221944cf8cf33d706f1418545c2cc5f375743e0cb2db913ceda97b7eef31f776

Resubmissions

04-09-2024 18:54

240904-xkj9kavdjq 9

04-09-2024 18:42

240904-xcj9lawdkc 9

Analysis

max time kernel
209s
max time network
205s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04-09-2024 18:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MixerLapx Setup 1.7.3.exe
Size

81.0MB
MD5

af594291a273b2b971a12048ca6e1983
SHA1

3daf13475d11c8c51b923c9d04692dcd52a9010f
SHA256

110e87aae10a76bd4998724509ed628608c5df296913e051ee7550ab3d4ee698
SHA512

915c2fb2706ee29eff889c9194936b921d66ee4c88b207b981e7df73062a041b3dccea7dda87bf4ff34a956ce3863ff5cc39022013ae6a777c569ab0c47faad9
SSDEEP

1572864:gzfTDmsyuZLO0jEc+20cUToIGdGIi9u4LWOJK8NgbKsYh4tidXX8Pyb0iIoF0xsR:gLHHIhAzzHdG99u4L3/gbVYhYidvYiIS

Score

9^/10

credential_access discovery execution spyware stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

Executes dropped EXE 15 IoCs

pid	Process
3024	MixerLapx.exe
1456	MixerLapx.exe
1356	MixerLapx.exe
5044	old-uninstaller.exe
3172	MixerLapx.exe
4872	MixerLapx.exe
2856	MixerLapx.exe
2492	old-uninstaller.exe
3372	MixerLapx.exe
3156	MixerLapx.exe
4632	MixerLapx.exe
1128	old-uninstaller.exe
3076	MixerLapx.exe
2380	MixerLapx.exe
2692	MixerLapx.exe

Loads dropped DLL 64 IoCs

pid	Process
2872	MixerLapx Setup 1.7.3.exe
2872	MixerLapx Setup 1.7.3.exe
2872	MixerLapx Setup 1.7.3.exe
2872	MixerLapx Setup 1.7.3.exe
2872	MixerLapx Setup 1.7.3.exe
2872	MixerLapx Setup 1.7.3.exe
2872	MixerLapx Setup 1.7.3.exe
3024	MixerLapx.exe
1456	MixerLapx.exe
1356	MixerLapx.exe
1356	MixerLapx.exe
1356	MixerLapx.exe
1356	MixerLapx.exe
1356	MixerLapx.exe
3024	MixerLapx.exe
3024	MixerLapx.exe
4632	MixerLapx Setup 1.7.3.exe
4632	MixerLapx Setup 1.7.3.exe
4632	MixerLapx Setup 1.7.3.exe
4632	MixerLapx Setup 1.7.3.exe
4632	MixerLapx Setup 1.7.3.exe
4632	MixerLapx Setup 1.7.3.exe
4632	MixerLapx Setup 1.7.3.exe
4632	MixerLapx Setup 1.7.3.exe
5044	old-uninstaller.exe
5044	old-uninstaller.exe
5044	old-uninstaller.exe
4632	MixerLapx Setup 1.7.3.exe
3172	MixerLapx.exe
4872	MixerLapx.exe
2856	MixerLapx.exe
4872	MixerLapx.exe
4872	MixerLapx.exe
4872	MixerLapx.exe
4872	MixerLapx.exe
3172	MixerLapx.exe
3172	MixerLapx.exe
1348	MixerLapx Setup 1.7.3.exe
1348	MixerLapx Setup 1.7.3.exe
1348	MixerLapx Setup 1.7.3.exe
1348	MixerLapx Setup 1.7.3.exe
1348	MixerLapx Setup 1.7.3.exe
1348	MixerLapx Setup 1.7.3.exe
1348	MixerLapx Setup 1.7.3.exe
1348	MixerLapx Setup 1.7.3.exe
2492	old-uninstaller.exe
2492	old-uninstaller.exe
2492	old-uninstaller.exe
1348	MixerLapx Setup 1.7.3.exe
3372	MixerLapx.exe
3156	MixerLapx.exe
3156	MixerLapx.exe
3156	MixerLapx.exe
3156	MixerLapx.exe
3156	MixerLapx.exe
3372	MixerLapx.exe
3372	MixerLapx.exe
4632	MixerLapx.exe
1844	MixerLapx Setup 1.7.3.exe
1844	MixerLapx Setup 1.7.3.exe
1844	MixerLapx Setup 1.7.3.exe
1844	MixerLapx Setup 1.7.3.exe
1844	MixerLapx Setup 1.7.3.exe
1844	MixerLapx Setup 1.7.3.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Command and Scripting Interpreter: PowerShell 1 TTPs 64 IoCs

Run Powershell to get system information.

execution

PowerShell

T1059.001

pid	Process
3648	powershell.exe
244	powershell.exe
4704	powershell.exe
3140	powershell.exe
3144	powershell.exe
2724	powershell.exe
2160	powershell.exe
1704	powershell.exe
2040	powershell.exe
4952	powershell.exe
1128	powershell.exe
4228	powershell.exe
3684	powershell.exe
5108	powershell.exe
4444	powershell.exe
1372	powershell.exe
3928	powershell.exe
2448	powershell.exe
2284	powershell.exe
3388	powershell.exe
4000	powershell.exe
1612	powershell.exe
3112	powershell.exe
732	powershell.exe
2536	powershell.exe
3480	powershell.exe
1384	powershell.exe
3056	powershell.exe
3740	powershell.exe
896	powershell.exe
3348	powershell.exe
940	powershell.exe
4928	powershell.exe
3868	powershell.exe
432	powershell.exe
2856	powershell.exe
2452	powershell.exe
4080	powershell.exe
780	powershell.exe
2416	powershell.exe
2376	powershell.exe
1348	powershell.exe
2780	powershell.exe
1608	powershell.exe
792	powershell.exe
1540	powershell.exe
4820	powershell.exe
4164	powershell.exe
408	powershell.exe
2404	powershell.exe
1892	powershell.exe
2004	powershell.exe
3984	powershell.exe
4000	powershell.exe
4920	powershell.exe
2644	powershell.exe
2760	powershell.exe
4368	powershell.exe
3684	powershell.exe
4088	powershell.exe
2488	powershell.exe
2696	powershell.exe
4888	powershell.exe
240	powershell.exe

Enumerates processes with tasklist 1 TTPs 13 IoCs

discovery

Process Discovery

T1057

pid	Process
2004	tasklist.exe
3588	tasklist.exe
3144	tasklist.exe
1512	tasklist.exe
4104	tasklist.exe
2040	tasklist.exe
4832	tasklist.exe
4044	tasklist.exe
3164	tasklist.exe
2444	tasklist.exe
3764	tasklist.exe
3648	tasklist.exe
2264	tasklist.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 58 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MixerLapx Setup 1.7.3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	old-uninstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MixerLapx Setup 1.7.3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MixerLapx Setup 1.7.3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	old-uninstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	old-uninstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MixerLapx Setup 1.7.3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe

Kills process with taskkill 6 IoCs

evasion

pid	Process
3440	taskkill.exe
5032	taskkill.exe
1872	taskkill.exe
2380	taskkill.exe
2040	taskkill.exe
732	taskkill.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2872	MixerLapx Setup 1.7.3.exe
2872	MixerLapx Setup 1.7.3.exe
1512	tasklist.exe
1512	tasklist.exe
3160	powershell.exe
3160	powershell.exe
2004	powershell.exe
2004	powershell.exe
244	powershell.exe
244	powershell.exe
4544	powershell.exe
4544	powershell.exe
3648	powershell.exe
3648	powershell.exe
2780	powershell.exe
2780	powershell.exe
3624	powershell.exe
3624	powershell.exe
3388	powershell.exe
3388	powershell.exe
4044	powershell.exe
4044	powershell.exe
3240	powershell.exe
3240	powershell.exe
3140	powershell.exe
3140	powershell.exe
5108	powershell.exe
5108	powershell.exe
4820	powershell.exe
4820	powershell.exe
440	powershell.exe
440	powershell.exe
3984	powershell.exe
3984	powershell.exe
2724	powershell.exe
2724	powershell.exe
1612	powershell.exe
1612	powershell.exe
4164	powershell.exe
4164	powershell.exe
4444	powershell.exe
4444	powershell.exe
3112	powershell.exe
3112	powershell.exe
3348	powershell.exe
3348	powershell.exe
244	powershell.exe
244	powershell.exe
2644	powershell.exe
2644	powershell.exe
1384	powershell.exe
1384	powershell.exe
408	powershell.exe
408	powershell.exe
1128	powershell.exe
1128	powershell.exe
4228	powershell.exe
4228	powershell.exe
3684	powershell.exe
3684	powershell.exe
1608	powershell.exe
1608	powershell.exe
4900	powershell.exe
4900	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1512	tasklist.exe
Token: SeSecurityPrivilege	2872	MixerLapx Setup 1.7.3.exe
Token: SeShutdownPrivilege	3024	MixerLapx.exe
Token: SeCreatePagefilePrivilege	3024	MixerLapx.exe
Token: SeDebugPrivilege	3160	powershell.exe
Token: SeIncreaseQuotaPrivilege	3160	powershell.exe
Token: SeSecurityPrivilege	3160	powershell.exe
Token: SeTakeOwnershipPrivilege	3160	powershell.exe
Token: SeLoadDriverPrivilege	3160	powershell.exe
Token: SeSystemProfilePrivilege	3160	powershell.exe
Token: SeSystemtimePrivilege	3160	powershell.exe
Token: SeProfSingleProcessPrivilege	3160	powershell.exe
Token: SeIncBasePriorityPrivilege	3160	powershell.exe
Token: SeCreatePagefilePrivilege	3160	powershell.exe
Token: SeBackupPrivilege	3160	powershell.exe
Token: SeRestorePrivilege	3160	powershell.exe
Token: SeShutdownPrivilege	3160	powershell.exe
Token: SeDebugPrivilege	3160	powershell.exe
Token: SeSystemEnvironmentPrivilege	3160	powershell.exe
Token: SeRemoteShutdownPrivilege	3160	powershell.exe
Token: SeUndockPrivilege	3160	powershell.exe
Token: SeManageVolumePrivilege	3160	powershell.exe
Token: 33	3160	powershell.exe
Token: 34	3160	powershell.exe
Token: 35	3160	powershell.exe
Token: 36	3160	powershell.exe
Token: SeShutdownPrivilege	3024	MixerLapx.exe
Token: SeCreatePagefilePrivilege	3024	MixerLapx.exe
Token: SeDebugPrivilege	2004	powershell.exe
Token: SeIncreaseQuotaPrivilege	2004	powershell.exe
Token: SeSecurityPrivilege	2004	powershell.exe
Token: SeTakeOwnershipPrivilege	2004	powershell.exe
Token: SeLoadDriverPrivilege	2004	powershell.exe
Token: SeSystemProfilePrivilege	2004	powershell.exe
Token: SeSystemtimePrivilege	2004	powershell.exe
Token: SeProfSingleProcessPrivilege	2004	powershell.exe
Token: SeIncBasePriorityPrivilege	2004	powershell.exe
Token: SeCreatePagefilePrivilege	2004	powershell.exe
Token: SeBackupPrivilege	2004	powershell.exe
Token: SeRestorePrivilege	2004	powershell.exe
Token: SeShutdownPrivilege	2004	powershell.exe
Token: SeDebugPrivilege	2004	powershell.exe
Token: SeSystemEnvironmentPrivilege	2004	powershell.exe
Token: SeRemoteShutdownPrivilege	2004	powershell.exe
Token: SeUndockPrivilege	2004	powershell.exe
Token: SeManageVolumePrivilege	2004	powershell.exe
Token: 33	2004	powershell.exe
Token: 34	2004	powershell.exe
Token: 35	2004	powershell.exe
Token: 36	2004	powershell.exe
Token: SeDebugPrivilege	244	powershell.exe
Token: SeShutdownPrivilege	3024	MixerLapx.exe
Token: SeCreatePagefilePrivilege	3024	MixerLapx.exe
Token: SeIncreaseQuotaPrivilege	244	powershell.exe
Token: SeSecurityPrivilege	244	powershell.exe
Token: SeTakeOwnershipPrivilege	244	powershell.exe
Token: SeLoadDriverPrivilege	244	powershell.exe
Token: SeSystemProfilePrivilege	244	powershell.exe
Token: SeSystemtimePrivilege	244	powershell.exe
Token: SeProfSingleProcessPrivilege	244	powershell.exe
Token: SeIncBasePriorityPrivilege	244	powershell.exe
Token: SeCreatePagefilePrivilege	244	powershell.exe
Token: SeBackupPrivilege	244	powershell.exe
Token: SeRestorePrivilege	244	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 1408	2872	MixerLapx Setup 1.7.3.exe	79
PID 2872 wrote to memory of 1408	2872	MixerLapx Setup 1.7.3.exe	79
PID 2872 wrote to memory of 1408	2872	MixerLapx Setup 1.7.3.exe	79
PID 1408 wrote to memory of 1512	1408	cmd.exe	81
PID 1408 wrote to memory of 1512	1408	cmd.exe	81
PID 1408 wrote to memory of 1512	1408	cmd.exe	81
PID 1408 wrote to memory of 1412	1408	cmd.exe	82
PID 1408 wrote to memory of 1412	1408	cmd.exe	82
PID 1408 wrote to memory of 1412	1408	cmd.exe	82
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1356	3024	MixerLapx.exe	88
PID 3024 wrote to memory of 1456	3024	MixerLapx.exe	89
PID 3024 wrote to memory of 1456	3024	MixerLapx.exe	89
PID 3024 wrote to memory of 3160	3024	MixerLapx.exe	90
PID 3024 wrote to memory of 3160	3024	MixerLapx.exe	90
PID 3024 wrote to memory of 2004	3024	MixerLapx.exe	92
PID 3024 wrote to memory of 2004	3024	MixerLapx.exe	92
PID 3024 wrote to memory of 244	3024	MixerLapx.exe	94
PID 3024 wrote to memory of 244	3024	MixerLapx.exe	94
PID 3024 wrote to memory of 4544	3024	MixerLapx.exe	96
PID 3024 wrote to memory of 4544	3024	MixerLapx.exe	96
PID 3024 wrote to memory of 3648	3024	MixerLapx.exe	98
PID 3024 wrote to memory of 3648	3024	MixerLapx.exe	98
PID 3024 wrote to memory of 2780	3024	MixerLapx.exe	100
PID 3024 wrote to memory of 2780	3024	MixerLapx.exe	100
PID 3024 wrote to memory of 3624	3024	MixerLapx.exe	102
PID 3024 wrote to memory of 3624	3024	MixerLapx.exe	102
PID 3024 wrote to memory of 3388	3024	MixerLapx.exe	104
PID 3024 wrote to memory of 3388	3024	MixerLapx.exe	104
PID 3024 wrote to memory of 4044	3024	MixerLapx.exe	106
PID 3024 wrote to memory of 4044	3024	MixerLapx.exe	106
PID 3024 wrote to memory of 3240	3024	MixerLapx.exe	108
PID 3024 wrote to memory of 3240	3024	MixerLapx.exe	108
PID 3024 wrote to memory of 3140	3024	MixerLapx.exe	110
PID 3024 wrote to memory of 3140	3024	MixerLapx.exe	110
PID 3024 wrote to memory of 5108	3024	MixerLapx.exe	112

C:\Users\Admin\AppData\Local\Temp\MixerLapx Setup 1.7.3.exe
"C:\Users\Admin\AppData\Local\Temp\MixerLapx Setup 1.7.3.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq MixerLapx.exe" /FO csv | "C:\Windows\system32\find.exe" "MixerLapx.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1408
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq MixerLapx.exe" /FO csv
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1512
- - C:\Windows\SysWOW64\find.exe
    "C:\Windows\system32\find.exe" "MixerLapx.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1412

C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
"C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
  "C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\MixerLapx" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1728,i,14882471268913793376,446081935828675778,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1720 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1356
- C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
  "C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\MixerLapx" --field-trial-handle=1888,i,14882471268913793376,446081935828675778,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1884 /prefetch:11
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1456
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3160
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2004
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:244
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:3648
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:2780
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3624
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:3388
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4044
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3240
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3140
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5108
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:4820
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:440
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:3984
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:2724
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:1612
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:4164
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:4444
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:3112
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:3348
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:244
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2644
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:1384
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:408
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:1128
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:4228
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:3684
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:1608
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4900
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:792
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:4732
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4000
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2452
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:3156
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:4552
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:732
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:4832
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4888
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:2436
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4920
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1540
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4704
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:240
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:4708
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:2500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "& {Add-Type -AssemblyName System.Windows.Forms; [System.Windows.Forms.MessageBox]::Show('The application was unable to start correctly (0xc000007b). Click OK to close the application.', 'Application Error', [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Error)}""
  2⤵
  PID:4496
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "& {Add-Type -AssemblyName System.Windows.Forms; [System.Windows.Forms.MessageBox]::Show('The application was unable to start correctly (0xc000007b). Click OK to close the application.', 'Application Error', [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Error)}"
    3⤵
    PID:2996

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\MixerLapx Setup 1.7.3.exe
"C:\Users\Admin\AppData\Local\Temp\MixerLapx Setup 1.7.3.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4632
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq MixerLapx.exe" /FO csv | "C:\Windows\system32\find.exe" "MixerLapx.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2440
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq MixerLapx.exe" /FO csv
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    PID:2004
- - C:\Windows\SysWOW64\find.exe
    "C:\Windows\system32\find.exe" "MixerLapx.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2696
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c taskkill /im "MixerLapx.exe" /fi "PID ne 4632" /fi "USERNAME eq %USERNAME%"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1508
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /im "MixerLapx.exe" /fi "PID ne 4632" /fi "USERNAME eq Admin"
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:1872
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq MixerLapx.exe" /FO csv | "C:\Windows\system32\find.exe" "MixerLapx.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3136
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq MixerLapx.exe" /FO csv
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    PID:2264
- - C:\Windows\SysWOW64\find.exe
    "C:\Windows\system32\find.exe" "MixerLapx.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3016
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c taskkill /f /im "MixerLapx.exe" /fi "PID ne 4632" /fi "USERNAME eq %USERNAME%"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2564
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im "MixerLapx.exe" /fi "PID ne 4632" /fi "USERNAME eq Admin"
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:2380
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq MixerLapx.exe" /FO csv | "C:\Windows\system32\find.exe" "MixerLapx.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1384
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq MixerLapx.exe" /FO csv
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    PID:4044
- - C:\Windows\SysWOW64\find.exe
    "C:\Windows\system32\find.exe" "MixerLapx.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4664
- C:\Users\Admin\AppData\Local\Temp\nseDC23.tmp\old-uninstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\nseDC23.tmp\old-uninstaller.exe" /S /KEEP_APP_DATA /currentuser --keep-shortcuts --updated _?=C:\Users\Admin\AppData\Local\Programs\MixerLapx
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5044
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq MixerLapx.exe" /FO csv | "C:\Windows\system32\find.exe" "MixerLapx.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2416
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq MixerLapx.exe" /FO csv
      4⤵
      Enumerates processes with tasklist
      System Location Discovery: System Language Discovery
      PID:4104
  - - C:\Windows\SysWOW64\find.exe
      "C:\Windows\system32\find.exe" "MixerLapx.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4676

C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
"C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3172
- C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
  "C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\MixerLapx" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1716,i,10461163625621933425,3638647549590001106,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1708 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4872
- C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
  "C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\MixerLapx" --field-trial-handle=1964,i,10461163625621933425,3638647549590001106,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1960 /prefetch:11
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2856
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:2264
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:2336
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5076
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:1516
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2416
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:3144
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2644
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:1904
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:3140
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:3480
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:940
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:2128

C:\Users\Admin\AppData\Local\Temp\MixerLapx Setup 1.7.3.exe
"C:\Users\Admin\AppData\Local\Temp\MixerLapx Setup 1.7.3.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1348
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq MixerLapx.exe" /FO csv | "C:\Windows\system32\find.exe" "MixerLapx.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1828
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq MixerLapx.exe" /FO csv
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    PID:3164
- - C:\Windows\SysWOW64\find.exe
    "C:\Windows\system32\find.exe" "MixerLapx.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2500
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c taskkill /im "MixerLapx.exe" /fi "PID ne 1348" /fi "USERNAME eq %USERNAME%"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5044
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /im "MixerLapx.exe" /fi "PID ne 1348" /fi "USERNAME eq Admin"
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:2040
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq MixerLapx.exe" /FO csv | "C:\Windows\system32\find.exe" "MixerLapx.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4652
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq MixerLapx.exe" /FO csv
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    PID:3588
- - C:\Windows\SysWOW64\find.exe
    "C:\Windows\system32\find.exe" "MixerLapx.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2744
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c taskkill /f /im "MixerLapx.exe" /fi "PID ne 1348" /fi "USERNAME eq %USERNAME%"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3376
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im "MixerLapx.exe" /fi "PID ne 1348" /fi "USERNAME eq Admin"
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:732
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq MixerLapx.exe" /FO csv | "C:\Windows\system32\find.exe" "MixerLapx.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2000
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq MixerLapx.exe" /FO csv
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    PID:2444
- - C:\Windows\SysWOW64\find.exe
    "C:\Windows\system32\find.exe" "MixerLapx.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4656
- C:\Users\Admin\AppData\Local\Temp\nsl12B4.tmp\old-uninstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\nsl12B4.tmp\old-uninstaller.exe" /S /KEEP_APP_DATA /currentuser --keep-shortcuts --updated _?=C:\Users\Admin\AppData\Local\Programs\MixerLapx
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2492
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq MixerLapx.exe" /FO csv | "C:\Windows\system32\find.exe" "MixerLapx.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3592
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq MixerLapx.exe" /FO csv
      4⤵
      Enumerates processes with tasklist
      System Location Discovery: System Language Discovery
      PID:2040
  - - C:\Windows\SysWOW64\find.exe
      "C:\Windows\system32\find.exe" "MixerLapx.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4832

C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
"C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3372
- C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
  "C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\MixerLapx" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1744,i,152337805713621,17062995454504911175,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1736 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3156
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:3136
- C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
  "C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\MixerLapx" --field-trial-handle=1960,i,152337805713621,17062995454504911175,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1956 /prefetch:11
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4632
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:3868
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:3172
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1372
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:1436
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:4240
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2160
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2760
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4000
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2376
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:432
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:3232
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4368
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:2144

C:\Users\Admin\AppData\Local\Temp\MixerLapx Setup 1.7.3.exe
"C:\Users\Admin\AppData\Local\Temp\MixerLapx Setup 1.7.3.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1844
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq MixerLapx.exe" /FO csv | "C:\Windows\system32\find.exe" "MixerLapx.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4004
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq MixerLapx.exe" /FO csv
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    PID:4832
- - C:\Windows\SysWOW64\find.exe
    "C:\Windows\system32\find.exe" "MixerLapx.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4520
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c taskkill /im "MixerLapx.exe" /fi "PID ne 1844" /fi "USERNAME eq %USERNAME%"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3192
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /im "MixerLapx.exe" /fi "PID ne 1844" /fi "USERNAME eq Admin"
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:3440
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq MixerLapx.exe" /FO csv | "C:\Windows\system32\find.exe" "MixerLapx.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:796
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq MixerLapx.exe" /FO csv
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    PID:3764
- - C:\Windows\SysWOW64\find.exe
    "C:\Windows\system32\find.exe" "MixerLapx.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2692
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c taskkill /f /im "MixerLapx.exe" /fi "PID ne 1844" /fi "USERNAME eq %USERNAME%"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:924
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im "MixerLapx.exe" /fi "PID ne 1844" /fi "USERNAME eq Admin"
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:5032
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq MixerLapx.exe" /FO csv | "C:\Windows\system32\find.exe" "MixerLapx.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3876
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq MixerLapx.exe" /FO csv
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    PID:3648
- - C:\Windows\SysWOW64\find.exe
    "C:\Windows\system32\find.exe" "MixerLapx.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3140
- C:\Users\Admin\AppData\Local\Temp\nsy5839.tmp\old-uninstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\nsy5839.tmp\old-uninstaller.exe" /S /KEEP_APP_DATA /currentuser --keep-shortcuts --updated _?=C:\Users\Admin\AppData\Local\Programs\MixerLapx
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1128
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq MixerLapx.exe" /FO csv | "C:\Windows\system32\find.exe" "MixerLapx.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3924
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq MixerLapx.exe" /FO csv
      4⤵
      Enumerates processes with tasklist
      System Location Discovery: System Language Discovery
      PID:3144
  - - C:\Windows\SysWOW64\find.exe
      "C:\Windows\system32\find.exe" "MixerLapx.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1760

C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
"C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe"
1⤵
- Executes dropped EXE
PID:3076
- C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
  "C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\MixerLapx" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1756,i,17943205911662951016,3813127174270054710,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1748 /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:4128
- C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
  "C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\MixerLapx" --field-trial-handle=1980,i,17943205911662951016,3813127174270054710,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1976 /prefetch:11
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:1520
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2404
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:3684
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2536
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5064
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:4708
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:3704
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2856
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1704
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4080
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:3364
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4088
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:3928
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1892
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:3144
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2488
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:3016
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2696
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:3928
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2040
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4928
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:3480
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:780
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:4164
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:3772
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:1748
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:4928
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:3480
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5108
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1348
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4952
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:128
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:3056
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:1828
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2284
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:2760
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:3012
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:3372
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:2784
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:3480
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:1008
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:3740
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:896
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2448
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:1032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "& {Add-Type -AssemblyName System.Windows.Forms; [System.Windows.Forms.MessageBox]::Show('The application was unable to start correctly (0xc000007b). Click OK to close the application.', 'Application Error', [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Error)}""
  2⤵
  PID:956
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "& {Add-Type -AssemblyName System.Windows.Forms; [System.Windows.Forms.MessageBox]::Show('The application was unable to start correctly (0xc000007b). Click OK to close the application.', 'Application Error', [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Error)}"
    3⤵
    PID:1204

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:4176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
05850c6c0442ea6966fe2a888f219f4b

SHA1
e6b1c8eb783b307672a6f06b785a7e9b78633b46

SHA256
f51b54c5f5074076216b2d0a3e66c13e80d8f1da311614ec15c9170dff11ad5a

SHA512
9db20e00e103700f67256568e38f9b37f29af3c30f3454a38b3e033c6c2f6bd796c5b5a8c5faa98bb45d7521d76c2bf323d503b8a0196cacbd701167d441c6f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
a1c9054b0c7a27a240a45a000ae5b97b

SHA1
66afb3b60717e4683729fbec001975906b306526

SHA256
3ad82f109ab1270e9462f5a027c81870b6e27adac8630f9571295980f3c6c88f

SHA512
ba9c4be670df12feb89de4124b9f09ff6fc87205356238b8a3bf0d0cb3c0f6b729bf313c2d57a615a6204079db21f7a7fa4938d525194469f031fa379436df55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
8e2682fc64d4d61d3184047e4d5cdbd5

SHA1
8296728addb9b2e303c55aa3568b04fe0ac74765

SHA256
fb1f21fce5473918d11399ec586c7e539e65ffd614817df6e16d8bc21e97c378

SHA512
4df51c8eae53485ec324bef77bc8016e8da8d2e8a082fdf237fa5bc8a83a4335a8b99be2a7fc44bbed3bdf1e4245dd843f47440fab0af30acd2e9cc658196b77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
f83106c0267a9ade1fb6a9a6eb1aeb18

SHA1
6239606f5148437b934d0921d8ad861f6f072296

SHA256
ad8c637107f24b1bbedb342f42002a2f860ae9d55176c6dfb77d43cf803b0192

SHA512
20659006c61654f7e47229586a317ad8a08a627bffd4335b68346a492714e8a6f4241fc8b9bdaddc2df6145eb603406e54ac88a6929f07511b89003044e1cffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
de59bde311feb3d088f51745ccbd3ae6

SHA1
2d1dcfad73716b29c5d7ae8478a28032a8347e0d

SHA256
cdfc26d19d688a8086baeb6b8e717e5146409a4607cab78d4d802b6dda454d9c

SHA512
570732fdb43587882ffdfa978cc373909c7d3377dba10196c4161376e9c3f372e7caa4dd20a84ed3905211ce066aa603293eeb934e354dc46f8fd69b1fc0912f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
6174dad5dd2eb8eb878582ebfe570f85

SHA1
2a5277030ed91fa720a4f8a8b5e099c49b70a8fb

SHA256
ae7927c7638ad4942fc5199f5db434696e2e3041023afc7bbd9a23a472d0164b

SHA512
3fce1985725ef7a7dbdb98ea86e1fabbd1e2f98d225f680eead0c591035d42a152163cde647e0693261b27f27db8db7c03224629c50337a830420f50e6e9a6d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
46d80978eadf19b503882f748308099e

SHA1
10b02a098077d462be2dedef2e3d80a57711561c

SHA256
2875c70904fb6f7de96fff4271bc3f58a8a340427d91898f09b82de9660f28e4

SHA512
6af49afa7f63db8009b95ca4f67ff067714c1ac582b6fc6836f9d4700da2c54a8ca3275149e370ba8775e812059283ebc54693b25c320d5ef58b00cff55edbe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
ff1c2d16ce65fcf5eebf5b275f60bab3

SHA1
110027a0db810e3f65e7c12629ba3b525b83748a

SHA256
f679ad30ee2b140b1097f5db112d55bf91f7795c32d1c92b9d39755cb722137c

SHA512
d21292bbe7b8fed4c6d526ccb8a3f5d97d87890c6d65260cb88f16e065eba24f14db62be9b8df3e19b6a17b11af1f58f8c8d406280b5e4d101d567a7f55120f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
ee46f130f6e0a3d27fba7d3b7f73ff5b

SHA1
e9518be88fd5aaff3b45d97605031f7df08b3d3b

SHA256
bfc7cdd81857f8b89dc8fb94790ea6ccb76ef51c7e9ae405b354e648e969ca80

SHA512
aa34a9f0847025c742203d2738efdca01fcfd3821350f90184c91dd8b1ac6d9a28890278595f24c97136732c703fe27d136e9ae6903068a47836ad98693f930a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
9ef95de05139bc0a3867fbd7485ec9f6

SHA1
98d9b592759f5fcf513a69168b694aaae19615f3

SHA256
ca836778620fdab8dae47ddaafd079ab85dd83e8d2e4fe2a054afa7e7930d100

SHA512
6e5bc8856702581dbae770eead3c2e4e4138e246af997716d8487fcd4f6581b7f07cc99b80bd30341b7509e4a0d9de426d96b55176bf5ffcea73a35a1e719f69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
9c33215baa5955c2bb8f83e1679ce55b

SHA1
307986652c8342e1f9cc3ac422bd2fdd03d2d84b

SHA256
9ef2471e253bc9223f5ad75025884aeacc9efb65b7ab05b29a46898cb61378c2

SHA512
2bf6c1af58dc5a51bb4345cd8d29e1e3aa2585b834d62720938747a18bbf7f3c66967706443a5f3915cd52bdd3059ca6701a9ae3b4088aaa1ef5904655e4dad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
722fd110314a909325a2a411a64a4706

SHA1
d7440c31779ca7dada65bbd75c5c7b060856dd2b

SHA256
a6934961f8fa61e91664e579e3c736078f95cbcab0de69f6145b317a10ecfe27

SHA512
3e677370a199d3322dbc057f00e773c6c31d54ba8687f9c995ce2e0f8c26b71b5958f3ef0ee5d32d76bde1c35fcd158b57671d724f974d5c51b72bc74509b254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
a8c5d66e32b1b6492c4bc2b457719c1e

SHA1
3fb708e6e9a8f21973b07b32888f0d5378645e63

SHA256
555a853cf629a81def14aca7ea72e3604b113bff010956cb3771308081a49d72

SHA512
a27e9860050dc334b43beb9a91ef767010a93b63b4422de0a811b73ba17c1288c57c5c59203a7ae4242a2c1ee7e11f3baf94a9386839466312ebc702c27c02f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
f092198303788f31f51d234cb4276250

SHA1
675632d3d77774a28b92d3e199f044b25a962b74

SHA256
4969f8aace26e9adbf40d818ba0072fd4d27909f9ee451a6f0f83daac46099c2

SHA512
cda40aa5173bd4a5e7cf646cc0e3ecfde158eb8edeec61c2b2d845335262e699338a3fbd31d88dd18adc5b5a269bec6546723b19bda1ef5a6557f4a77ace2d8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
cdd5325e482468426ec3cec86a9cf85a

SHA1
1aab3c6981ab5f261c787b4dcd35be0f1b98f6e1

SHA256
3520a92f89bdabd1c7ebb91e77007cefb2f45978095fec5559b9a90249f01eff

SHA512
a34a502585838750b910d79c038a84c761b9f0f4724ebcd769a4edac0e1953de3ef765f8477596a8bc12bcb2b79ab37fba4af24defc304c9e012ae630a9aa949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
d7eea1629b70cc7ebf9bd20059e83581

SHA1
c828586f7d588b4cacf0aff5c33561efad9e297b

SHA256
5d7470a644b39c3e8d246d448c7ba9424cdac7b9767f5e260b3133b6f93f1244

SHA512
6df7c11bb180519842e276641bcce9dbf46ecb3ac7b436045531fcaa93ff15c2a3b648dc5b4a2f8dcd4d0d8c641bac5d8b598d7ac7de83b5b1c722dfa79c2694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
24c7e958091800e99ebf11fd3c6395d6

SHA1
98239a39414dec73aa480b2a06441c574bf65ffc

SHA256
de898d13b29cce4f50396d7b6371acf23fd9e0a7dc9ae4a240e5ca608e4df014

SHA512
f30f9fe2e7902008adb65c2f6d2aa6a50c2b240d8f999a4dd84791414bea84657df6c4980b80a6f4413af22f0ee03ea55af266d5f13d8622a6c99c86b8c5ed8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
ba3521778b7f5c6f9b21f42d33e13c70

SHA1
34bc003ad0247d3e1c1ce87f77f11d8f6716e3c6

SHA256
4518a788cb18d37672dcad29612aaea0cc4015898b66ddd48e1ba4c428faf3ec

SHA512
54cdb6b4bdf0e29e9971a8f36372c9007226ac12e6ad2331b054a5d025873d0123bdfe6511ca29bbe3ef06d74b6c6dbee911ec440e9d32f4ee04b576859f72e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
cbd10c66a0b9614a6831e9bb184e7dbc

SHA1
6799903e8531ef431b841ed143ac817c67e40de1

SHA256
63a20b5ffbf77d6c244ddffd6c1fa536f22affdea2a96b6f11269742c5d34d23

SHA512
3f2e2d423cc1c6af92a7d0f92eb7fc442f44cf5081331b78188e25967f12b3a71928243101514e70aaa1c03cd69ec77cdaebc0613c00934d77c7bdc9935ae46d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
c3bc58cfe2b0ae2446310eae177b4276

SHA1
5b70536697a8f9305fc99ad02ba50f7186cfa460

SHA256
b4f33585e7b19dce637b0b6e7fff461b5d087781c4db3216a673046ddf7ba4c6

SHA512
cca754360ea01539b45158bd03bdb261c9a285b79f781867a672eb596409e11f6930174ea8df5ee35149ee074a023bb62116ecc21a93d0f1ba47f18eae746c01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
6a515662f521977e40b5a5f306a5345b

SHA1
98969bb20c98edef9f853a96534ef38f8f1a74c7

SHA256
1aef5758cecf185fc9b50dcb925ae780c4bc46282cf60e550d41ebfa2ed12937

SHA512
9903f4d8db35c4f1ef027391e79cd1084dc20762f6c85f1de1b9f6566e99fe35625a1199d09eca3a54a1c631f09010cbb70a03dfaf2357d21ccd4cfcfeec575c

Download Submit
C:\Users\Admin\AppData\Local\Programs\MixerLapx\Uninstall MixerLapx.exe

Filesize
135KB

MD5
b57b19671db20b9256980beb8ae04136

SHA1
b84162a4dcd4e8ce58e62a78d21438e72af799be

SHA256
ea9fc6ff8148ef53814b56fc7348f5ba1c777fbb38559b478969954aa042b5e4

SHA512
75c216e30f3508282b0c1241cb00e5701f9f4f1205318cc26839bb0f21e741e41829e4415f8749ed3700c8666b82db9c81fdfba28926dabda4e3564e30db8bd9

Download Submit
C:\Users\Admin\AppData\Local\Programs\MixerLapx\chrome_100_percent.pak

Filesize
147KB

MD5
3c72d78266a90ed10dc0b0da7fdc6790

SHA1
6690eb15b179c8790e13956527ebbf3d274eef9b

SHA256
14a6a393c60f62df9bc1036e98346cd557e0ae73e8c7552d163fa64da77804d7

SHA512
b1babf1c37b566a5f0e5f84156f7ab59872690ba0bdd51850525f86769bfebc245f83988a3508945cf7617d73cd25e8469228974dd2c38415388b6a378552420

Download Submit
C:\Users\Admin\AppData\Local\Temp\3a8aad7d-ca9c-4783-a976-0ed5c738c40d.zip

Filesize
296KB

MD5
6ff74ab38e3c67c5698957e0b0a9c532

SHA1
d3bcdfefab62a793be8710d2ba4a79d2053b79d7

SHA256
1ad8074bb57ba954cd0a50e0a5d3b0cf343fb132e23f21bf420a6768acc3162b

SHA512
e4cada79701cb9266c6f027e8230c86888d3067c30bc2952532efc947367701cfd0bedea67b803a8f51a25b19e54cd2b817f2d22569c204b49389106f41887ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_04ybvrsi.kha.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\e27b5322-92ac-4af5-b32e-f1a8e2db0764.zip

Filesize
296KB

MD5
7ec07491d52a7a489eef9f6707e15810

SHA1
ffc47ce7895c54c5a191622ce3dbb22b847a31bb

SHA256
578a6ad41b6d3b51de11429f626dfdeca97f286c56862d644aa83f0bbe492fff

SHA512
8a45c4a0d8bb46bfc8d2a375c1df2b478f0dd61aeecc12b32e42f82636ff7c8f57827422de7d0a9e5f463723da4564102e42ddb52fd692b84505ced93fb100c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\e27b5322-92ac-4af5-b32e-f1a8e2db0764\ImportantFiles\BackupDismount.doc

Filesize
296KB

MD5
e9a6a31c2e9b1a78f5d0c8ca8ed87378

SHA1
3ac260d6078263727a64a9a71388bbb54c7973c7

SHA256
fe098847b2d1f06dae938545caffaff9898607776ef4fc453a655d773e2dfec1

SHA512
0edc25a6ad2abcbac72069ac519a5d388fe6f9df4b64767837f1eb810aa55f9a0f27d5cba7d1ee951cb54775e522c32386013172bb222fed3ab75eb9fd5788cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\LICENSES.chromium.html

Filesize
9.0MB

MD5
f017c462d59fd22271a2c5e7f38327f9

SHA1
7e1bbeea6ac2599bd0f08877aa5811d32f1aceb9

SHA256
40f314c778851106918aae749d75b2d913984327602a1bfb7ef0cc6443ff2a37

SHA512
72177281486f6ec26ccc743b43481c31470c7dd53f17b0a67ac087dded190c2e3dde5570260150c2e9650186a515740af7f81e31965c95bb762340f9ac100c07

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\chrome_200_percent.pak

Filesize
222KB

MD5
3969308aae1dc1c2105bbd25901bcd01

SHA1
a32f3c8341944da75e3eed5ef30602a98ec75b48

SHA256
20c93f2cfd69f3249cdfd46f317b37a9432ecc0de73323d24ecf65ce0f3c1bb6

SHA512
f81ed1890b46f7d9f6096b9ef5daab5b21788952efb5c4dcd6b8fd43e4673a91607c748f31434c84a180d943928d83928037058493e7e9b48c3de1fc8025df7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.7MB

MD5
a7b7470c347f84365ffe1b2072b4f95c

SHA1
57a96f6fb326ba65b7f7016242132b3f9464c7a3

SHA256
af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

SHA512
83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\ffmpeg.dll

Filesize
2.8MB

MD5
ebf0485fbf546b010c2b10c5c8e7d5ed

SHA1
a4a546f6be93bae535aa724ce2832f428cc91f89

SHA256
46a20d91861f6e966959635dd5f1adfd7f33449dd814a9aecf207b0cd53117ba

SHA512
9e6011c0269556376907850fddac8fdf50e132434da7daf4d87be83c1b89b7aef847b25b6216686915225a82374fac6ff987f22efc01d5b1c2cc81d53d7facc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\icudtl.dat

Filesize
10.0MB

MD5
ffd67c1e24cb35dc109a24024b1ba7ec

SHA1
99f545bc396878c7a53e98a79017d9531af7c1f5

SHA256
9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92

SHA512
e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\libEGL.dll

Filesize
473KB

MD5
4c01b3614be1f38a6d594443a547c257

SHA1
7eaa456b164613577d0965ab5a57ba2b681a6ffa

SHA256
e36da1a4228899bebe50cc5da1fcbbc590cdcb3ddee0b2a19defd99a805b6ed4

SHA512
b72fc071dc791c63978465a68c9a4904d5f1c458d302bb710e83576f20ef928d73c487248a305bb455990c2d8a6b894ee47d88bca6bc92360f286849ae1a1257

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\libGLESv2.dll

Filesize
8.0MB

MD5
9bbeb7b27646442c8bc2d202a73516d5

SHA1
a7f7a52dc45bf130581953e07ce9b9851cbce90a

SHA256
2b80817443265e7979b9a77075492e8e29be3ba775d20f646cdda391efbab21c

SHA512
f9826e43f53bb9b906b5c62ff2502d4e8dc3ff99b72420cf313a5811061cb146651cba3b8f864f34dfcfd51c6e3b39a0a640719ef94d7696bdc4fab7e9d16785

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\af.pak

Filesize
508KB

MD5
09455048c30cecbb17d6e0e95e4c01da

SHA1
6572850b07df45933ed57754f72c44895a7ef662

SHA256
e973763dcc0ffd7a5afe0a62ec9651c4c3db7fe29a23797fafc34b83512d03aa

SHA512
f59b68c213815ad81379c964abe6597b900b9fac5fe17e2cb378d015c4803f96b598ef70333d594599b3283a88a9ca9cb2475afc2590eda2ddf7b041ba2368e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\am.pak

Filesize
822KB

MD5
1c47cbc228940f5c645f2fd77602253e

SHA1
474a5006ae9ae774b5d420c2f1fb0d0f2ff36afb

SHA256
5245154c986ca89ef53a24a4246345e3db01ebe47219f1d0772935b03e81e37b

SHA512
dd4e7c1e26759001ab1ef63f93e847e2908c78d943c7546c88e1988d96a6625f9de9e0ab8b38af4c7b07202e1a5488023cc3429075de6c9b9394307c88442673

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\ar.pak

Filesize
901KB

MD5
513e6bea67200feef37fb2e8c7fcec36

SHA1
b0edbb5846b8ddfd95ad74905e890892192279d3

SHA256
00a9c88b644807369637ddb78d9832d7137b5f1c64ca9720a36bfccea8c38d98

SHA512
fbc184640fc419b50f6b1a78168a9efb63f8ac4c151baed17b5e9b9d333a360dce109351654ebf1c71c97471917c922456cf9c816118c6c781efdee14d8360fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\bg.pak

Filesize
938KB

MD5
e1322b5cdbb96d2cf4a5fa5993c2acc6

SHA1
e813a5685b1885c2788c4826a8f8659493febbf5

SHA256
39707fb80e38e9404accac5f12ff1f3745589bd80b1586e2208b27c0c8eafcc2

SHA512
2c6e766d671bc4ac772196e40b818039fc88f02eeaa59f78c78558e5e2670c1fb7fed9391684160c0af5a92acf8991533b298b5aabc3919c706f23f094f2ac15

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\bn.pak

Filesize
1.2MB

MD5
880e325d5643051ad7e29c2280fab954

SHA1
cc46cff349031f9036cafafd3c091d1a5ab93f2f

SHA256
2fbcb9524eba04637e3f6c2874f7fce917326ba90877e1715eae4b35f141dd3d

SHA512
d16d085bd51ad267738c649f6bbfb15b8ce5ac73b838cfb7e2ab0f4c135317c358b83a7b5d3506c492f75b97edb8d1eeee9733d12c9eca1bc51012d660b9e912

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\ca.pak

Filesize
571KB

MD5
84b1e5be23e838708773d4e022f99986

SHA1
53e411d571605a0a86a1040bff32a5e951ce9ee8

SHA256
faff0931e9479b76d2b6247739d4f934023a64bbe8578be08e2dd0eb053231f6

SHA512
8afc396b859fbd0c03d1b7604f5cd80d41fd8e3df52ab88ba22a31a6a0df447671377f2ad0f6797682da6aa32d7c779defa1097ee140af207adc94575957fca8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\cs.pak

Filesize
589KB

MD5
709ed2e9426081c9e86d9abdc74b44a3

SHA1
f55fc17c8b9bc5f09a539ecb8b995c1b43fc4d25

SHA256
6597d0dadf724999741e0f24953ce9be02c8b98ecb8a382115b205edde87c160

SHA512
992ba983cb8b24bf0ff190715c5845f34b13f17227486350fc736c872ac8f0b21347f5f6d13e2e204e928ec664e283ca65b65f72d9910725f55d737b6c5fda40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\da.pak

Filesize
533KB

MD5
96bbef1eee0b0a197ec834839c00e11c

SHA1
35adba0aafbb4d19015e11dde1f37de87292252d

SHA256
600e02877374dc083b21deb3cc3bf6a4e3e2b2c581a631955494b0591c56289c

SHA512
e1ae7ad30735b6c42f81d30d50162330603753b0ce7705506918d0bf3bf9a52ac60f8fca570cdfe87f0d6dd46cfa3064d5a1526d39d81a053571b434b1cbffe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\de.pak

Filesize
569KB

MD5
3a9f06d1708b7620e2639851024ed0b8

SHA1
51c0d824bf38250ec0aae58e63141489931f02ec

SHA256
91da97794994f6544707299fee6b775745dc3891fc879d8e8a05844c6383eb53

SHA512
08e80783de403651af208387a3191db30d1353cc25f310c917a1133b2622e4b6809bc2bd881517678e9229e6492705c5f45be3e849c0512c4a651c5b7026c926

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\el.pak

Filesize
1.0MB

MD5
4009c890acb9b81928e6e1a4b593dd62

SHA1
83083e9c948ebba18fa990e230ee33fceae43cbc

SHA256
897b6fae230e6a3cd14e16eb537f96d820950f5a4537fe146a732ab028b7124d

SHA512
b4c87024d3cd612b8af6f73b31853936614f4315ba9a48b4687120dc64e1794c568c4e074e41ae6f8dedeab61484e145dc0ca3bdb95482fd85492fddc26ab6ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\en-GB.pak

Filesize
463KB

MD5
ceba44242f8b24b70c9b59b5094d8da8

SHA1
84e16c522ad397289a923e5cd4b012e2d323af4e

SHA256
b0fd61679565a7649c90214efecdf6e1231a8e7895dad93452bfa1425417d5b7

SHA512
31cd936157a7408a43dcba597f6e098499dd4c5fc011ef818ce93eb7a05c9d354229c3b2295dbc290a6d3f3600373f18f75b334ba9013a5dc0be44c82f2e51bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\en-US.pak

Filesize
467KB

MD5
d47cded365a28d27906414035c1cb3ca

SHA1
429123c86f6ca48a89bedc9a26027e01508e6db9

SHA256
46958caf9847e33a11593ad024d5a95cc696edcd4620cf07e7b2b78c72b9c00c

SHA512
1a16d784913fead116460c9ff42e21ae482865cfe2d6ed1b1296496e46a05e513f8d048fa4d245e7a82ef61de4c4130696d5b1c647c918995f6877a888bd0853

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\es-419.pak

Filesize
562KB

MD5
ae62374bc2e71d9abed6e0c1d4bfe309

SHA1
624a8210376e11814485fe90a8825bb6ca883188

SHA256
48bd8f17823ce0f0a6f1c9fda020d5b5655e2419634f92725ab263339d9a321a

SHA512
345794d617dd3aa200ca248566e9ba36dc846af9afe259545b5a61e787b1b52e112c7eb68bc025b0d2076790a4b77a82a724bc213fad9f0f38db6054332bfced

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\es.pak

Filesize
562KB

MD5
070cbd6f42db1cb9b6a2f74e03d6b124

SHA1
f8830e1c8a601123d85fd75188ed01833f910691

SHA256
91de93a4dc9c9276b9ee3ae498bdafaa55fd464c1f20fdaca84c4b79842327d4

SHA512
2ebee4e289eb2a19a97c86d1abdc1ad53c6a76b8c1dc28fc89cfde236c4abfbb823bf52573cc0848fd76ed9e0ab2d49def542837bc5c474ca1593fb5ed10a390

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\et.pak

Filesize
511KB

MD5
294c830b9e6667c8d5e7287cabd6a4b6

SHA1
52f44b97b71624bee6360301e8f6f34cfa428e72

SHA256
198674c98f10c36205161e382cc31560a4bf0de5f597a0c65f7f95777dc9bb24

SHA512
ade98fa9cc25148979f325660ed3f0f649a38709ea34b759796c4e202b3c30e76da3b8c17ecf2e1948db4a5be26af23c3a6e6b28f9445ceff68d251a5645db5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\fa.pak

Filesize
836KB

MD5
e5d53b9d5756871d684d018fb0c745b5

SHA1
b00a40704c91b33c2aa0f6829ae3dd886ba7177d

SHA256
8b93023af6428322b9b13aca5da9bd395a9c4775c72b758df8eb564d35d15cbd

SHA512
e722f114485cbbb5284d23f1ad1061213f40083c5da2ac9753e1416f75f7cee9d8315e6f4582322d992beb9a8cacefb607ee0b1737e3a6da775fc059a17c3fb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\fi.pak

Filesize
521KB

MD5
925f45e80be419aa0125096ebb81a23f

SHA1
e73a32362952dc0aea997ee408da090f1886a438

SHA256
bf20054eb68d3d67d17d2a8c594d896c9c33fbbd562535d0c7e6cf6c940a8732

SHA512
8510e2e9749b4342eb8d79bbfb983c43293f7f37d138464c96053a79685c578a148dd54013d211b02115256f174f51a74ca9155883055801bbe146053de52eb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\fil.pak

Filesize
590KB

MD5
a96f6f164897e62c984e9a61f6c3f7cb

SHA1
3ab2a714eb8e9b57e8a39792d152606ba0ef6a3a

SHA256
ff21df22f24c92a06f6bbda2c70b57e098d7bb6754988a5ada087aed9bc8b8af

SHA512
cd522884b66c940d64eb1377f9dd60143ae984fa7d144aa9d83b82a006b5da2ee9eabdcf046d362b2096d8a6b8486f36a10ac9f0642bb8cfb1e7903fda4c41f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\fr.pak

Filesize
608KB

MD5
fe0ea306a7b48ee2750af3a263d9f3d1

SHA1
877968909cfbbe499911b4d8b807a593c4be52c7

SHA256
955de4737419c06609227c63c2fbba7c8abf497fb976c99a4dc9f5d5105afbd1

SHA512
07978311caa9be82bd398100d1d8367c5ca840ffcc166b73aeea0bc7c86b53db13bf648decfb3f54a43b9d199e0d98fcd29fdfb291a703502369b025eccdf872

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\gu.pak

Filesize
1.2MB

MD5
cd212ed25482d2b5a246440b62c4fbbf

SHA1
197f3616dec4fb308e0ec5a17458ef8a2d027cd1

SHA256
0e8762ac08963088c33b74ee790df95370bbfc298bae8abfb87eb1307ef46d37

SHA512
207d3e9a6bfbd3eb19cf53a0a300eb0172ecb872496d627ac5b55b9ea11d52f24f01393893450fefaa3c42bb481129d54e552679f2f67a2af0e117d12464601d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\he.pak

Filesize
734KB

MD5
06e89cfa4c6f4bfb7aaead492c4f08f2

SHA1
39d943e0eb1637cd3f5a7b66ebcd28e76c89aaeb

SHA256
6b7937f16ae53457ac9a0c18fbac68b2076200b0fc98cb781415fdaf18c49301

SHA512
8b6d33657eda8a3f1d1bfd55135de88953d21916e72df646fec2b5f5b17e9e15849f428b0fd83143f375ada174aa953be8f07fa8ba90ca4d07dd1b859d034b4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\hi.pak

Filesize
1.2MB

MD5
e3b31e519b925414176ef2d9546c356c

SHA1
7cebb1c5fd9c78f704bb9e5c463f67c5426d0171

SHA256
82fbb97e7d9634df3c806439e144cf8d153d840bad98f6e790726841a91acd13

SHA512
fc3e735f010776cbdaba1592e6f685a1fb4773ab5062f5ba9ed95d9bcab2f0ce9ab024ed95158263450fc58c3197b84e38883262a588d6d92c4e623c61b4d200

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\hr.pak

Filesize
567KB

MD5
92e6ef5db4c0191282ce2dd3645461ea

SHA1
045d3ed58a625516af741c9e2f85680fc1561ed4

SHA256
f8d6694f1c05ca259a31e0427ba7cef5b57f0c4b33493fda21003911a5da6f07

SHA512
08b09857f173ef2a3067d60120167223b4ec7414ff6117d206bb12213ce9563c8d7923fc0ce6e7df0ea5d8ae2b3ded2a23993ab43bc46bea3c08df1bf59e16ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\hu.pak

Filesize
611KB

MD5
40807c6b0eefd2a2f16cf0ac2c28ed53

SHA1
1b416b29e59ef41e1f18b168947e42b7fa969d2e

SHA256
533ae7e865898b61ecfdec68c581b3c4858f2c3ec1fe496ab02c61db0362d941

SHA512
487cf71df0f2e59ce1151c146651f567b624ac0e48f770a2f1da76b27933aa2bdc30990788e2dba4543a11b9e5d3da6f31badb26d7f3a5c87088c5b4e1bd7756

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\id.pak

Filesize
504KB

MD5
a20c777901a144622f8a5520583af79b

SHA1
3506f8e07ee301bb195eb185032ebdc7fd231272

SHA256
fd44af213520242ba41f4c9003ddeedc71f923cb37e25b14e595f3e652ae18dd

SHA512
6a53bc2f5d0e4660767d21070d19f0c407fe676b9e9cbdc20e6016e333b2ad33da225bfc2833a0c0724e1b6245ca6ee3cc0e782ac955d6aebac3dc468db79a1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\it.pak

Filesize
554KB

MD5
acfd6f4b73b87455acb703e59303db33

SHA1
70eabbca61eb365191cd1256f3be40ea9223b2d5

SHA256
cae7bd535284f5f156c1466820aae2bcc0b0c0ba378ad0f04eef3a145deed9b9

SHA512
bfd52bc383f1f5a7d559968bdd779198c81286796564499174c3b5b9bbc7112f427e8316f78fb09ebc668c5cbf94c89c37e97abb00c9b87b5c5c108028fc549d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\ja.pak

Filesize
675KB

MD5
63cbeb056020b6ee8cfad26c7c6abb79

SHA1
99bf018555eec56aae4b19d10c85ac506f4164a7

SHA256
aad9e17b2170b76248d61a3bac9b1bebc44b94885403ec2cc21a31397bf029b4

SHA512
5aa4e764f06f0e8490dab89a8b3754cccdd41739b4654ac8e30de160cad335f681fa5dd7782482aaf66ff1d827ce0c34df85c23c334a35035a3a4e3d0f305343

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\kn.pak

Filesize
1.3MB

MD5
f4c1e83eabd580c0b4c63b2dc510ce6a

SHA1
fc1d9fed0f073504b022606e424e7cc9796648b2

SHA256
79fd72e764a1d8ad623892e563e174463f29d6ce61a2ae29af102d71da4b8e25

SHA512
927e6ff4c7d1c28c89afdf44c62643740a94b01e9f6e927e543834c833e1b4abf97de1489c6717f9054243c180474fc695a70c4ea8852d95c690f38c785705e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\ko.pak

Filesize
572KB

MD5
626e172ad9b55ba0a1e2802ce5e10d0d

SHA1
ecd855a47448609e8e9d7bdd80f92edd494ca77c

SHA256
7111342770c33aaaffdd6fd9ef15095a6d89e48d2468c19172c0eb9b6f26ebdf

SHA512
d42594259929e35b763e71cb7022d34a11bf75a4b9bb058e251cbbe8e80bccdfb284eed1c6367f98e3023134c24d50542c64673d80e29230fdd057de70a10d5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\lt.pak

Filesize
615KB

MD5
b02bf54687716b5d5f18aee02411a980

SHA1
4cf766077382c49fb89d59d861de0f482f989798

SHA256
0b0e3fcb82ddca52f9eb1ff9e1ee224639ff81f1c0af6ded4e21944811babc0b

SHA512
aea879ac96a5719e8988011a7b82726bf51a24e170e260182146191f43914cd50991928d2283277d173ad650f7cfb1246fad9445260e9ca0769052079d431f25

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\lv.pak

Filesize
614KB

MD5
df9985ecfc958f343ab7e56e71149d71

SHA1
fc0d2c4a194d500a1f4cfafcd9102186016ba5a3

SHA256
7e17246e23ca2d0241d56d91b5d5e6bfb3ff4e08f1a3734f9d032b4191282fa2

SHA512
0dd65eed7a5bccee0ac5e2826f0cceed848dff0d0d41904e00d35cec9d96fc0b91a4eb54fbcf0bbba61f89848562a606f9f7aa827cb180abe7e97a2e77a29309

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\ml.pak

Filesize
1.4MB

MD5
265d7fbee9a021895d51209dc0181f90

SHA1
30e37013971bacd3ee93ad2fca01cb59a26d6a87

SHA256
682463d4a0221711e565ecf409893536d727650efd2ed0563c722cceab66b1ad

SHA512
028e1ad499b20ff7cda822b91f9b8d1cbb1efe108b7236d817b73a6f8e518b5f4a8ae77d653ae5c9d799842eaee3915250ef56f634f847fc5fc8a3b36eea176c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\mr.pak

Filesize
1.1MB

MD5
af7c7d72a968e1936f26a3c755157f6b

SHA1
2ec71950847f5fb4b85697b6acd05224c28bb092

SHA256
e5702b9578435abbbcc922f1d4ff8c5a345856926c2174c329e228987c3ac7d5

SHA512
d265eeee96adafc3ced76901c9263bc1cb349caf925a02d5deb010c02843fb653a17e1e8a4e942c9912f654316c4a7a1776e6a7eda56ab82ae9d4d077a58a929

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\ms.pak

Filesize
528KB

MD5
06f24bba6fa8e9a009b3062227d4c259

SHA1
f50b0da2a86a138d16022f5642d96ff1a3ce7568

SHA256
cdfcbd86ddf584621bb2966c2d43f18096f974edb795cac0d1db43a60f3bc24c

SHA512
02239741f103c8b63072abab475ac313cb48612cac36890b7946fd816028fcba9be7ecc17ba5b934016d8817c52855ef208bffe5191d0eed35aa5243527e2150

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\nb.pak

Filesize
512KB

MD5
cf18f58e8e4e37b2e5fa7ef8269a294f

SHA1
c60d6e84f5cfe4cadbf4efed9b5998307b20fb9f

SHA256
3f1ed8ff0207c678b6a0a98e82fefd6340e35b7d16689672dfa90d9ee63921c6

SHA512
8f336fc50943d693ee80475250d2dbfc1401c615da571115f2c02551959028125b91ea6ffe22171dd12241688703e1869402146ef4e85a46059fe022759da953

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\nl.pak

Filesize
530KB

MD5
d7048d029ab3ff807dff790113328574

SHA1
07872f608062aa482532edda0dd2e1de31669380

SHA256
0e9c114529b9ec20118bb96ffeea05d1a408e4eb621e3fc65f49353195d1af96

SHA512
050b0eacf5b4da024d1a2af54f3511c4671756b0dab3f961d8acee5d1695eb29fba7768246dd5b3bcc253136df97e49a305832c37943380dc337776cb1fb1549

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\pl.pak

Filesize
591KB

MD5
4003c253ef85ec0ff8a65204955994b0

SHA1
af3074fb622445f6429899cb33a33bbcc60e5e5a

SHA256
4db10dace60cc56b610a7f92caebf4e7e98ddcaf8dac4f5a87db8f750f51ef8e

SHA512
5624c8f6268c8a8dbf1a69a032ebb89e670685cb736a3cb42a65e2dca118a85e076818b58ba2e392991eff7921495167616107f402c841a8456b5b5888b70ca1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\pt-BR.pak

Filesize
555KB

MD5
0711b3f59ac95761899b013b3b242c93

SHA1
73fe7a4f60a6b92a966f1177c71bf85c6f95004f

SHA256
be445bfcd9429570e5006063b1c8299a41e762e8e0c2b63551bcf16cb6fb868b

SHA512
aad5ff84d1833db418a46961a5e3abd040e19e5a87bd6763039f8db7dda19c3cd9d7ea862585080636c2888ab1a50f2ba579cbc0ca0df8135537f1cc7543882b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\pt-PT.pak

Filesize
558KB

MD5
fbff8ba7e31acc6c26c0e4b7277cbbd0

SHA1
b9acdcbe2f0f429474acc4dd883d668cde9d3165

SHA256
477d6666bed083b27335a479c71279ad41a674f7b6a412ada1bba18be542ddc7

SHA512
ffdbb2773f18038f5d4cf145f3311feae25110ceb8efd9c895267f98acef7e901dd7d843f7c5291cd333fc81b80da301d0c92e5c0d6857da7e4eb68a5a0c540b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\ro.pak

Filesize
579KB

MD5
5d5a27c52ae905fd85f5d50cb793e7ca

SHA1
b858bba1ef66c4d3943be19a4bf8a508c23e6671

SHA256
9ff47f6890b3f543bc51015f263e791d8a3bc332098f8cd8199852fa131fa579

SHA512
f4754951ff0dd3f1ec2c0859a93422330145f9e4e3407bb7f95863c85227b96d3f8af449c0a051b60f333df3695eea5df70fd5f7fe4916e60eb6f7c4c21aa5e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\ru.pak

Filesize
951KB

MD5
4ec91cdba9839e214ef7c008775e9e6e

SHA1
ea9f0f22ee1bca09ac38c01300cc91e2fc8aee51

SHA256
64f069a34be4966a9c28361e1c4914ce23bf96faa3bb5533fc3d233bfeac5cc1

SHA512
8c49ca910bfff175a4d88778ea34437a5acb0d52e349160f31091bd33d8ed76524950fe3e0f508c243ed76b289a550291ec68a7e0c1c426a64fbff0579c94d14

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\sk.pak

Filesize
598KB

MD5
b7d16d6702d4b4b5d3a9e4c3e0e13eb2

SHA1
6b2f1591ec51c4a7cf1435fbec7b5af94e0b5d4b

SHA256
e93580dffc1715edb37965c5787048e3e282d0477f277668ca7f49cfda7142c0

SHA512
a09950a9bb3f9814d946857e32901a9b6d73b4862a85f00b7f1f035ce0cab5af4ebf3aa003731ffa8ccea88d71866ec01d9ce578fc0b13b3cfdd3df332a0c40c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\sl.pak

Filesize
574KB

MD5
48ead6e0160cbc6cbacb247cd3643110

SHA1
b39a91bb90f26c74dbc9fa28b257b705b54f2b81

SHA256
fc4cc46ff82cb8a41181e825a3d4e4508753fb68ff01a60486b7df4a4e11e89b

SHA512
c037d352d315805a18796a121e47c73d37d68e735c9334e11b393235ae75b803cbc03cf7cf8480683bc68c9b98fba9f5a7b045b650598e5d9367ab58a24e75f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\sr.pak

Filesize
883KB

MD5
5c811e0c9b775886bc11b46703cb67a0

SHA1
e9a777cc72263c7e7c4bfaa36e41b29e405a2a18

SHA256
4c524e149c02c37034ec92dd90f20f463413f2650ac9f32d52ef7260f9a34f1b

SHA512
d7db44fbfff3e3204b92aff44dc02c184344853d85fd79cd962bcad8efe85a13d1aaf9ed69a6e81fcc6e690afa4b1ba7cf1764225916f398c0f960d56e5bc57c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\sv.pak

Filesize
516KB

MD5
b75471d16a5b4cfbb43ea86d3077e63a

SHA1
302958743c97218d13a72ade3a22e4181922531f

SHA256
ec0f43dae8e52169396f289dfeb5d49b7f9258bafb0ed3060dd652fa744e5264

SHA512
63556f738df1527ad96cca95f3e37934b054df83cfacd4e120745ceeb0536d4bc1919c66acff3e5253a62824c032ae7e8f9496df13b9ccb6fe00f67920a63cb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\sw.pak

Filesize
543KB

MD5
912db9e797ea3e277f18e72173f26ad5

SHA1
a83461503becad16ea0d33fd5501603688a65ed5

SHA256
89d1245c645cc26d67ac0f556734ebeb99b436cf19edd3cb3b220e78a87796e0

SHA512
b5c334b528ba6d26dde9b4b1100c01bd1675cfcc7167a9bab4d9fb95584ae629e9567ab3a4729776fbee22ca927d42e04fa016cf3f9fe510edfdc340309110ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\ta.pak

Filesize
1.4MB

MD5
22949a4acb6639bc4fea591bde3f6cec

SHA1
672163723e294a5242e9654470e1efbb3e8aa0a4

SHA256
84776412fd7f2cff26713781be937bdb30352f9c7eb297ca811241e6cf4284d3

SHA512
5e3ee2d29eabfc4398b0f9784064eb03b3c3e13c59f4fb1b857c612727eebe1a4a1bcd76503b1356cf4b4d407431a643503d9068f61f1ed05041f3aad325262e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\te.pak

Filesize
1.3MB

MD5
f0a8ccf00882e83751fd666876c937bd

SHA1
6fd5045a20bdb912f61dd38f4d046b333bfb03c9

SHA256
65ce3f1fe059a8d8b67cd47485233c6ab3870cfbb313241fe0f24e948bb0f158

SHA512
8ea9f2215ac8354378aff1717ef6f1ba97ba8bcc1c660290d8a070c9a7cb9b0e1a87b8e37e68cd71d7bd429adba8b17c6cda68508b7389e42841fbe2f9c79528

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\th.pak

Filesize
1.1MB

MD5
77721a07831a7aef49934706398559cc

SHA1
240ac6e472ac7312f02b99a8d588813d3dfeb468

SHA256
e8cdabe4557192a6ad7040de396d807f96f50d6ef256dd04972211b9c898bc1d

SHA512
f73be17166c7a94c216d13d837146c3c72a5e205688479ce8199c8cf468eb1bf780f2569d42e908684f0059e6ded370428d9b123389ad2cf1553a0aecd1ef06f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\tr.pak

Filesize
554KB

MD5
41bc209ee64f56f04836fca3e2de362d

SHA1
c019805b555d4c24c347112a583ac9f9bf2ef142

SHA256
71356710c485d7db228a866789ce9d253276725d94a4e4622e7b82037beb9825

SHA512
a65c4f9147c5796567e61b0661b4766c199f156541a252ec442fe5b5e3e1156c80e8fc7cfb6d9e55db4c5f60732b55cfa74a65e7dc46fbd5a4e5dfc8f3891add

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\uk.pak

Filesize
952KB

MD5
7e2cbb9d3591278a76dd08364d3dad4d

SHA1
a760a029070bfe57d4ef273b705650cef0a92f61

SHA256
38616b5f7f939a84d5205e758a8d3fed024a8e3fbcc8159c90666ce650ae1d30

SHA512
81e5ebada5990d79363e2583efdd3ccb19d8a10291cf6680d77d7c399816fe273a4fea5a7cb5e55e11f445df46a7ccad2942dc04f4fb8b6f66d2f2b151374de2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\ur.pak

Filesize
830KB

MD5
157117641502b63c89110363dc7083b2

SHA1
fc86039a03b2e48fafc70e1cadc096fd46389af2

SHA256
fb7cd2f4beeceaf445f4d299a3db26cce49a7950a37e5a9b48fae7f5a8e09f99

SHA512
422d92c5f0b2b2f9f35dbb7c11cd1b463085201912948c61222bb4f43f8dfd777fce678f04371df53ab6d07ec14cfbc9e4b1b084a72a0f2aa80ca7a4728e6359

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\vi.pak

Filesize
657KB

MD5
e6db9a8c61dc84aff75efc00b486a8d1

SHA1
6d1f0329f9a44b64fa3474313c7bf207bfd78557

SHA256
8ff2d05730915c1b15a97a3915c03d83239c34771ed661ccac745fb308901f14

SHA512
89cf188b5d21528166353b29986f5afb9aad9a51a57864951f7945124b157e0129125caeed58c70568e38f7ba3a34a17d10056902b58ba48ee2e4e10a4649f75

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\zh-CN.pak

Filesize
473KB

MD5
5356bf9ddeb7ffad20e27ef092dac528

SHA1
3514ded7211ff71297c87275ef0805588da2d47d

SHA256
0b6f0a9ded5734b260c1c02d7c717305d139bded5ec7ea80de40b641f13bfe0a

SHA512
887be5ed95b40d73e0f61f4b3e85f8a77d4bf4a222197b9d1c60711ae8481efbf9c183ba902dcbf437fdf70381bd232fe9c27cf0ce87c0f45b283b75b6d19962

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\locales\zh-TW.pak

Filesize
468KB

MD5
9c51b828271263d574382077abd2e2f3

SHA1
4de07caed06477855e4f4bba1d0d1178c5757171

SHA256
21550464b12c7f9b23380acf7ca2b42c1b578581613c342196da95908f14c8af

SHA512
0e6921dbc4be8d5d98bf80e9b0f8c7fc31cb4e7553ca76b9c697a3f1428f855e59ee0dee99903a5215dddee9375532226af81128f066656d98db28a8d9738604

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources.pak

Filesize
5.4MB

MD5
7398d5aee46689f03c278c8954f68f2b

SHA1
62e10057cfb2dc53c62d088d4fde3252d1216d86

SHA256
9590361aa74c43818881e622f2e3b7992c978397f7ac269f37accb435b134fc8

SHA512
1d6ae4cadd302fd683be66016cc4aa092bfe9689b81e1a764512327983f558a7ad9a10aadb7f8e13b73949d648d0e14ea0eb7c2de2420353a46e44c6b647c652

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar

Filesize
8.3MB

MD5
1ea30a9b696cd8a599f2cb898369a1b2

SHA1
8c6bbcd06ba1025251f06939c2c6c66b4e966a76

SHA256
507fa611b2fb48c321cc8e6a09c3aa4833e6cb804920a5cde2eb2ca834aa9880

SHA512
74f31b42c83e6aedbb55c63e6030aeee29391df969e692ba477c2bf85d7114aada23e231fb35182ea71710fd8744a7f9221ca610554ac82cd9066248faadf7ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\LICENSE

Filesize
1KB

MD5
7bd114b023fa6209fb7b02150a202ccc

SHA1
4451515f9d7b16ce8983abb4e85609fe4162c4d4

SHA256
455dda47a3fc2f58ab06d8e526f490ec43d0fc23a5ea80dd0942644397316d9b

SHA512
87ee4dc1da13937055eade250f1f8a357f549c709b9659258c137009060080aca5cfd979890a7b2d662083f4c646cce9af6e20774b58541af9e712fb5f4f1c60

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\dist\index.js

Filesize
412B

MD5
0b33e83d33b01a51625a0fdcbef42ce3

SHA1
1c29d999ff7da39426b97f2eb31a3d83db8f5fc7

SHA256
a7ff0225cb5ebcbef8499c6c8ac2be924f584eb375dacb1d8bd3dc6540b510f2

SHA512
1d04caf4fc2e876bdf2a089ae938a41fe4d3f2928aa846709bafd2de236fa8c754fcc84d7e8a5f5734bc1cecc04b395ab9d2114945b35e8c85cd3b9ee8f9799c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\package.json

Filesize
934B

MD5
83a6b767cd4ade2116654eb0a90fec3c

SHA1
07a0f29ddb1c8a48947ee05bb4d6ec3d2abe1df9

SHA256
59f4704391d2247b2a8d029d7338566d47d2ff0cd7477c49343efe93475f7a12

SHA512
404ed15686b7d611ba8aeac12e706af75a876502c51e40e48a598d05a9ac89f88902b2830a5c679f9bb7931f5c33bb10da3a32753fdb8c71a9d7b4346a1be8d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\prebuilds\win32-x64\node.napi.node

Filesize
137KB

MD5
04bfbfec8db966420fe4c7b85ebb506a

SHA1
939bb742a354a92e1dcd3661a62d69e48030a335

SHA256
da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd

SHA512
4ea97a9a120ed5bee8638e0a69561c2159fc3769062d7102167b0e92b4f1a5c002a761bd104282425f6cee8d0e39dbe7e12ad4e4a38570c3f90f31b65072dd65

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_addon.h

Filesize
206B

MD5
ea1e5899ec0210d7de4ce325d1d94022

SHA1
464da48d40547cb08a67a1ed38cb0ae8369f2f42

SHA256
18280b1135123aff82fbf4188a5aadfc9a5d6fffad9309f72f347f380f2da550

SHA512
6dae672ea822a7dc5e42914def21c019c0fa8aeaf1c27c155b78312d8a33a63ae9a1910dd32b72760578671780b8c37b91ff5e1f6588f08c7fbaaff80d8fb6fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_not_supported.cpp

Filesize
327B

MD5
c510e65ebcb2fa7c00712e770ec8c692

SHA1
ca1ea3c8340dcf69f344d5eaa884631eef37472b

SHA256
7c03cec11c438b6d2512239477d9f1b45d6e16763122a3a36458ab339f50d3c4

SHA512
b0b312426b4409c80b45a0f3337069be9870e050dc8b55184fb2bc63532c247089c8d35cbd1f12f0bd2bd38d581566faa74a6469b548a1ad7d837285ad37c178

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_win.cpp

Filesize
2KB

MD5
4a55597a2c7466278439452bb708b822

SHA1
eaadcda8f410f2dd1fd9522fd7a2221624dd1713

SHA256
da37b02fb0babb651244479ea019d229fff1c41ecde74bc06335b5e603d9b30e

SHA512
b20efe8026de41dd8c13c6f844455cacc13fa80bc3dd41fef422fb178054a7c8d6f14af8b1d6928e52648ab95a793aee1f996dc2aceead3aa8d317a99aad23bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\main.cpp

Filesize
698B

MD5
88934cc736b505ada3d07afe22083568

SHA1
6d1d112f4e7fc943dc5c9ce5ad2f32154aeb2f3a

SHA256
1ada21451bab629832372d519e366bfb08c80facfefe5a40c76a4f10a697c905

SHA512
9f45386cba32d13a50360916b0c2f240e43cba5983a86ad80f85c75cd8e6ac2c6b931992842a736e84e234b91fc46a7a66824a3a2748f474cf1bbd22ec138a99

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\LICENSE

Filesize
1KB

MD5
79558839a9db3e807e4ae6f8cd100c1c

SHA1
ae3dbcee04c86fbc589fcf2547d4aaaeb41db3c2

SHA256
7686f81e580cd6774f609a2d8a41b2cebdf79bc30e6b46c3efff5a656158981c

SHA512
b42c93f2b097afa6e09d79ed045b4dd293df2c29d91dda5dda04084d3329b721a6aa92a6ad6714564386a7928e9af9195ac310deecd37a93bb04b6a6f744be46

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\common-sqlite.gypi

Filesize
1KB

MD5
92c4c5168a6a883f2a69ea4a1a37b7b5

SHA1
6dedc03d603631c1f70c626f5ef9d8ee6f342efa

SHA256
7b557c097c162c9ba04985ab822f92a176bf848c34ca38e54f061057ad0d8bd0

SHA512
904e605fe5bf1134031edcadc91ed55bf72d7fb1c862f99f25a672d29fdb34af22d4114cae389a853d703bc35bfc2c8429f86608fed5eec897c115ac3dea8de5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\extract.js

Filesize
224B

MD5
f0a82a6a6043bf87899114337c67df6c

SHA1
a906c146eb0a359742ff85c1d96a095bd0dd95fd

SHA256
5be353d29c0fabea29cfd34448c196da9506009c0b20fde55e01d4191941dd74

SHA512
d26879f890226808d9bd2644c5ca85cc339760e86b330212505706e5749464fafad1cb5f018c59a8f034d68d327cd3fa5234ceac0677de1ac9ae09039f574240

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite-autoconf-3410100.tar.gz

Filesize
3.0MB

MD5
c6d5034cf39232299ccfdf8e3ddc5781

SHA1
e77599a2df4c5b114c942ddba4483550d8982bf2

SHA256
4dadfbeab9f8e16c695d4fbbc51c16b2f77fb97ff4c1c3d139919dfc038c9e33

SHA512
6e6dafc35b8b11df3cd3bea48aaf84a102893242cffbe18eb7b111791563095111a2a8a5632636b8f46523d98d16e2b48dab79ee6707a141b22c2e6fde3002a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite3.gyp

Filesize
2KB

MD5
0e4d1d898d697ec33a9ad8a27f0483bf

SHA1
1505f707a17f35723cd268744c189d8df47bb3a3

SHA256
8793f62b1133892ba376d18a15f552ef12b1e016f7e5df32ffb7279b760c11bd

SHA512
c530aba70e5555a27d547562d8b826b186540068af9b4ccd01483ec39f083a991ac11d0cc66f40acaa8b03d774080f227ee705a38995f356a14abe6e5f97b545

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\binding\napi-v6-win32-unknown-x64\node_sqlite3.node

Filesize
1.8MB

MD5
3072b68e3c226aff39e6782d025f25a8

SHA1
cf559196d74fa490ac8ce192db222c9f5c5a006a

SHA256
7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01

SHA512
61ebc72c20195e99244d95af1ab44fa06201a1aee2b5da04490fdc4312e8324a40b0e15a7b42fab5179753d767c1d08ae1a7a56ac71a6e100e63f83db849ee61

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3-binding.js

Filesize
241B

MD5
ff6a0462767c6bf185a566f4aef65ba5

SHA1
7a3c3ee6748d00fac6e51e366518bb48a41794bb

SHA256
049b7b1b10417274be6c3e6a9518ac364729354435298d70abf834c35e8f3bf3

SHA512
088d706f5a18323128547b0f126564fb7fa7a36dc8365ee8287663b2cb63da2d02a991bc5cda19af24da2aa063357c25f21347835f9a8aaef341b33bd21127df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3.js

Filesize
6KB

MD5
275019a4199a84cfd18abd0f1ae497aa

SHA1
8601683f9b6206e525e4a087a7cca40d07828fd8

SHA256
8d6b400ae7f69a80d0cdd37a968d7b9a913661fa53475e5b8de49dda21684973

SHA512
6422249ccd710973f15d1242a8156d98fa8bdea820012df669e5363c50c5d8492d21ffefcdfa05b46c3c18033dde30f03349e880a4943feda8d1ee3c00f952b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\trace.js

Filesize
1KB

MD5
e5c2de3c74bc66d4906bb34591859a5f

SHA1
37ec527d9798d43898108080506126b4146334e7

SHA256
d06caec6136120c6fb7ee3681b1ca949e8b634e747ea8d3080c90f35aeb7728f

SHA512
e250e53dae618929cbf3cb2f1084a105d3a78bdfb6bb29e290f63a1fd5fbb5b2fab934ad16bc285e245d749a90c84bdc72fdc1a77af912b7356c18b0b197fbe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\package.json

Filesize
1KB

MD5
f9560f0fb25f1dc014682359373146c4

SHA1
b19c6321292cc63d26a18bef5d80787c5e57e746

SHA256
b145c00c63dde4da0eb3736b0d25fe79fa252a02daa9c3fdbb2d3a5783e98cf6

SHA512
dd51dcca43554f27b2718f87661cdfc86e6a51b36c15574870d793fa358f76816423c0ebcef34dd9a7fd7ce42e6be18f834100a327cdb3e6eb8dbd9d65792262

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\async.h

Filesize
1KB

MD5
7fcbaffdc03bb5164fbb27f8552dcf5d

SHA1
590e3430c1dfa30f241d56ea01f364d5b9e7e991

SHA256
b6e86bf43d74c8ee2c2f57eb1947be6ce5d8c258c4866609571ed6c97b58b53c

SHA512
e44d4850651e0e070d3f686db3d3797632121e32dc65b869739c0b45cfa13c055fc42d650f04c41915264b8772fcfeb2a38148b9fbe21a001af5a455854336b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\backup.h

Filesize
6KB

MD5
283f3987e0e65dca1b029bdbb625ccc2

SHA1
285d7995459c11a47e13834ae3ec0167eacf7d01

SHA256
d3956cdbb650e1ecff8c94fe4e8645f80e10088156d409703c19f186a9c41aa8

SHA512
ff5c21bd53bf75b33a5430d1abdc8a8649af1535ec02aa5fceb91ed1189e44f0818e25556946d3ad8032b077fa30e73503464aff219b42cbace1ea3f97acb605

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\database.h

Filesize
5KB

MD5
f023c6c0baf0411cb6eef0a7b2baad13

SHA1
748b78bf3ed5adc11e83f705033d8338d7eef2b5

SHA256
8c5bcd084dddab2f2994b6cddc9b69a8f78a1034588b765e7bd859f27868fe43

SHA512
08648cb37c0284799bb98fa2eb1abb508c8b992b43425203839e1e7f4092b7d2d7c83f6419417281ae278d3d61ade0b65959cf12f0c449a9688ee97749593dad

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\gcc-preinclude.h

Filesize
861B

MD5
55a9165c6720727b6ec6cb815b026deb

SHA1
e737e117bdefa5838834f342d2c51e8009011008

SHA256
9d4264bb1dcbef8d927bb3a1809a01b0b89d726c217cee99ea9ccfdc7d456b6f

SHA512
79ed80377bfb576f695f271ed5200bb975f2546110267d264f0ab917f56c26abf6d3385878285fe3e378b254af99b59bdb8bbcab7427788c90a0460eb2ee5b77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\macros.h

Filesize
11KB

MD5
592ca8ac280135c059c9ed651ac738c3

SHA1
ac8e8b5e835ea2810a443df2a57f3bdc3c60b2c6

SHA256
8d1afb5d27eab8302de08aca87eb6edc1b99ae963a854d3bd652a4fc61cbe3c6

SHA512
b4e317200e3cab4dfac93e684150d21f7dd89a656f8a9f576b9cfb22090e8db6c458008a4a1406121fabdac034cfb80200a740d0caf6ec63fbf71ad2fde41029

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\statement.h

Filesize
6KB

MD5
13d7bf3557e57ef3036bad68cfa8faae

SHA1
94c1af952f38e9f1ad2d722ec3a063fbe666e66b

SHA256
2c99d9cef21876db64b610dd9baba8de1f7c94028d6d1c463eb3db213745b3bf

SHA512
63e4543833d602b0c6ad9c21438e61782c252a5e30b776a9c942e1ecc34c1a7c471a39195caa20aefb072add66c83d99af902d620857d18ddad196f4f207a161

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\threading.h

Filesize
388B

MD5
f2a075d3101c2bf109d94f8c65b4ecb5

SHA1
d48294aec0b7aeb03cf5d56a9912e704b9e90bf6

SHA256
e0ab4f798bccb877548b0ab0f3d98c051b36cde240fdf424c70ace7daf0ffd36

SHA512
d95b5fda6cb93874fe577439f7bd16b10eae37b70c45ae2bd914790c1e3ba70dfb6bda7be79d196f2c40837d98f1005c3ed209cab9ba346ada9ce2ed62a87f13

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\snapshot_blob.bin

Filesize
306KB

MD5
0406a232eb55e516dc38b4967671846a

SHA1
aade7c03b1ecc81027c98a79285687bc19276fc5

SHA256
4f944691b7066ef5653cfbf6b016488f6e5f0afd2d6bc03b90de5485514f83f5

SHA512
c608095510f88348e1e412ef573e4aeb4a7d328dec2892bada688a06baa023fcea1cc0dfbba6f6c41de303f3b6d5e1c4335a2610f3ec47a690e4f309f8782359

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\v8_context_snapshot.bin

Filesize
650KB

MD5
3eef488e8b9d35f710634c4d404c7e1a

SHA1
971c730ccfba2db0fee379683f4e310df5c9f1df

SHA256
3a189b50da4b31b5af6cdfdb6398fa039ccac9e13898e4851b27c4d91f4dff6c

SHA512
f787b7633edf75905674c467f7c291a2b3791a8475b11e1d4fb1769ebe872c6b70d778124c22a55b96efe2ac443c82750371421ac9fe8f2cc8bb47ce0e3648d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\vk_swiftshader.dll

Filesize
5.2MB

MD5
abd993f23ed3c75fb80320a10451dd66

SHA1
95b13400418512870a37a4e59ecc7dd9c467df2b

SHA256
52c64e3bd5f852f7c2628bca773bb5a270ad40f5e31bcf8429323cb9fd1bd4da

SHA512
fe98cabf2e3500d52b09f9869f3ceab6c7ed8fefb7fba56eb62a5319053ea997881112abf139f2e642210eb4b61d5a726b8dc41d4565b81faaeb5d64a00e6267

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\7z-out\vulkan-1.dll

Filesize
874KB

MD5
0b95f0a5905c4075a3fbef0ddb71e915

SHA1
72a4536da15d5d9e1617331d8e4a5c5a579c75b3

SHA256
03b808d8045ebefebf2e2847be039358f7ec1db63e1c601847b8cd304c3db448

SHA512
9e57eeaafdaf0b5516822d1ca7ef1995442a03677f856828d49ccc01ab8492245d8659eec7675822fc8610ba250e49a6f3c8569aad2a324cec83e0d6b5201187

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA663.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/3160-989-0x0000020FF5510000-0x0000020FF5534000-memory.dmp

Filesize
144KB

Download
memory/3160-984-0x0000020FDD090000-0x0000020FDD0B2000-memory.dmp

Filesize
136KB

Download
memory/3160-988-0x0000020FF5510000-0x0000020FF553A000-memory.dmp

Filesize
168KB

Download