  takeown /f "C:\Windows\Temp" /r /d y
  2⤵
  - Modifies file permissions
  PID:5568
- C:\Windows\system32\takeown.exe
  takeown /f C:\Users\Admin\AppData\Local\Temp /r /d y
  2⤵
  - Modifies file permissions
  PID:4640

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\Batch Optimizations\Disable HPET.cmd" "
1⤵
PID:5432
- C:\Windows\system32\bcdedit.exe
  bcdedit /deletevalue useplatformclock
  2⤵
  - Modifies boot configuration data using bcdedit
  PID:6136
- C:\Windows\system32\bcdedit.exe
  bcdedit /set disabledynamictick yes
  2⤵
  - Modifies boot configuration data using bcdedit
  PID:5372
- C:\Windows\system32\bcdedit.exe
  bcdedit /set useplatformtick yes
  2⤵
  - Modifies boot configuration data using bcdedit
  PID:5876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

File and Directory Permissions Modification

T1222

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\NVIDIA\NVAPP2\NVI2\0000.ui.forms

Filesize
60KB

MD5
d2172ad4fe29dbf21ccb1d746bf2d047

SHA1
2b650295b2673138e1af32f2b8c2afcd584fbcb8

SHA256
1b7a7c7df20a5517885d6daaf35421a6cfea429a72eeb2ae4620ab02dacdbd6c

SHA512
607c2ef44ed118a8fc01c872011b14a428f201ac832956717c356de533c29ca095f58c9f0d30cdc5756f8eb7f52aac731f2e1c6a74c6c65a8d0938bf70d70bd8

Download Submit
C:\NVIDIA\NVAPP2\NVI2\0401.ui.forms

Filesize
5KB

MD5
f91660af4ddbf33e65110b452ba7ca28

SHA1
40946793dbb1e4669e57bd1bd89d63a4f3a2deb4

SHA256
295e5891f684083da6f0694889a9da1c09c4976ff1cdf87a6aa9504dfb22e567

SHA512
e617e149c17c4b553a530c223b59b557682aee8f7b5b95c66aa7130d6a296f17c159e1358a53c8ec152efed52028f7955ffe35e3f325f8d7c8801b88cfeaf0ea

Download Submit
C:\NVIDIA\NVAPP2\NVI2\0404.ui.forms

Filesize
6KB

MD5
fe55dacaa28ae3f61b32d683d94fd808

SHA1
54a4c2d16ea946d8a8a8a1aed4850d18a6558577

SHA256
7bbb642ed96b774bf81d6ab909ce2d68581110ce6b27d6cb941d7478784ede22

SHA512
6b1d6c4f1eaf11d6c01660b70caf99b0b458b851ca242b021889eab1729b7449a3e29a724b95d042171e210b2a602ceacc1340a17a0218963f00dcbd338b3d3d

Download Submit
C:\NVIDIA\NVAPP2\NVI2\0405.ui.forms

Filesize
5KB

MD5
593d59ccb49edd3b1cad69c560a8ac65

SHA1
bbfbf0a5aff4465fb37b15c9a6056c5a8bf8c162

SHA256
3f1d4d41c3c486ac58b17ae2641dc46f322847c0797b28f77a217cca9742f389

SHA512
1f668c716373dc8cb09b658cadabfc21be95a5e1b50a94d25efb3c2cd00b2fcb5f817e52f20bb76a4ba370cbf5ae435d53d3429902fd3e344b0789cfb332528e

Download Submit
C:\NVIDIA\NVAPP2\NVI2\0406.ui.forms

Filesize
5KB

MD5
150d499a867742f3186dd71fdadd443d

SHA1
60edffbc43dd9ba4647a91528c28c41e5b60befe

SHA256
e57909fb0269f96256aaf695c0681ccd13571cc6d960268635538eff8eac87da

SHA512
41d79aa1ea26ba14b46f806671f4675caab379fe0b95a836213eaed8b8b7be95a00f78e45e1b3eae90020eb737e6069f277fa5109b3f5235720eb7dec26d7140

Download Submit
C:\NVIDIA\NVAPP2\NVI2\0407.ui.forms

Filesize
6KB

MD5
5861b793c3deedf51c28d8161bed4ef7

SHA1
441359577c163c531d9927f205006af07468af1c

SHA256
0157e8e2a58463c0bc84b961e268c1cd6fccda2b79b3fe49b0aaa82a2945b361

SHA512
a853672380e45e209674224dd0ae9d47d7fa2703076019f204d088ab17b080a65768d02d32b19abcde12679e2c45992af09911d40b031b332181f09530bca614

Download Submit
C:\NVIDIA\NVAPP2\NVI2\0408.ui.forms

Filesize
6KB

MD5
df26795dfc3906c79f16ffec25d8da76

SHA1
fa5a7cf05b2bbc3b26abedf8107bd0277324701f

SHA256
8b2f67857667fd22587641594915b44d9d24cadcde09f8da89b46097b40071f1

SHA512
cf50ea8a02f598fcf01d3b7dfc0dbe2dc209eaa317293b8df7890a14ba29d8011cb77feb6bb6277d60469401fda7969265767bdf1238c0342cb12a974005c32f

Download Submit
C:\NVIDIA\NVAPP2\NVI2\0409.ui.forms

Filesize
5KB

MD5
e1a197cf66152197040325f2ee5eab49

SHA1
7bfcfb544f085b199cc7d7c0679e1534e6930107

SHA256
101bb625e9ee927bd4213dbff5ef02987ff2503fce632ecc137fca9bd20482ea

SHA512
4b7cc2d32ace215d5d4a245bc81d3287e9f3c2968a292e13a023706e59ee0683cddc41ec9b2704932f00532a4c01900d69718dc3755a12126cffb9e532c41bab

Download Submit
C:\NVIDIA\NVAPP2\NVI2\040a.ui.forms

Filesize
5KB

MD5
0be6f0c6e1623442d223af624ef018ab

SHA1
d1359c892a568a0228d2ae59a91e008947b50330

SHA256
f0cab7e541544faa9fed8ec2d9b73a5e3abaf2b189e91a78e2fa2b70faf46cb5

SHA512
7d850832c4fd3d14e93bb84e6ab56f04c2487c54d06f5be2e26c8ba97eb059fe8ee12157dfcfdd7f3329a65794c0e86e869a939fe14a751a8a887304c9dd64a4

Download Submit
C:\NVIDIA\NVAPP2\NVI2\040b.ui.forms

Filesize
5KB

MD5
c50941c08f71899d0ae064c0a98f2573

SHA1
a3f5228dd1ad7cb485e3272943db4fcd1b2f2fc1

SHA256
e7a0116df7de34b4b7899c1f50e3260ffbaf7ed96ef446a38a78e3ac18f3cfb7

SHA512
d7581cbd96304c08d55655c1b4363e2a9d3fc7c19f14e7a3bd3f111376363da8a040267e94ccb3a5281bbb1223db5a416a49c7c8a249d24412dae47dd52a81ad

Download Submit
C:\NVIDIA\NVAPP2\NVI2\040c.ui.forms

Filesize
5KB

MD5
423efd4c7ad25552e18537e3fb83cda8

SHA1
4fc3f7f0d9d12759542c976f4047301974d65e50

SHA256
6c47dda221a46b83faf61f4bca02ca745d08fe0a94b9a06d4e9d5246e7af0ce2

SHA512
a3b4540814f53dea2fd89c2caf8e785110c972d132b07eba62494d78457bd2d8e97c5be0da293bbe7ee6156da79dd84d4a26e098b2405ece9e1765133f6eacbe

Download Submit
C:\NVIDIA\NVAPP2\NVI2\040d.ui.forms

Filesize
5KB

MD5
2f8fd63c6f0288240fe2dd6d4d2e3b97

SHA1
87026b75a2ca709f43761f143f65bd3e2734f7af

SHA256
6d2ba12358e3ffd75a334863147650025eca97b2d2726c2c313eda3b6620a3ca

SHA512
9510a1f1daf82d535adc4d2f0351a5059b3cf4e94e1fc5d93d98807f1b756191667ea0503c99b3ac9f4ca89d01258b706e2ab568d3326a8a33be2bb196114baf

Download Submit
C:\NVIDIA\NVAPP2\NVI2\040e.ui.forms

Filesize
6KB

MD5
986a96129f9308d7d24db5ba57e75c37

SHA1
0788bc2ee389b751afd38954b6f8c4d85d9b80d7

SHA256
9ddc0b698176711e252691dd58a179ee0e169a99dd9a4bd63b93bc27c49b9a75

SHA512
b7aae2d9a76c329ed736e5b1cc903e29cb4cf8861b8309c628f99a94be7094332f05ba955ee8194f93801e2bf4345ac88ad12a2bef9529abce8ab4483697b06a

Download Submit
C:\NVIDIA\NVAPP2\NVI2\0410.ui.forms

Filesize
6KB

MD5
ffb307b68ffe46d4609f8d0c567007e6

SHA1
9d2c6cbd595a76557cf0bfb2b2a0f9e1836704af

SHA256
cabe9a8e9cc0421a1b86ab74dd81aa1f4843dd28cfde7be6ddfc8d26b755de40

SHA512
3e0f389006e47074460de31e1a2d8458adc546644dd41012941cd0e54b493d42fb81fda863d6360731e5143a55be60d1062f98d496329902c14f35162386a166

Download Submit
C:\NVIDIA\NVAPP2\NVI2\0411.ui.forms

Filesize
5KB

MD5
f0c5538da3a2a9bc2fb97b47e54316cb

SHA1
675e79ef336447d05e7bd38ea4f7b29950e0cdc3

SHA256
034fe40e0a4b46f60426509cb2ff972150e77da2dcffe8b8fa22d24a2eaf4eba

SHA512
48501510fa5a7450acea4d64abe509d8fdf1a72a1bca60559025a024ae2e3db9934f596b2aae5fbc1e2e4a7b6d04a8b5194d885851cf44af03725a6a664adae5

Download Submit
C:\NVIDIA\NVAPP2\NVI2\0412.ui.forms

Filesize
5KB

MD5
f99bbfd876a35a5f90355b16b7e2476c

SHA1
bb7cba96124505df7f80c09a68afd661d6a5f5af

SHA256
5a7d4b84da04b98a3e49f2f8069a30e6d39a0c6592aba2e2c7484e57653a5153

SHA512
96a2c7663ecb867c937b18cd66557d1d4af8664ba7140d3f7328154cbedc722a10bd7eef38f3621b60c95191a772d8981bf13f81c3c5ad2779f0c9f81d21415a

Download Submit
C:\NVIDIA\NVAPP2\NVI2\0413.ui.forms

Filesize
6KB

MD5
30848b7992a6ed825d543112bb130568

SHA1
93569d3e5037d23cd03e6f7efabf55a0582e0fa6

SHA256
2c60c2bec06cbfbaa4704749b84291dda81e517246579ce653100aa2e7ae0793

SHA512
48a24f20d2ad03ec44fab1d3666652d0158c035a6c7540e4151e47bb9193dbc6a64e1c69f1d5958c4c4cb0767172c3f57f2f61188168da4e01b3285b2a28ae39

Download Submit
C:\NVIDIA\NVAPP2\NVI2\0414.ui.forms

Filesize
5KB

MD5
fc70a6608f8895984e2e354cd013bf08

SHA1
f1adb4be3014b309c8ba788dcc6cc4cd635133f0

SHA256
909f24f2aaf78275d29b66902a0bfbe0b08a9006c0f4c64630d994ed7ba2ed15

SHA512
7f7d2f76680581d783d3281e8262dc9f2245a29418d51f2870528b1f102a0d4f177c0cda13b6e0879e71f1808c237b6f999a6bd4f90da950628b22f25f73f127

Download Submit
C:\NVIDIA\NVAPP2\NVI2\0415.ui.forms

Filesize
6KB

MD5
bbf5c1ccf7fd81c086f77b09bcc414f6

SHA1
18010b2de547bf914e007cdb7a1dc5315d118438

SHA256
7d64dbef083119bf0a5a8db3d4c1050789dc67a98f4b6f8d1a68cdce1324e272

SHA512
7673bfb6cff023505a2e569288297f30bd156797d2e6f8af10544d4479a5e29244c002136e0c832689de732a566c78880a16e664a184923a7513c9a37c924355

Download Submit
C:\NVIDIA\NVAPP2\NVI2\0416.ui.forms

Filesize
5KB

MD5
7e794407a2b9c03e72c6b932afe3d0a9

SHA1
c6e2b06b198c93d484165f7c2e6298c1e8ad595c

SHA256
869354049867d4ede0a8019dcbd240c5b8606c60366bc878b0837b543822a2f0

SHA512
ad6b56c64ecffbe7248efe420f8c85d0dc26ce04fd76826e44b3b5e931d1476f3559da7abf5515000523ac292e4bcbb79c87e2910a2e6df9df45c7885778ab26

Download Submit
C:\NVIDIA\NVAPP2\NVI2\0419.ui.forms

Filesize
6KB

MD5
bdfb57db28423c601a9f4769ec168428

SHA1
18156c233fd833cfd7b8e40445845b4b9e574a7b

SHA256
e32183eaa66635fd328773235003ed2073d55274939f572e6c9f7b8f4a57a06d

SHA512
b2aea45f2ad6ef78dd3ae758e51542a266113ca105f79f57bce993889006c2e397c99f17f4cd0fb3eb84f98cb4ccb508434e98ca43d0f7d51ee92f754f64d520

Download Submit
C:\NVIDIA\NVAPP2\NVI2\041b.ui.forms

Filesize
5KB

MD5
9e78b7785146f071f2c058618b88492f

SHA1
38c66398d9858402882d3a1bb8412c01f08047b5

SHA256
504387546bf04619502504c17a01199180c3c063b2d789a3e29925c4040ee41e

SHA512
1b9346731b929826b31a528fa74f4564df00a92bba543e245f96cdc2db0e9bd9b0b7795a909d61754a7623bbb363015d9f40cc7d4ac02ab54d49825a94527af2

Download Submit
C:\NVIDIA\NVAPP2\NVI2\041d.ui.forms

Filesize
5KB

MD5
4db179034bc160e4cea63a27a6201184

SHA1
f7612d1204f6f14820cdf504b63d593ef6bc32a5

SHA256
aa1481faadf8da2dd90995bbcbc1e08e57d1638af4b048a625d31db3c2bde1fd

SHA512
53c70d4881ecbfa34164d8610081b661de0e35b4b9ded9ff8cd42ddf1d913441e242cc7752cb084813870e3d1edf0984d8760ff30d90b4c9a0cf52e4b5cbbbdc

Download Submit
C:\NVIDIA\NVAPP2\NVI2\DynamicBillboardPresentations.cfg

Filesize
1KB

MD5
afb01b092306d419dc1fb0affee49319

SHA1
29339afc46baec22001c58a71d3793e74d91b39c

SHA256
ef8f85fa5f18105cb3d5b20bb6f72fda912a74340f4e6dc3302b600a1fb9b3e5

SHA512
1d8f5c604b86be8a1f92e247c05685cac5637d9a9223a23e0b8c1a5a7f8bf1d7adda4cf48cbadde7b77ff1cc856d993cb1fbc047866c0d7fc45b83be093e0028

Download Submit
C:\NVIDIA\NVAPP2\NVI2\DynamicBillboardPresentations.dll

Filesize
1.0MB

MD5
36fb11c08a35fb166a3a3f4a052b4789

SHA1
81c267d90341f833dbdc2bf284904e8680c7529a

SHA256
95ef1624141541547369d6ba6de188efd12fec9eecea7b5862583c36ecdb339b

SHA512
288b3f804f2684dc8b5412885d7f27d046ff9f6ecd74951c52eec9ecd38274a659949a257081f07e2ab0b620f4ac765ac2a7ca0760cc8390422b13cbe110d663

Download Submit
C:\NVIDIA\NVAPP2\NVI2\DynamicBillboardPresentations.htm

Filesize
10KB

MD5
5ca3f9dea84fa4ad9360ab943605d7b9

SHA1
3990d86e8930f8db0fdc4c16d43face59393bf61

SHA256
0af72677221bad8f8b562908c16466ee2344e60bdda10e99402e5c15f6aab75c

SHA512
b298737cc7d5677d6aa73b7348edfc3f821499c30407218399f5c6131f1b05b20a253b1432d38d97f66819d8f8f894ea507d81752fdba07ee0964c8417b3b738

Download Submit
C:\NVIDIA\NVAPP2\NVI2\NVI2.DLL

Filesize
6.5MB

MD5
1df5b6cab9c14d794f1e7087aae35d3e

SHA1
8e176a93f32b3da0559754934cd40b7ae093ab21

SHA256
8dd80723a7c5b1c6058868ecd16082ae5adfeb624417562e3f8a6c5f8dc0f0f5

SHA512
02bc4e166e84dbca6af01e45ed509cc0dd3b5b3edd465eb52e998d25d4bec79a4ea05b39936045022bc555b00b14483a37d14c214b4cb7e5fa9683c167551417

Download Submit
C:\NVIDIA\NVAPP2\NVI2\json2.js

Filesize
34KB

MD5
ed84f6ec7b79980d8f8a58e2d8a442ef

SHA1
7201b0db5f669367bb74a5216ffc81b94b1dabd9

SHA256
f093c177144966b7ced48ce2eaba42d17fb9320ba48da3dfbb77e1f4447bb077

SHA512
869240d8fe3c448c50b91cec32f220e15425c55e4cbe35d879fc58dbc1c1cc8ba2b6fe0340ab3c6a54893fda4feda9923a9f581525fbe24529ca5ff6230f8275

Download Submit
C:\NVIDIA\NVAPP2\NVI2\theme.cfg

Filesize
10KB

MD5
cab70eb2eabdaad88f1fff44725322e8

SHA1
112c76086315414db148a76f5940f6b82f5246be

SHA256
c30f677e75fae1d946718c4b3c828f3e3d38d078ea614b5133ca90c6c49dc35d

SHA512
894153a9ea4ab6231b068cd06e9625ad8cd241a0dc9ee0e276e427fe2f59474e035cf01fc1dcf58c9e5252b9de80b449a4f2a1eda94a2d86385b0199ecbb6ad3

Download Submit
C:\NVIDIA\NVAPP2\NvApp\CEF\config\NvAccount.json

Filesize
87B

MD5
8d488b694933b802eb2e100f11714ac5

SHA1
0744fc44fd796a734dadc7ee385115afd4959f16

SHA256
b5b12e4b06e3f99b9cd8b1b64fca5b6faf2e35293885198785ec5e22ff7871ac

SHA512
413b3467dc84d069094bfcf11fae7df9617025b3c508dd49901ab01851be4e90182949dd3f73ca35b5b8bcfb4a45226044b6c18726b678e0888edbf7c54d5075

Download Submit
C:\NVIDIA\NVAPP2\NvApp\EULA.txt

Filesize
22KB

MD5
28c25b75ea1f4e348ec10e1473a5ab1c

SHA1
3e3ab857b6c3fa33e65bba07fe6c700fe673f542

SHA256
d73b07947feb00c113737d318843357502e0d9663bacbf613e478ae4886bec9c

SHA512
1cda2f44b492d3658093acde3893366170950e8986b3e8450a72fb55554df0dc8065450dc48f6badee6519ab731de656f4ec3469b1b84af3bf2de82e0fb75902

Download Submit
C:\NVIDIA\NVAPP2\NvApp\FunctionalConsent_en-US.txt

Filesize
696B

MD5
ade434bbf1ac0f4f15c0d2d35381edfa

SHA1
8ee9b44699d241d5980351d0214c017f76f16437

SHA256
2c69e1beb82321bce1856a0b30cde640dbf78902f09c82a95174ef6384617b3b

SHA512
c7cdbe12f6f9b0598e1bfb8e9ddd65f1496614a27a93028aedba1fb5300c3169b0f7280840cdd02cefb976d186c681ca93fc6f62cc841b4dd970004a3ba51b0c

Download Submit
C:\NVIDIA\NVAPP2\NvApp\PrivacyPolicy\PrivacyPolicy_en-US.htm

Filesize
164KB

MD5
c5828bae57eceb2b67d4e02baad1b553

SHA1
baf245981722964d2cd560e9e95b5b56e636f490

SHA256
707aa636d174b7d4056baabc134b073d0b792ac1bec447559e3c323afdc68429

SHA512
22ce68b01a7287b0d77ce329c3727c4ec46b8fa3d0805c3e785b5034bdeff2af3c4efeaf1afc3725ff7c952d39fc5c633e4552942003636f6ea47c6dc1d693e8

Download Submit
C:\NVIDIA\NVAPP2\NvApp\PrivacyPolicy\PrivacyPolicy_pt-BR.htm

Filesize
164KB

MD5
3e7b3e08433904539b279bb4dabb155a

SHA1
ac85c924dc03881895a7874f5f374705c9c15495

SHA256
b1b5e429046a19988fcd84296ef6cb92bcb8f1d1e09193a51a9a2bfa133c8e6b

SHA512
cca771c8a2957ee802a2c7d6b8a93b9a28a0e7aceff2e34e50a9287e1f8f0a79d24f79bb48a458e6f6772c6132645eedc08582191fa5855df0480c9fe6d0ee8f

Download Submit
C:\NVIDIA\NVAPP2\NvApp\UpgradeConsent\NvApp_upgrade_text_0409.txt

Filesize
424B

MD5
f07e8b5f4338bfb9002355e3ff90b247

SHA1
7fdf50d016a6f13a6be0dccef5eb449113513c6c

SHA256
d4f66456a3ce96d157b0af454211bd24378916de14d0579b3aad1e912f3eeb92

SHA512
aa4492c3b63a7df6128fcd482795b924887e9b79b56e2e608c56d897e5be59accc85c3cd55978905695dd1a0d9d784726681ee31be24041c768407c631e300b3

Download Submit
C:\NVIDIA\NVAPP2\NvApp\osc\DefaultGameArt-TVBanner.c0134135205b12b0.jpg

Filesize
39KB

MD5
b51faff767cea403ca47a8a31b060f0c

SHA1
a2bcf5d0c8dcbc007d007fc1e9e97a05785318d7

SHA256
2f9b0f5a735a712d2cccf644b5f5fea620d4f00c36701415b175ab40368e09de

SHA512
2fcc13249fa45c43246f8e399a6b9b7d6acb11782bae54de767a950dd327fbf06da759ea74647fc7610fa14da12c76c082d4a6c4a68669db0e1ea3787eca069b

Download Submit
C:\NVIDIA\NVAPP2\NvApp\osc\MaterialIcons-Regular.196fa4a92dd6fa73.ttf

Filesize
125KB

MD5
a37b0c01c0baf1888ca812cc0508f6e2

SHA1
fc05de31234e0090f7ddc28ce1b23af4026cb1da

SHA256
b7f4a3ab562048f28dd1fa691601bc43363a61d0f876d16d8316c52e4f32d696

SHA512
cd8784a162ed428ca5a76e5e877349d50620773e3a3d202d5199fefb5d69a9b87b92c5de9455dc3c373fefb065f06a18f17199a5601887fc1f880d14bd223769

Download Submit
C:\NVIDIA\NVAPP2\NvApp\osc\MaterialIcons-Regular.1e50f5c2ffa6aba4.eot

Filesize
139KB

MD5
e79bfd88537def476913f3ed52f4f4b3

SHA1
26fb8cecb5512223277b4d290a24492a0f09ede1

SHA256
8c998b4a9c0acbb9fe5dd572c206a5a33fdd5ca2b58db87fc3b893beac85068d

SHA512
5022976817b89349a71e0438b573f53dc5b743acc865163102d6d657cc3fbeffdefb91be057116eb67f82215efde2ed5c31ebccc6a9061a713e104a64e0f192e

Download Submit
C:\NVIDIA\NVAPP2\NvApp\osc\MaterialIcons-Regular.7ea2023eeca07427.woff2

Filesize
43KB

MD5
570eb83859dc23dd0eec423a49e147fe

SHA1
09963592e8c953cc7e14e3fb0a5b05d5042e8435

SHA256
a87d66c91b2e7dc5530aef76c03bd6a3d25ea5826110bf4803b561b811cc8726

SHA512
baa17185bedd1f04b138a1de3741b7a6052a02c1d4848d5359ae3ecc80061c54df63374684571bb50b1392af4458f1df7a5df634716fd5fb269ec7f63f3f65d1

Download Submit
C:\NVIDIA\NVAPP2\NvApp\osc\MaterialIcons-Regular.db852539204b1a34.woff

Filesize
56KB

MD5
012cf6a10129e2275d79d6adac7f3b02

SHA1
c6c953c2ccb2ca9abb21db8dbf473b5a435f0082

SHA256
c4a1baec300d09e03a8380b85918267ee80faae8e00c6c56b48e2e74b1d9b38d

SHA512
0ab5e18ee3972fcd599ead183d81cd38d8c559a5e87ca86eebcb6a2cfae2078a27495e3b5824aac6ebddc08f57d594b2cf692813134a1e002b28505eb7c34172

Download Submit
C:\NVIDIA\NVAPP2\NvApp\osc\NVIDIASans_W_Bd.5aafff8b08f9a971.woff2

Filesize
27KB

MD5
3f0bf27b7cb915fa24715ee2bf5f136e

SHA1
94196847705e2be71afc1ffe704cb8e3a5da78ca

SHA256
831ddf9c812c746dcf875070744c55435df2089d75a8e236ad96d161c70b1aba

SHA512
534e9db348361f4573470038aa48e82a5da99749c305ef4debd52dfe8a05b03c45059b44af27f59b5a16d6fcc9f09ebe8c966de2c9346d5531fca1f5c5b4ad1a

Download Submit
C:\NVIDIA\NVAPP2\NvApp\osc\NVIDIASans_W_Md.14ea224b997bf6e0.woff2

Filesize
28KB

MD5
7076cf63098b62ea9cb5589caf581107

SHA1
fd99ab8983d0f61402dd123217bf841b07d0b8cb

SHA256
a90918b3889b1fb0016b598c88fc5fa12766f7b6f36e30fb17376cf7ed654690

SHA512
614b18db85fe53709219bd6f99131ca4ee8b2bc37d84ed11b209e6e7f2811e3ebea45c5d1b929d52b8180938aa9c0bd38e0ee792787f013f65ac7b78ad050ab6

Download Submit
C:\NVIDIA\NVAPP2\NvApp\osc\NVIDIASans_W_Rg.33fb51adcc625f4e.woff2

Filesize
28KB

MD5
6ada063defe18142a62c974db9bffa40

SHA1
b2e13178d7b164aab959547bda65300867d02a5e

SHA256
0aef4914785160f74a122c6168793f8726da725cc6f80947418bacd064f33b98

SHA512
32539925ea58a8a8db226d0a78a599927c764556e984e13c7798afbfb8ad239abb7d0e7788f5a37dec82d8b9c06acbb114efa228c6fafb9d127cba5b4225a94c

Download Submit
C:\NVIDIA\NVAPP2\NvApp\osc\assets\.gitignore

Filesize
6B

MD5
40841a89aaca85ffda7515ce7062f5a8

SHA1
21175415dc6abcd6fb29dd8dcd8a415239c0d6a4

SHA256
52b5648d0a67d77fc9e8b8e6a8be29f09627bcc0b60630d5a237bcffca78da2f

SHA512
5f27175bb617b71d407719781c9e9bffa75d3b8e9a0d4d843f17ae6f241e435f5f78e820c985aabcdecbe8eeb0bcb29a0bab8927b6721b64a9dfc24facce02cf

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\hashed\ootb-grd-driver-experience.ae47d97afbef711e.jpg

Filesize
271KB

MD5
12ae4e2b15bf63bdd0bee0e566406d4e

SHA1
3984b061c0aed82143e77c9762bb34de83fc46d4

SHA256
8cd8ddc3809ed790f1b472864158dbdaea5dffa7fe401c7867ed74dce7f78111

SHA512
4deaacf986ac69d2f19679c409e9094acb731097fc1a47bf8d0ebdf230a262c2ea2f67460964d26bed09def73a023d834c2d33f1af8f87002834e743ceb8037b

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\hashed\ootb-grd-ops-experience.98c0923bd68cfd11.jpg

Filesize
208KB

MD5
7e3f662f6749edc71b6da17467a435de

SHA1
40e7745cc9fe8739fd40b3181ebc17d2ba60336d

SHA256
b752cb3f8923920a8ea76e3094792a56d4e60bc2fe26a96c06ab07835ce44b64

SHA512
5102e82c85015cf02f6d9622b972daf2a1ba0ccfe57d1db0c6d66549f78199c2e102585e737d0794d02b905d0488c8769c598da0fc5d30c15d7f66aec7903c21

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\hashed\ootb-grd-overlay-experience.bdeebc393d8fb41d.png

Filesize
1.2MB

MD5
eea661fd718c0a25424d67d0aa8f2891

SHA1
3dacf79cbba0823f64592d4a9a13c45e31c9c4f2

SHA256
a8230370b3a1b63ee5d03adcee563b58e77884684ae4ccdff0cba130e5a98159

SHA512
2eabba91993e0c8559170c9d462361545a4037833f15c6721c2a0396f23e89d250918a45c775c9ecd4d06553683915fb20cc236beea74d283dc127417a020ac3

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\hashed\ootb-grd-rewards-experience.1008af5a8d2a562b.png

Filesize
756KB

MD5
112a36c757091e550f5db9732e70ab3b

SHA1
dbc3a3b15a0d8fd29006c6235083f0ef061947a1

SHA256
ef9f206e9316f47d000ac868cce5326fc72da47f665b80e1deb2920eef59196b

SHA512
63715bf062a93f0b32e34a8a81a5340642a2fdf48ac0c505b1646f029944979d05716be24a088887f7d4413ac072f102b538860b5590ff301e8814a6584e30be

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\hashed\ootb-nsd-driver-experience.35924f6290b36e3b.png

Filesize
861KB

MD5
95b843acd0a530eee3158cbeea2b4f4e

SHA1
80c78e7592ac44dbf298e11c49f7bc2ad062c2ae

SHA256
d6adfc4adbd55e2f788aaa1d5ffb0448d503ad1207bf145c1e45fdec6514556d

SHA512
5d92ea13cfb532645926be25a2b4ce08cf49918a8b03b7d16538a376b2a7fbca70255bf395bd56b2eb7aeebe2d26f7b18a0e746190768ac223d33dce71661c3c

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\hashed\ootb-nsd-ops-experience.7954f3c97e07a320.jpg

Filesize
187KB

MD5
0ae5aebe3b07774cda1a327116389696

SHA1
f33b797e7143954496f93b5573e3c094d615ccc9

SHA256
0c417c9201263e09c335f5c37f425aea8ae6aad7140c8977546bbaccb195682d

SHA512
22410c2b72320808fa6d0c9f44c8e2d7ce34a61533b15c17a66484cf391d689504162dfc0753046cb15e904528dde4ba2d8cbd7dd122a969ac8c666abfe933cc

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\hashed\ootb-nsd-overlay-experience.213243bf6d078281.png

Filesize
985KB

MD5
397fb562ba251b6563827630d9c66cd7

SHA1
6fc11b731b88319ffb777488ae337a680c7f9999

SHA256
f8a38190d780b2f3b5587d32fc1f53558a561e47ad477a60d1cbce80c54fdf69

SHA512
ae9577bc3c448c61e9ea846629bdc970fba8151bf23541e15e570054425a62ce035f2d13bb2daa1c3010ec8794692271522200aeee9a04e012a1278ff68e8a6c

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\hashed\ootb-nsd-rewards-experience.7d5784c7ae5bef31.png

Filesize
843KB

MD5
02d18fba8a6e5c40c048efd25ddb01e3

SHA1
d8bdaab7a3ea82578af1f1cc82d0f96129f4c169

SHA256
2afce6175a2b7acec82df6ba2dd3103e5ba7679592332c4dcd0ab5a1dd135533

SHA512
355c905a49bb995c353568fb6def130a01cca2ae56a593c457da99fc56e755ae9e8ac083674b4a070ef5ec61f97570b613241719f3df347883cb35091105ed24

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\hashed\ootb-nwd-driver-experience.69e0cbe2fa83bcdc.png

Filesize
663KB

MD5
05cde177963453e0d2634c271e1b6cd3

SHA1
64dc32e6be33f38f9ded4a8cf84fa76a57528b6f

SHA256
59d93fd1b9460313157a9785e1f1c681a599368ecaebdce4aeacb51821f5824e

SHA512
fb78a0e64ca2a91389b88a8813b166158588fd79b686609e10a37211981c5b7a500b69fb706a7b99b5ccf378d6662750d6a82c6d738d0bb65f716a5b70e4730c

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\hashed\ootb-nwd-ops-experience.bebbe17ec587266f.png

Filesize
533KB

MD5
ed84d52e2ccfe62c12e96faf82fb9a58

SHA1
47c7f2175b54fd29678f7cd112b67eadde3e552e

SHA256
d22dd5af9b77116b244cb612914cf648fd8be155aabf71587cf13aeb118e85b6

SHA512
58b009617a3824a5da698c7594dc512e0ec7f0ab2d22ec020b6d34386fa7d5a501f04f8a84a5e9e8c4f8c4520c89425e1333c255d647b6c80ac1cf6cf5bd1a51

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\hashed\ootb-nwd-overlay-experience.8524e30d36744c46.png

Filesize
787KB

MD5
43f98aadcabdc786414e9dc96fe3dd6b

SHA1
6c1464e3da7453a92b49ba4ac564a61d9e680540

SHA256
7e9cf9eef0c511bfedd2415424d7c2bb34856eb541ab7c9693fb5a6b7756acb8

SHA512
30210c8318bdcf21bc4c3a712fef762dee4400d253408da449a89d2df098b8ca49483a0d06e1fbfae26f026f511fb00205490d4afbc9f8d6b5aed04a734984fa

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\img\Marquee_Hero_Image_Gradient.svg

Filesize
68KB

MD5
3f03b5fa3d228e924ff4ac0a034c0669

SHA1
ecc1f84198f79323e2d91fd4fe1842468074eefb

SHA256
ccf2b77b27e7f5a297f14e2643131686a1f48bc52c1127baa447f3527408466c

SHA512
c34c0db11b355e1bb82f4c766a074f0fd010849817c440a2194292c764a0f21648c288f1c89b25c9ad6230259f4d071c09c27d1bf98de0dd0a6b2f92866b310c

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\img\Marquee_Hero_Image_Gradient_RTL.svg

Filesize
68KB

MD5
27da811419713779cc4465014484bdb5

SHA1
019f8834f8ac75cd0b8c161c18c1bc6ba671e5d9

SHA256
2c83cfbe96ec803325d6a0ebd62f23ecf44cedf6ecf70e405ecf4152a3f6d1cb

SHA512
cb9b4cd6d19c39ff178a2044d00fdad9989218cf13ae7624a83ad082900dfeafd7d45e4e9ea79dd0e39c42afac4b1c8a738a131f4b3f7d6c6922b023abb53121

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\img\mobile_marquee_hero_mask_ltr.png

Filesize
70KB

MD5
32293fa83573bac9362b4c92790ad35b

SHA1
0e48cfa5b54818bda3a76f6a5a3f2eb0a324cec7

SHA256
0af38caec81832b677718453336e8722d8b302bb15bbb65a0e70a9c50d7a315f

SHA512
abc2284f92ae8b08b2d442261daad52e61a78a627827f9dfc6609e0d66358cf8394ef16da9dc15e84a439e7847318cb573dae5c8af83884cc03f84c581f98c84

Download Submit
C:\NVIDIA\NVAPP2\NvApp\www\assets\img\mobile_marquee_hero_mask_rtl.png

Filesize
71KB

MD5
cfa26c70afc361b8940bdd48076a5189

SHA1
99a10c4d0556ff7e8406920d938d1e9f59a37384

SHA256
777f462c46219202cee11751b046aaf95cefe37f26c7aa8f8ed838f09fa10715

SHA512
936d062d817cfe1bffbc1fb74e01eae84ece74c85b935d8d6cb05655e6f66ed87949c0f0675c51cb58efd158fb10e10047b9c2c8db10be63604fe0a2fc6ab536

Download Submit
C:\NVIDIA\NVAPP2\setup.CFG

Filesize
46KB

MD5
a6f0b3528857fd5ea7616c641022e968

SHA1
34316f5180e426598d3024f24b8615e34948c985

SHA256
77d82a776b09c81f49d5db9267f994bc4ecf4b1e3ab78f86c16c57c7f88e0056

SHA512
9f1115d1edaeccc1ace6dba707d5af073422c663410c9a29ce52aaa465d1e701eae8be7a359bf3aa0c23bb078f91825442812268262e623e62c326c7e8dc1eef

Download Submit
C:\NVIDIA\NVAPP2\setup.exe

Filesize
637KB

MD5
5e60945f5334b2f9c80faf60f1bd190a

SHA1
aa2c5f06fa1f8c4d73c627600e640651b6adf4c1

SHA256
9c10ca204709ddfed7c2c25cec6f335360bd29292ab5c8882c00c422aab30c45

SHA512
b77fb009ccfc418ddb0235923f34410c4e4755f8e8e065a2b95ef452be98447a6cb664c9e4e4deb2f205c0a74f06d69bd62b976c54311cf45d38605baf5df991

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{C6DA6E07-EFE2-4ECB-B6D3-7BE36F9FD5B0}\NVI2UI.dll

Filesize
1.9MB

MD5
608b935de4622eb6493ad80c33d290fa

SHA1
ea712188e29c543aae4e069a3cc954f3cc329b82

SHA256
156d68f6083c127021e4e1fa50d68138d4024f24ce81439b0628996a65f08b4f

SHA512
7888ec38a7c9049adeb3d7d56d851fb740786aa8ccf91c964144ac11522ed6523b4e5c85d3631361d01aadade6a655aa053a5703eaaab52562142c0485e0392b

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0000.ui.strings

Filesize
2KB

MD5
8d7420be80a28f31331566a99bc9a322

SHA1
8ffbe26eb627d4fd69588e0e9e09f0a97dbbee2b

SHA256
c0404e4eff2a2d0d33e48e3dad9488da05f588ff19af34095e108afec89a4d07

SHA512
b21132c790956c0136aeabddda9f7032a7c53eb2ebfd6f98db1e439176244a521cda02a259b712ede5c87e035d64b5c7af005f1e7976271733278c5120ebb553

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\041e.ui.forms

Filesize
5KB

MD5
e7e2da8916a186ce14dd11fc64b9db33

SHA1
05d335a9f342459bf998882c941e56babc48e7b2

SHA256
2ee54ef58814e52ae0a986d6826ce93f94c82c831a4db2b07cf3a9e31fb12eb7

SHA512
a145b015561466dc560dad29faf434a33bb043cdc00787ed0f8bf0899cae6bc1c4473304ae64626f5b964e3e69c096a772d35e3a4452cc60d99e2a7fc9febbc8

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\041f.ui.forms

Filesize
5KB

MD5
ea3a91e7af7d8645383b309097f3145a

SHA1
db2a49b7fa709039c803670bc0ae1b5bf367b9dd

SHA256
c226fb75cf60ca698c3b5e2f75671e5b3a2f0f5361ed3aa7c4f785890cdba448

SHA512
3deda6ea826890bf48abe846f066c4c54644cea20dad26836e931ee574dfd8f919664e0a6588b6616adf5191a7480b93bca7614183fa72c862e032968f9d3691

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0422.ui.forms

Filesize
6KB

MD5
ce28fb3aed6e165342bb3bb975dcf9e0

SHA1
e6165fb113bea10ea973ce2291a1c729e85f9aae

SHA256
39b3529676395ceb9f68802ca27278cdfcb5610bb7a7286dd298a054c2a897c0

SHA512
647a04b8530f0794d0e7f90388b4271d17a8f3d8f242cc8719072a132e45f2341413eeee3593bfed65cf887c96a59a8b9d67bec95d92ffaf9eb6d42f5578ff77

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0424.ui.forms

Filesize
5KB

MD5
311de108c806d619e4ce71f8053d6ca2

SHA1
93e097709436cff846534855a7c10283557f371e

SHA256
3f806d0dfcaadd66765d78e1ff1ec7048eb9025785dca6405e50332a1a9edc54

SHA512
a6137a2a72697d1142ca0dfa235a987a5bd36e7ee3d308028efd910a5d16f8c62171fb388e70b06bdd85ddc0636997e7401a8ba6345667094d660e234f6becfb

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0804.ui.forms

Filesize
5KB

MD5
9bbd54529874f09fe64196f27a165ce7

SHA1
9eebaa0ae473aea9e4044216a21e3aacb1c66fde

SHA256
1c6054f64907fb4c553c509b905aa6752672df0d8fa549650ed703e73704db7d

SHA512
8dfb06d6ae6e0a89373e9b930203cfb8f848127f38541fe2cc6f13878674fa34e4bc6142d568ecf6fa3f715efba46f071dfbcb976b10ee7340c25def9435c7bf

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\080a.ui.forms

Filesize
5KB

MD5
f9ac7f82b503400dbd409987b7194aa5

SHA1
6b6ff39507713db6b8b27433fe68bdc49f5961aa

SHA256
87aa0e0735f4e8676ea19a5c49199555004ecbcef53f7017e77d8bd8db6b61b3

SHA512
f7f0267ad93a76c7b0a0f67e461af4af61d733cf34d3c5e15b680ae02e688b7419e85b767fc29c070c87cd6cf510d050f6df7b2e6bb8fca102cca7a67b285fca

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\0816.ui.forms

Filesize
5KB

MD5
3833b6fa5b7a849a3df81a94ffb09870

SHA1
97813a46791bd68eda29fb0e8bff46a11a7abffe

SHA256
da1cb94d85ff537b4da1bde35a70f20a073329b5fddd593ee3e160d9c1d2811f

SHA512
0dd75de051573d429d91d46283b760b8e7c701a92b0aa6c42c903c98eb4b9cac42a7170a0cce9d7ebbf72a765e697d3f72d228714d35a2c29e3649aaf463b9d9

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\Main_BG.png

Filesize
2KB

MD5
fa63623d1d4507164451c6794fa3a531

SHA1
8228efe8af9de8ffb1be2adfd0ca6b81bc701245

SHA256
b513415b0b1cf0bf3139c22ee1cb698a532398e9b63d46c0855ceb92ceefc124

SHA512
d0eeb6daf4fba48bf06b4899bd84cf0bb0ebf01908a18aecf2f3c0fcc75de24d68f9376659cb70dc09c3ff4934287c0f0bc9cc3739888bc3e73ebbfa62a89a6b

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\NVIDIASans_Bd.ttf

Filesize
165KB

MD5
4a092d736f7d86ff0cb626096c9d3cf5

SHA1
a80f9b549dbf80a835d803e949c695e6faa1bc7a

SHA256
aa73cde03bcedf69ec9a9e4f1fbabd75abcc00f94f01a8e6f3d74334c66b5358

SHA512
0bc226a8bb8718bb7f37c3fcbba93440b21bb871b70f0adb9c901afc25c8a539c535d60c2168c709db6c09606e425eacea8704111b40efedaf64d73589062013

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\NVIDIASans_BdIt.ttf

Filesize
169KB

MD5
8fde6ae5491bb05bd0418428e6727398

SHA1
40aaa52f08d0732c2f5a2cc8a96cb5e684f29dee

SHA256
2e5c50e0c304ff97e0b218758276386080c6e6de9c224bb66c4d44efee6e062e

SHA512
6db24c7d362544991052e5f252e8d1f54a1ebb9ee2d2ee917ff890d1bb71661f8568a129199f9ec1fdf29905acbf4cb547f72879a41fb6b8cc2f631011dca378

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\NVIDIASans_It.ttf

Filesize
169KB

MD5
4a1873c0b8fdba8dbc7d89b1ab453e80

SHA1
55cb2e627c664c034c54d2690da919acab26a920

SHA256
324ff52b843df060c6cc827bd486a2821aeaf72dec33768b46aef97464e39268

SHA512
b07b02a0d6b89ab1f882669c345e960135b7b99ea6874d703bc29f0b686db8c51193b42938bafb946635eb41bf6628da17cc025de59a3e03ed4f934b3224fada

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\NVIDIASans_Lt.ttf

Filesize
166KB

MD5
7985674f44dc0dc1c9f1ba3afacb7cc9

SHA1
c730191971ad10fbd3b07f7ed75d9d4a98f7e360

SHA256
4ee22a0ec7297c2362f66226cb907b34191253f4d0ffcfcfd526c9bc3170480f

SHA512
6deaaa78a0da7d875c7ebb11b447b8533a5af88d9b88ff1ca3363b46c59857d871697bdf925cab09ce66c4787ec3b82564758c9b4ef210baa81940443a738dc1

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\NVIDIASans_LtIt.ttf

Filesize
169KB

MD5
4e765e732d6382fd2e3d931037fca1ff

SHA1
70898b6191446ec2702c2280543602c16d1ed519

SHA256
dfa79aa95fc2579be986d3c53ea2fd55139b07b3d7ed13962324d52807388d70

SHA512
715fbb63d80ee649dee370e9d44da601ff5f25fb17bff656d51f0ec1ac492fb85e743d30b4c2e17690f002837e7db003182eff881a2cc17de6dcb3894b72e798

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\NVIDIASans_Md.ttf

Filesize
168KB

MD5
6730ba2cea733205419b62be8d737b1d

SHA1
59c427926e5c52f41e8ad91eca34d6345f82a1cd

SHA256
0f57f33a2add61528fc11cba0415360d5f20c84e7148b6d713e6b76ec1a663ba

SHA512
c0c23d74cb9b617ad3408a421c5f62649f445fcf8797344835c16ffca0d4005c7b0d086f2ad68ba02bfa64dd02d37e35ad8006a1447c92c9035fbd6cb0635409

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\NVIDIASans_MdIt.ttf

Filesize
171KB

MD5
3b8488dd6ef02d66c1546b9cb5667048

SHA1
2df6596eec8031821589b8528d3345c2c04b6be6

SHA256
a4ef292c477cdb634f6367a8effca948349d43ad1976ad748e116ddf5b91344a

SHA512
3cdf17c21aaa6f6d810379bba2ce5f96e52eafeadd9883c33acd6d59da672adb335055ab4146519251631801080b76b129592bb78071a9ff0340b2edd91aa996

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\NVIDIASans_Rg.ttf

Filesize
166KB

MD5
3004f5361b27bfa12cf00c69a1debc11

SHA1
c274dcdf9e9bd84b87d8056e2c6dea574674e788

SHA256
c2e260ec3962c9d486e01c9c2e59b736fa3b78efb6e6db5764ddfa3c4e15464e

SHA512
cc2b074ec0588c5e39f39ea11624fb5ede547217ad06a4b74280c02d7f35a75bb802e8cdf28bdb4eaaaaba7453ef741134f7262aacb8551a23a8c19ace238cc9

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\frame_divider_bar.png

Filesize
1KB

MD5
8a3ee5f53873a819e072281525de3e2a

SHA1
27da33ffbb408599d1808ce19175b7dfb50a7453

SHA256
147195f51a9eb2a662aacf7adcaa19850a6f7f69d7ffce20968ff2c59934742c

SHA512
095ac319c4bce7bd2a5967c571e7e89df33d2bc3bc5e627b7929c52b439ccc71cebdf3bb0e343476bfb71f585a3a10b376b7eb6a74f2da668a7c203d542cf06a

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\pre_install_bkg.png

Filesize
3.1MB

MD5
77445f6134577e29a6f8a313e059ffbe

SHA1
96f64a5ed2e58e2717fe634f609aaf6b9ce10621

SHA256
d8c4b75bfabe0e8baeaff0e38118498fb05bd123a5aa0a1840b08ee39fefbcbb

SHA512
a6f7c588d50a0d48471b4142946800673cb9d366748b0d0a92fac527da289d3fa2cc343a02da15cba4f1b50c985f5c05a69dfd0f681a0da2aa5532c6ebd50042

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\secondary_btn_enabled.png

Filesize
208B

MD5
a59b02f635df361797293855edec2837

SHA1
1d2005c1a92651d66d61a99cc195a4bab675b89c

SHA256
c0e67a68e8ba4af452211edccace31e1d2f1c8f21c5d69459ce65ffcedf03358

SHA512
0b3689c5d10e0c54ceb2f97e0478b121b31fca178f96cf7e0ab5606a3d7dc146da456fbe86699845513432c4e29c82ffd7707a974fa97870d09db75a14ea0b66

Download Submit
C:\Program Files\NVIDIA Corporation\Installer2\installer.{1C1F7FEE-6481-4605-9957-C968B5C9F1BF}\secondary_btn_hover.png

Filesize
208B

MD5
fc8d0a8c1d1c8f37a92f88afa0693a10

SHA1
14176df6b5a4f408696d8853411f758f57a35087

SHA256
dfb8eec67a564021467352e339020e0587e986d90c240d9f18cd03f3e5978448

SHA512
e27d6e875ab2d564ea3fd5e1ccd92e75d91963e35915fafc1e92664392150ef51fa6c9250c7b07acd9128c20592b84f4ef415624d983e8123a745a8a45df7b36

Download Submit
C:\ProgramData\NVIDIA Corporation\NVIDIA app\Installer\Logs\LOG.setup.exe.log

Filesize
239KB

MD5
6316be5810de7b0400ef0fff75c474e1

SHA1
3be2daca12f2f9dfe04e93c024dd008cb84237fe

SHA256
fb8451112bf09ad29132ec0b74211921ba29b369147b5a3f6aecfad0819ca80b

SHA512
af27a8ef098fc275972e8c7df99d3742cfe482717ec1824ba90eb1aa8c8d7740255c2d5f9c2d04d4bbd91dea5d088fd3a4b8789e706cfd011119906d60937663

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DC1FDD81FD13E32279FA4275E870FD3E

Filesize
727B

MD5
fd689c05cad3d427b10828a4f9b992b6

SHA1
0b3985c71b9e3b7e2e705f2e3168beaa85e316bf

SHA256
88bb84b834c281f841e38a37edc3df3cd9d163d2cc3569fe490cb74039d959bf

SHA512
1050894511ff847eec02d7aebb8aa47ff05aa10a128bdb07a69aefa8dce501de2893b4963befa8ba6b1f4e29c6bb2fb126daba68d2ad54526c1271e094101194

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
fef03a1167fb05058012df4a9ec3b9f0

SHA1
5746243a81ec24754316c63a86404f0c26beb826

SHA256
1fb7e0556c8f89a32d34c0d6b6ab506648d018b1a51c26376687c970d65dc5b7

SHA512
7806aefbcc9a6d3befc6736a630fad1622a53cca76dccc178c3c311d22206440f7e1522c115b0dec330da00f090b40786a5686b8287c095f5366662d57ac737e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
eaafb535da83f5d0ab286384f3acf448

SHA1
1ab839d23c3e206290e8b897d3ccee10520437f7

SHA256
8e384db26dd1f871397a1b46f982fcec3f3937ef50c999bee0c97beb83ddfdaa

SHA512
676fbb6c7e7af085ee54510bd47e7a5dd1ecf8372000be702bf5602006aea0c978f1291c90fafd8d5ffbe94c4e8b85fd07884fc38dff9063e6103ea0a82fd898

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
f79b5e0740b0cddba73d88ebc09a401d

SHA1
614b9850d020c53edacf86a31cb321c228b34b6c

SHA256
7a475c597b509274f7c8bc9de19167127be6f61d1d4e273792394f8af9b4e301

SHA512
0973f426637b319d63da05834e15ca353b2616159b4d70374f85b3249234ce4df0b79d6be85f41f1b43f2ac3f20c2a74556b2994bf3aaba5325ffa16d511ae14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DC1FDD81FD13E32279FA4275E870FD3E

Filesize
408B

MD5
5f2813cf6a518554431985c67d7e5b19

SHA1
504fed1f57cf38b6a1d7573134e0f05ea77629e7

SHA256
9e04a4de5f8303ff713ef9f3b600cb5402b6d0ed3b21ab4f1a1d9a8b9a67769d

SHA512
8a19ce154e3cd2b979476bc569d297a2b7bc0a1c76d6ce34aae502889e2bfcc0beab0956b94ef1fe21da72b31acef968179b0958043f34c93f1e4f777a1394a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
fa83df75c94cc18027f3fffa753e9f97

SHA1
739dbf2db74df0492924d2d4fe048089fa50a270

SHA256
ab6571768da9ce082c578df576aa9629d7d6d6c5fdf2ed4d71bb324914879570

SHA512
4cc7b07f1dec005435b7df3921346ea15d92408b692a7f19664665e4de540486950c81358ba92f1cefe83ddb50e422496e80be9a20144b04ace30da9b2cc8a39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
349KB

MD5
2c739bb8010171410d28b601d3be0b14

SHA1
a82d134d63f6eedad8548682ab75785a6e04a9bc

SHA256
04d27c2a22b5d124e2c6d11234e9dcb3ec935100f0d380a275e5dc1d1a3ac570

SHA512
84ad3cdc8a9670f33304139e1fdc29b5950c3a4294d96287a995659c37f63a0a252845ab0419eb3c6af68ec99c91eda3f1b4849d24251e3d201b75fe994f41bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
32KB

MD5
9a9d695103efbe392a02e4d1ccec0a3a

SHA1
9d7fcf526917d1d015546f6fc48264ee72b375c1

SHA256
21187bcaac96802bcc517ed178ff242f054bb601b6973fea1fc821a9ffe4201c

SHA512
f21150e37244da4e29877797647b8c8708eaa5bbec05a35543395a45f87186ce3bc99c9e4bec6a8157b5ef2b18171b15ff00343c2c23e33bad740a0891348e6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
219KB

MD5
6975ba450aef4df08ba96ea64c041c4c

SHA1
e619314b0f13888f500668d3de0c4b6eba39108b

SHA256
15d9713065fed3926d8587b85c45aeb9e65c1425d56a8e88a00d258662344169

SHA512
7124714924dfce6634897184104ac1c26163eb0241d4a5f259b21edd17f504d4cf11aaad849470b3a5f774db179edff368be8ca7623ff4436379c2d9b890df83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
447KB

MD5
cf92199f3b32d70eca84721cb458ca60

SHA1
d6c1b1949e45d153f26273352e738a8e91256832

SHA256
4fbdcaef14af6174b747ba394a6c96ae8b5b3305bf2cc07c8a74ad0faf3d5431

SHA512
e883b79c39e0c4140c14134afb590c4e6c23254484d22cdb7b1d28ec83da4391a9bbea098d3f93bc6c6280ba4315acb3c3671dcdc61ca589ca05a11ea52982d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
106KB

MD5
866625b6f04890d0339fc889512339c8

SHA1
28eceacf632e4178596637e3c014e1886b600f2d

SHA256
fc1c2849205244e3b9f746a893ca32d4baf4f303a5e9f8567bee876331adc5bc

SHA512
3a52e4ac7d05b0693d7544b71b5d656514e1687a41dc9097750be554a264cc930011cc29bf879d82d4408db8d5e8188109f6b8bc3c651c0f9ad3ce32a2e164f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
281KB

MD5
bd59b095722bc9a40d1ab4c97d640b84

SHA1
b19c43195be5df0a668a578cd2f4d33bc00f55f7

SHA256
cea0ba803f0d2648ac858a900cbdca8cecf929f62606fca468d1105523ff8e1b

SHA512
b44c646551a8c93df7b2d2106b9698549dc8e83b7cdc2d876b18e8de2c22b50563fea13ed47faa4e0ec7756360fb141f3b2ff68140ee0620b23c6e710157bd29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
34KB

MD5
0360dbc6e8c09dce9183a1fd78f3be2e

SHA1
6cd4b65a94707ae941d78b12f082c968cb05ec92

SHA256
2db6bc36808d43fa89029c652636e206fa3e889b35ecf71814ab85f8ba944af3

SHA512
93c9f1856142da0709f807ca3e5836065e61bc8160f9281fec9244f31ed8ae8df500cd5c64048ac59b4dbc36ebd18ba8e7fbceef58134dd76441079fae147ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
24KB

MD5
129ff6cb810110ff54daed9f8185ffeb

SHA1
94e04dc9618d6beb691f1e1aec21362de34f66f8

SHA256
e411fcb2509d7934da959b89d1e7a6c331acedd7bc5d0b3967affd02456f2ead

SHA512
2d56380abab000357299b37a24bcaefba0664620d40e10865b921a312fe5dd5f50f8a2e668ec0cc498f0d13eef026f02a21e20ecc97eb9f6d30b53197f371370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
215KB

MD5
7b49e7ed72d5c3ab75ea4aa12182314a

SHA1
1338fc8f099438e5465615ace45c245450f98c84

SHA256
747c584047f6a46912d5c5354b6186e04ea24cf61246a89c57077faf96679db6

SHA512
6edf4594e2b850f3ede5a68738e6482dd6e9a5312bffa61b053312aa383df787641f6747ac91fa71bb80c51ed52a0c23cc911f063cd6e322d9a1210aea64e985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
41KB

MD5
4a686349993965721f090d158a10a6c4

SHA1
fb0f61ba49cfd7e213111690b7753baf3fcce583

SHA256
65451d12c37acf751e9f4732e9f9f217149b41eebad5b9028eac8bd8d2d46d8f

SHA512
0dc571487fd798b62678378c2dd514fb439f6c131637d244c8c3dd48d5e84267d21fe633c5b20578e621d5e8fe2958c5e58bc18ebe2d4731b18669fec4031489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
455KB

MD5
29419d5eddffb28de9e8236e8be6d6c5

SHA1
5063a2835e6cee4e6a78698dc70561a5ef93dc25

SHA256
4c48c0c49fd03d0cbd45109f68ed3cfb1929bb16d98cdbf04074e71d86f6d8c8

SHA512
9fca4c62de1ef3db6a5928bded4004fda957bb68de0fcc52c3d961b8f192bd6195d03921c9634688e4994676f5b029dae4990dfeb64a4c772bcfa2c1d8656868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
38KB

MD5
6b2050872b3f506f6f1ecc68a40933ca

SHA1
562a7ed420264ba411c2a3f2a869a42954e60798

SHA256
32efa94175178d540606e23e239f82f3f8086eac7a571e553c7ae22bc6d46de8

SHA512
17e172cec26f37afa5b3e6bd3cfecdf692e4f4f99b05ef112ea101743123c125dc1d7aeafeefb7fa4639370f32cfa798de604f5c943f4c31b17ee3c477d833fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
19KB

MD5
d8d86f90d58bda241ee994b23c6c7606

SHA1
302bd69545919c4499a7bf0e783288fae6642e32

SHA256
71b191544b6e6935ab95df440948692f303ff1d7de00c878ba85bbef51e3583a

SHA512
35294d7dfe43e96079e2aae370a9c8f94c4df91c419a5051187764609c755a5557569241d4017c1a822af2cdbbd81e2848cd9db56db9fbced3158db6e11ff9f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
71KB

MD5
4a8bb5537ab1e1af9bf8d38769571cac

SHA1
37436f4cd29bd85cbdc9d3edab6ca4cde8a703de

SHA256
8b98d07437b4aecf2287991c2f1a6f677bbd810bfb0557c5ff3be6be68d48cd2

SHA512
7c42f9dc76792b180b7f226bf811abfb0d10aa95c9da700d55e587ed3ad0069d75c7d7a058957c39edc8d9f97fe406e8254a9af9a7ae5e88a51f699e493d56ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
228KB

MD5
c963af445f16799c0ed351a97f3f0028

SHA1
7cbaca6c6d8a2e42afccb6c0265d8646fd02f84f

SHA256
3ffc8857f308b245a5867c025efdf438c693d0d40f464b379cf80a8a42260b8e

SHA512
913e3a136505f0d36de24a9c83e76e60b2cfe996751cfb8f2d347d466087516722c080b9d0bd58c39136e8fdbd2e3eb594d66c8686e067c3584804c67b2504bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
62KB

MD5
3c91a17571bad5745869de1ce3fb13da

SHA1
2277fe12d96d8c758f84daf97d3d89a943a042a1

SHA256
a5ab2ba21083970f932313cec37e563a852d670472200ef8d5d2fa7cb203a52d

SHA512
84f1aa4e1d7c5b217b141e4aaad8f6107f6bbc3f66a95aaa13d84409ba352954f0120b2017d80ee0fdeeaf88ee6db17751049dc487acd3292fb8fd7d0aa2a972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
71KB

MD5
f20c16f55d5dfe405770a5da78c11760

SHA1
a3348e12bd662cebf55837204efb12101ec29c2e

SHA256
b6ea8a3b82e53fe046d870366d71bdb96cc7038b9687a0c1af7d6beb9afa8379

SHA512
cf131489528ab5bedcdf438d23b6b90950da129caeaa5d4b371379a97065d337cdabbde4737a9ea41dfa415297874ea1992ca7ccdf7a9a2b9ab0c8c8da34a904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
94KB

MD5
1b2ce56f5978d7ec6db9f020ab093dd3

SHA1
9d13b259a5e6d034eaaf12bd3b63bd3ce93a25f1

SHA256
e310fab83e9b35989db9a9db91962953df1cd62bf85edc7f93aa55812a092e06

SHA512
9ac7f320f0c0e0a67e984cd4b6d4a184274013d6a25199284ab633abd6eb5aa62c204cbf89831e664c3961414da36744845bd91288d76c92e7639b5e5b39573b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\01582035c170b32c_0

Filesize
289B

MD5
690bd5669f1b3c3979234c3a6bc274db

SHA1
73d0836d9289628db3ba3f6214f68b8f6503c667

SHA256
d5247541fdae6e01b1f703d863817574ec27deda63b8ad3097fd568400946a5d

SHA512
a2d849aaa1ad8cf31814b6cc4f10472ff0884da8933abaf0355b5f285954008b711b92a7fa444e2e7c9405d170db7d76e549787bdd5aa6e5ea9e93c55991fcc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9e84abd223b5fba0_0

Filesize
25KB

MD5
ec734f89d42ded9c9a5b2c24f89f4697

SHA1
f755b49bdb8bfcdee82f9547f43fbb9a125aedc3

SHA256
c6471c5b5f9a08befa0a80906d2bb0bb817ea86728ebc2eb25a9a0c926d16caf

SHA512
5084297b3c2340f979a20413c1dfb7617c1956c18f068373358cec8c7716768cbc9606b271b3d005ffe9941cdd1e841e005b064a7817f59eedfc9e75dfa8fb7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a06d794fe5733011_0

Filesize
334KB

MD5
2fb86deaee1a80864359b1034e19885a

SHA1
21f1c23fea4c66785ba7fb60d160660488a1c24f

SHA256
df3b9c8afdbd9834462ae8b4a345654b55842ee13e7ed8a95eab5d1ac8995130

SHA512
a82aea212a6532e19af3b5de863223fca1af62b687f2a4187530cf1cf5c8bedf9e78b894407c02284795c137abd277ebfc1cf05503aff3d22477c1c853251d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
5KB

MD5
30fe436b8f9c56225ef947f01ac1911a

SHA1
b4b6f7cb0152de5cf836a7e7a1b99dab4c28a4e6

SHA256
f1880c22fe4c451aa96c679db181f9a96aae3362de46aa2051f5ec46734c5b5e

SHA512
763d9fe93d18860490ba3425e1b20a465b297ae56489e96c2dc7499abfbd158fc885817bfe19cf2c880dd1b4d01f21b89646d36b70f97b42ea00df615703f256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
5KB

MD5
d6f586e68f1754787a23de4c6e04d658

SHA1
d18f2647ad4330d3f7c4b3e21b0180910d2b9b8d

SHA256
f7501634ea53a99f8024956bc40c7369185380257b0adf36e80aa64af24b34be

SHA512
bfce2910e6ef0e02ff3884b536fd48388017cfb96e57055c932ca2b4284f6d67e46c1fce6cfce91031f49d056e1bdd17c74a61ccb76d19e1add9dba5e4bfff65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
bc45e63923a2e2bada12f577b3e7ee68

SHA1
2f62e9f884bb62a95cd54176329151fdbd5cf45b

SHA256
591e0625411d8dffacefbd9d82be69555b5a632fadf6e0c2d961494f442bcda6

SHA512
def2fa326b90575b6f93739c5626e6becf27b64e0212c719268ef51dfbd27cc57862cae9fb898fc1cd929e19cf3c9ae69b7a9398d7cdd6433583bc7e99d952a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9abb49980601b564d550f366518b00d8

SHA1
4378d56dc83c78de1e638e81e69658e11bb0aa8d

SHA256
af47280b99450bbc55d1e136aa11d728e375a500e4b036dd058c5ab5f4ef46c9

SHA512
ad8d3d6538b80b8c30c19541d8a97800acb37c83a92b29540774d65249b13723f2bf46bf53e0c13ca57c6ef789ee05735147a46544da5880f337bb7166decd6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
c1ae22acb66e941520fc896b7aba2f49

SHA1
47792f6d69ce0155636707e11c1d2a127ef4e807

SHA256
1ff98d3870a0431bf0c69b994cb8c5299adb0d26badf25809aad78b2e980a3db

SHA512
3a636ed0b54dcc70cfc16806932c19e53398a46a4ea6edb9e245aabf1686ce3cedc65cbf8d87f72ceb053db2eb3af217ce3479b54e80f9609bd9382d229158c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
007bca9c11e5273a956056b1ab24f4fc

SHA1
8c58f1bf09c2a562acdd2f59d1b2570225f30af8

SHA256
0d179f970aaea3b8287426d6c6e3df9f6e5ca456a42c230ad1ba10dd07824eaa

SHA512
9571e2e1d0d42304693139150eb2441672bdb238fcce90c2b43c804fd6c304a049dd60529ab5b9c6532da871b111d75158f04ba18f2de6962868b8b639b9a83a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
bb9f78d671eb892110430bd17ab0fcd0

SHA1
f95099d51ab02421a01bc6c1e1b5ff0298718810

SHA256
30f41d6cf03bdede9e1f6dcb3ed9047433eab3001b30de111d855652baec9515

SHA512
c91c20331b1d351601780bc1b2a2eccd850734c7c9a6615517e0d3931172fcdd01f261d12b4f97753150925ec6f3c7320dab14948293930dd169b84a3d604a1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
a37e550db416d702be655740d0f78de5

SHA1
c59aff33460a1f631f134d4dfaad4a78c30aaf5c

SHA256
9189f733cd000391c3b05f0da03a05f467e5d230f268abcdaf271eee48b0a18f

SHA512
52528623a83b74cde3949f745942c3cd22f4aec3a4c9b1535a048690aa04ea21f085fcd27fbec4e97012b257397454aa6a57ed618a229261adf8abb5eca1939f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
69abe101c71eb552399494e73ab86c52

SHA1
057532248256377464a43acbf8f1a55ae78801b0

SHA256
d4e3563da73dfa628761a2d1eb7ec6330b3ce1a95823a87ed33fe486957bb2b4

SHA512
bae905f73916ea6f25f1ee502d2e090ae4649044c6191c999d91bb050cba09cf0c751a53f4b8d2117f05ae1217af3b1bc849a545868b7787c83b629b46bd351e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
bf189a0692c6aeb598abde6c89ded386

SHA1
0161ea4acb32d2bd253eec8899786b564a5602d2

SHA256
1c92b7b0ab093d4c240b9ba1c1dd7e2f286659cd9db810d445ff2e1f9e92f0e1

SHA512
e37593f9f6b76d0a7cc58976a902fd3180b711ad236945dbdc812362489d97dd9c7e01c4fda48a1532fb7d18b1fd33c9a66bf20b9579a813b2a3f85f09c8757b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
050dc52aaecf64d0698b25c7206d9c2c

SHA1
a41b3fdff982fcbd14e222bd81639b7ccc80d24f

SHA256
416bc9fffa4b1bbcec36dad5c7db4bc6c26d03301c14e189f134b6692fc87a45

SHA512
ce0d6c73772d951e1751f11aa106f271ca6ef901f8b9f2591be0821e296f66d26fb4a5c18724c15656ef743b3fb18e1c0f192e3518b2cc7204521e8eef218d68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1475c7aed63e07d077f51e10d0b34f53

SHA1
3100527ae045555191523825d0d7b4f2f7f9cbb8

SHA256
d077cbb94b988dad83da7df26c5571d7f97af0d8d955891cb11aa849335a9ebf

SHA512
a3b8879cac722019a3e1f51ffffb64b939526fffee940d9327d22e7eb1bcda4185117c7cbdb0cfad0c85fc021a0e41a80b481c4899a38a132fb86fbeeff828c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3d905d3cb6b79e460ff8c35927821f6f

SHA1
dfe06acbf49164c4f312cbbff2e8c166458761df

SHA256
95b081181d3e50c80f327825bf8570e4da51acface2d3bcee78705f70d9d4362

SHA512
fe81613fae7d9cd6bd3ad51a99d510afad165cc36d6b542892eab5423edd342f2e6f85d2f07b6c29213f61a9a087713cd819eb323d4eaf6e95c56dd9de916dfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
439a0d5b4461c51c7c9a43a791052484

SHA1
1f0bcb425072ede7348ae5d46f4b77cd3a6c0381

SHA256
ccc739fcd19ac0aad8fa7a5c16c16475e8bae4ddae81a40a614785d48510bbfe

SHA512
93f9ff5b04a63dbd685a5d123a4308d32ff0b3dcb18a913f84137fa3334de07522a2f88e2939d205a9770e781f054c24a8c1e5cda1c00d20617b7216f2037524

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
ecbbed79bc951ed3e072c71c2549012e

SHA1
e32a83ee63aa6b2c07a5e006def8d31212633500

SHA256
c4d96429083dae7125921e2f93b8fc85a4c40f78b97bf1b51847ac7b8f4460aa

SHA512
b20d76d332019a22a16f764b53913eb5d2083221f37a59e99e64b2e583a5a59662925285bd687d6aa32be5eeaa2bbf8551deac12f819a11f310b21588c856340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
301086c56245140baabf6d0702d464cd

SHA1
3f0e1540cfa706a7a55bc5fa80892afcdf834b4e

SHA256
8bdb008d988f295331bab3c1c262a05c33a6c2781ec946b0d1e24cc5345d2dac

SHA512
a04d2a5e7856d130d7213b0d1d481f2b3ff7b4560c603c36bbb9600643028b5b7c36d38750ad4e57d324e00a788d34d40dee73b2c42aa2f34f489659ad3d9ca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58b09e.TMP

Filesize
48B

MD5
446c723a7513be7ce2241ea4ede1f518

SHA1
6ac865ed9e96dcb6e6a2e4f0f0353b0617e6a304

SHA256
eaaa9cae2728b617244743680b9bcf9b7405da785a129bbf98417dba5ee3a2e4

SHA512
44d05cabdb5b84c22bb65524cfc70f5dbe7d8321c5ebf8694ce58cc32b5ed88851976f72098568f692e3a75016dade8a2c9a468bf15126927b3dc5fd62c50738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
cd46ca63c5a2602ffbfe210259430c0a

SHA1
7bfe01ad4b09ef88115fe56c57b038a0767d992d

SHA256
5593bd8b73e5a25034d078697827cc337517e1781a5928c9e7d034cd34a26de5

SHA512
9ccb03e20ba8ac3285491f2865b28d2a1f047b4a28d71510fd07ab887a8e9ce0f2df6dfdb52c366e74bab9f2d9197f14f1470133a2dea47c51c145a94e4b7899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
dae868fbdd6237904c0dda816e1dd960

SHA1
cecc12e58cee9a6b25331662f229425f937a5a2c

SHA256
f13d58f0eec308d33d107c3d8e4764918a98ddcfb6388bf9478ff6b77cdd954b

SHA512
1a8a65716ccefd6cfe8893bd441f5f4f38b8f28178af17722edf10a375e4fc5a05c686eb22dd0c058e6fbe0caa58cfe45d318028fb3b723f7ad44253ee28caaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
749c1b4c2b3c6181d10c2774f7b7faae

SHA1
8a354bcd1288647fdcb2c4fc2e242662c5053101

SHA256
d568c632bb5bae98afddc48313688a51c06bcdad609ae64261e9b32aced11707

SHA512
d747d4cbea36a22f2c06995182023d162fe739f2a87fea48fbef2739b91cb62cf873c28735e503a4428a64023b6dac18149df10f5da5067b0539647303ef61f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
8ca772d185321f272d60fb22247e41f1

SHA1
30322f27040c585a0567efce984249401a881802

SHA256
7a4fb6cf429f985f42219286d44f1fbe65bf3c62582b4805f29b2f8aa3eca169

SHA512
3a02f1b186ac4d8b1d8afec762c370396256a38853a82fbd0aaffed00037181f49ad5f65ab95180284a7e54aa31c2708957959e270fade4ab96d26a1b2eb3705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3d4bc556bcd243f4ded2aeaf6ccf19d4

SHA1
51fe8abd663b2f36f9302e26f8dbd6eec061c064

SHA256
4b61b25be64abf496d2f45ba24564d0e80afb604240d8f2dcce7d2aa493e1ba1

SHA512
6ef3911e782b1871510c908464e259ac2cfa0c74e9c3e8bed865efbbb8b5583581dbf3ad27640eec076822c21b342fa290e65956b2c01072aba01e5fb59608bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
abf5af2947bda0b72e9f283b33e8ee24

SHA1
4e3a2f560368e62e816792735ce673617eb88bb9

SHA256
2d4a5e6ec9d4b8d4b0230fd66cb509304b92637f9498feee4af59ee7e79abf34

SHA512
df36f4444feb6efe6d4dab3f9643f0542066305a32c17431fa232c4a54f318ae101973cf6dcf27f54a06bdea53c65cdc1be3eb65666716d83b2ac8cc29bd128a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
46631f96abfbd2f991ae42e374407e54

SHA1
2cb3b9eb9c01aa800b570ad16af878557a05f29b

SHA256
035ef2ee879a08704679a9ef3e17b21f40e7c025ce39ed63b7a58a121da65c52

SHA512
ba9dc79cc8cc7f3dc6ceb7baaf540fb528d6d3445c1b97321873170f7b3dc566240e9cbd52822ad51b4f15d342ff6e13a68d3c6efb9c1aa798a7a307a65872c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e58dee0ecc7f16b781505d349bba262b

SHA1
84c18f9a2c3960f4c83c2183dafa498503bfb218

SHA256
02420c3a5bd42de5bf43db236b347c6b2bc9ed8e67261b9f7bce8dfe69034293

SHA512
b59074d40550d7bb76558d016a1612ad9ab51494a48f5809577df345014a1c1e47475e3de6bbf8400dde901da1c29f044657f89afa9978460604a39b80fc0a57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
6b97ef5c1c7aad47384bbfab97bef451

SHA1
4ae2921cabe639bd9b6e5446747542cd44214593

SHA256
957b5cd87bd44fac80b64276517f7f829a4d69102c9a57ac7cd25beec4fcb99e

SHA512
0103cb51d6ce5bd0fb6a2db8f198212a397322d25838e37e635119574e8a67c3d9489827a78eaa2b04c73c39ce3290464de22d790e3198986125fc11bd8133a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
2105c25f531f2be441bbfb3211e27055

SHA1
ed31e7d5d7b9c564ec14eb6e4f2e9e48e5f51073

SHA256
b90f6ac4985e32ec14a9a753bec575634b7d0171da402ad739656fd381784587

SHA512
47097be2698e544ec4e1aa86073c9cb761fb5923e64596317057e9116e7a4c666a35f23b647f2c7f98242909c0da4728f5d089df0e840d5e642c2ec8d2372754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b4c7e80974efc4b4ebc365570c8b8945

SHA1
96096dd50a6304cec01f020b631176100621de3e

SHA256
26ed797c28096ca2ba0097ba17136b0466135e0e63fd611c18bdc950a7007895

SHA512
61b7c2619b801043a45f08ffd5c94f8db0e4a4610644b47607840cb9296ba75f0897ffecfb152e88b1b8ad7af93b8e5b41e6283938ee4edb13261713578789df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d185ca2f0cd32afb5ba5243144c49fe2

SHA1
1ee4176a726f8717cbed47fca4d5bd4562e729b8

SHA256
c9cdac3c9f605a3cc87650ec90ba3ca40a13fb191b84f8d40dc5cc6b823b94d2

SHA512
87023b20d133803810db5e84584d9e7438dd34ed2ed09527c77711506c5e579c1f2f1d2584950b51bdf745bfc0569b85b6a283fe92db64a37854a83f779bd169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1310f90a2e980d9574d0b8c1a1f10bdb

SHA1
38d5c2c249fb350065033909ff313c6ac170f3ff

SHA256
4d54f830f09ae592c36cd03dd03e3aeb56c62341e5f6a91d7f35c352cf74cf1c

SHA512
c2fff18d24490a45cf66dcfee1197aa055a1a85d25b9372201f7e037098f77701ef7eaab98e18da7ec8d41fd8e4ef55202a3d67800cca5c91d0a9ea7bfc7bf75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
4dac0c68c4445b9a068353aea9f17f9b

SHA1
07d3b827d12155a9533568e8ffa0d42d27a8ff05

SHA256
c954cb3294d11c7988ba8f37becb2a8086e06eeef121fd98bba65be88025d87c

SHA512
94ec924c0815ac36dadc57415c07203711430bcead49b0d36eba3f6504fffc7ad3bafb3a295bb0fb07d221c77a7fbb41a2d937a720154628f2e067614a7e94ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
27765149104728ee53e2be0340908b52

SHA1
099d353d438fd40260860da609a95ceaff3b0aae

SHA256
351c312405a0f415094c31858a56fbcf80fe90a98b7551ab2b0ef29fafcd25ad

SHA512
99574fbc400d6da00c397d4803900cc1b42c22014dd5230136a7719e6fa97724f181e5c973f4246a224e322b5027a6c3f2733491e76e2dfcb814f107c92ac8b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
fee7f582db21127fe7252b21936d2426

SHA1
d73c06ef4589493783e253454af0a4b8b8aa47f7

SHA256
f56c155c670ef6ccf0268a7261e8ad1e49ebc79e948a6aa05ecf5b23be619209

SHA512
7c4b85448b16aea4e935e75528c22b304d4b786f4992eccf8c3cea6efbcca84a0425e95f05ed5f13ee27a6d9929662ac76f202a60905bba2febf95fadb1759bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c5530521cd446cfd04550c943cbb4879

SHA1
90ba5573dbe2049a29680958ed9b87f664ded319

SHA256
6229df5c31e7134a39402ec8f79c57d246c7fcc2cfecb8ca7766f9f7fe84ef50

SHA512
3754c25f49aa3df702dc75a34834cacccd45ed6689473a75d3713122d86d4ef60681841238a618c55098d16c719110063a6ab9075f3ee5cd71f9ccb89453e922

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ccacbcdbdb35b9cd95c1e5f2ca4805e7

SHA1
75a173868a78d28468342d34f5aceff3cae05985

SHA256
82bfa4b80afb64e7a080f8dabb5fb703ef96aba36f5a894ddce156b6fb50e214

SHA512
3b4cc55d3ebd2024523a44fca88a180fd0aefb4dd44c1c4ff07237f087d9c36872c3086aa30d268f7cb1f5c0988ea80c419dd3c1e7bece003be0169a77862787

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582fc5.TMP

Filesize
1KB

MD5
06a057c5b16f550111893f50382e6f83

SHA1
c63418b51cf20eba73c697474aa3036c82fee7e3

SHA256
82ea86e485fcce91ac3bdcbdcdee8eaeed85f13ca05d056a41f18f8ce005564e

SHA512
d58ce0a0441b02924e8526f614367ff1ae73ebea547ff3597cbe3814b86589ecf6d9e6e408d5ee00be2b0c6fc690cad9bfcc8b72688d53c96edbee6eb1b01f3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
75f87a335e294d029120efd4107e24e4

SHA1
309d21fdb2de93841cfd8c43739d57a105fc3ccd

SHA256
7534a400e3561afe0f10091c59bb952a8072cc600f48f1e29c905b58fa21a9a1

SHA512
6655588654717548ef50b0bee3bdfbd348f387ef590c0a3e545c65a018408622c9b2f82a9297d23987e22e8fceeebd41a9e2e3858759ff708b2ea750c6cdef9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
912820a0634c5306c92d4130c9d781a0

SHA1
b861aff472ee450d8c79e99a4d7c4c39eff737d7

SHA256
332c491b9533a65f255febe1e107bce2e0fed16429d0a85fda2cdcdfa139de74

SHA512
461b3a084017508b02139275535fca790e1ac889f3e9e79fe058aceca707cccebc3d352e2ef21ee0846feb86aecf67ceb706ec06c1429072055cf1ec5a85bfb2

Download Submit
C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001.zip

Filesize
1.3MB

MD5
34dd9f8bad06a7f7fa3995092dae3f42

SHA1
6f3991123ed10df0e27f93eb59c10c2e05ae8829

SHA256
8e24fae3aff53a1d8ef00f4be0a58c815017cb6d508bf23a2c15269f52abda7e

SHA512
79ca1c4fa84fa3af921d08d864b50da9cf74459a003d39bfe28e0ffc259729768c2df2976a4ca89b80d21de04de5e99cf30c4b4d090f113ed72f71ac2797c7fe

Download Submit
C:\Users\Admin\Downloads\FPS Boost Pack-20250126T062646Z-001\FPS Boost Pack\Network\1 DnsJumper.ini

Filesize
8KB

MD5
39da4c10fb9e3a94fece9da39a64f0e9

SHA1
af3f79a6a107fbf3e47e6e537635e75cfbe80fd6

SHA256
f8e590ec60602ca7c6166ac6eff131b8a4c8fdcf26a7129f198ea428d81e072f

SHA512
5b286bc18d1f3a8b0d51009a3c82355664c01bc03a9443b17a67992bc765988f5d83029e3af13fe393499c0916f9ca0515621bf19c1d2c68a0ae8d446cf61a56

Download Submit
C:\Users\Admin\Downloads\Nvidia Profile Inspector-20250126T062509Z-001.zip

Filesize
124KB

MD5
cd93acdbd335930ce1dfe6af9cbb12b9

SHA1
c3c8dcc0f0a117fece42ff21a13efe449825418a

SHA256
a5c7594d0ac49411e8645b907ade7749c2dfea13e4c7117be0cbae9a0b1a13b3

SHA512
4cddb641ad0df3e85c9d5b3f08863d20b5a94e5f38fc794188f7a9dd44579b66ed2fbf11badf5d85f7bd12989d3ede4e68ff00e5e028360170d00d6d11a95a4c

Download Submit
memory/836-4164-0x000001CA6CE30000-0x000001CA6CE31000-memory.dmp

Filesize
4KB

Download
memory/836-4168-0x000001CA6CE30000-0x000001CA6CE31000-memory.dmp

Filesize
4KB

Download
memory/836-4174-0x000001CA6CE30000-0x000001CA6CE31000-memory.dmp

Filesize
4KB

Download
memory/836-4173-0x000001CA6CE30000-0x000001CA6CE31000-memory.dmp

Filesize
4KB

Download
memory/836-4172-0x000001CA6CE30000-0x000001CA6CE31000-memory.dmp

Filesize
4KB

Download
memory/836-4171-0x000001CA6CE30000-0x000001CA6CE31000-memory.dmp

Filesize
4KB

Download
memory/836-4170-0x000001CA6CE30000-0x000001CA6CE31000-memory.dmp

Filesize
4KB

Download
memory/836-4169-0x000001CA6CE30000-0x000001CA6CE31000-memory.dmp

Filesize
4KB

Download
memory/836-4163-0x000001CA6CE30000-0x000001CA6CE31000-memory.dmp

Filesize
4KB

Download
memory/836-4162-0x000001CA6CE30000-0x000001CA6CE31000-memory.dmp

Filesize
4KB

Download
memory/1740-4123-0x00000000004D0000-0x000000000057C000-memory.dmp

Filesize
688KB

Download