221944cf8cf33d706f1418545c2cc5f375743e0cb2db913ceda97b7eef31f776

Resubmissions

04/09/2024, 18:54

240904-xkj9kavdjq 9

04/09/2024, 18:42

240904-xcj9lawdkc 9

Analysis

max time kernel
268s
max time network
204s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04/09/2024, 18:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MixerLapx Setup 1.7.3.exe
Size

81.0MB
MD5

af594291a273b2b971a12048ca6e1983
SHA1

3daf13475d11c8c51b923c9d04692dcd52a9010f
SHA256

110e87aae10a76bd4998724509ed628608c5df296913e051ee7550ab3d4ee698
SHA512

915c2fb2706ee29eff889c9194936b921d66ee4c88b207b981e7df73062a041b3dccea7dda87bf4ff34a956ce3863ff5cc39022013ae6a777c569ab0c47faad9
SSDEEP

1572864:gzfTDmsyuZLO0jEc+20cUToIGdGIi9u4LWOJK8NgbKsYh4tidXX8Pyb0iIoF0xsR:gLHHIhAzzHdG99u4L3/gbVYhYidvYiIS

Score

9^/10

credential_access discovery execution spyware stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

Executes dropped EXE 4 IoCs

pid	Process
4500	MixerLapx.exe
3388	MixerLapx.exe
5508	MixerLapx.exe
2976	MixerLapx.exe

Loads dropped DLL 18 IoCs

pid	Process
3520	MixerLapx Setup 1.7.3.exe
3520	MixerLapx Setup 1.7.3.exe
3520	MixerLapx Setup 1.7.3.exe
3520	MixerLapx Setup 1.7.3.exe
3520	MixerLapx Setup 1.7.3.exe
3520	MixerLapx Setup 1.7.3.exe
3520	MixerLapx Setup 1.7.3.exe
4500	MixerLapx.exe
3388	MixerLapx.exe
3388	MixerLapx.exe
3388	MixerLapx.exe
3388	MixerLapx.exe
3388	MixerLapx.exe
4500	MixerLapx.exe
4500	MixerLapx.exe
5508	MixerLapx.exe
2976	MixerLapx.exe
2976	MixerLapx.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Command and Scripting Interpreter: PowerShell 1 TTPs 47 IoCs

Run Powershell to get system information.

execution

PowerShell

T1059.001

pid	Process
5704	powershell.exe
5176	powershell.exe
5984	powershell.exe
1848	powershell.exe
3808	powershell.exe
5088	powershell.exe
1984	powershell.exe
4056	powershell.exe
5060	powershell.exe
4340	powershell.exe
3432	powershell.exe
5492	powershell.exe
6052	powershell.exe
996	powershell.exe
2308	powershell.exe
3516	powershell.exe
6140	powershell.exe
5692	powershell.exe
3496	powershell.exe
6096	powershell.exe
5496	powershell.exe
1212	powershell.exe
4340	powershell.exe
1708	powershell.exe
5860	powershell.exe
5592	powershell.exe
1720	powershell.exe
5280	powershell.exe
3764	powershell.exe
2624	powershell.exe
2068	powershell.exe
5264	powershell.exe
5452	powershell.exe
3752	powershell.exe
4220	powershell.exe
648	powershell.exe
4836	powershell.exe
4040	powershell.exe
5916	powershell.exe
4572	powershell.exe
5900	powershell.exe
5420	powershell.exe
5892	powershell.exe
4600	powershell.exe
5292	powershell.exe
1192	powershell.exe
4192	powershell.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

discovery

Process Discovery

T1057

pid	Process
4400	tasklist.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MixerLapx Setup 1.7.3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133699499901224696"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3520	MixerLapx Setup 1.7.3.exe
3520	MixerLapx Setup 1.7.3.exe
4400	tasklist.exe
4400	tasklist.exe
2260	chrome.exe
2260	chrome.exe
5492	powershell.exe
5492	powershell.exe
5492	powershell.exe
5860	powershell.exe
5860	powershell.exe
5860	powershell.exe
6052	powershell.exe
6052	powershell.exe
6052	powershell.exe
3808	powershell.exe
3808	powershell.exe
3808	powershell.exe
648	powershell.exe
648	powershell.exe
648	powershell.exe
996	powershell.exe
996	powershell.exe
996	powershell.exe
4600	powershell.exe
4600	powershell.exe
4600	powershell.exe
5292	powershell.exe
5292	powershell.exe
5292	powershell.exe
4836	powershell.exe
4836	powershell.exe
4836	powershell.exe
5692	powershell.exe
5692	powershell.exe
5692	powershell.exe
5592	powershell.exe
5592	powershell.exe
5592	powershell.exe
3496	powershell.exe
3496	powershell.exe
3496	powershell.exe
4040	powershell.exe
4040	powershell.exe
4040	powershell.exe
4056	powershell.exe
4056	powershell.exe
4056	powershell.exe
1720	powershell.exe
1720	powershell.exe
1720	powershell.exe
2068	powershell.exe
2068	powershell.exe
5264	powershell.exe
5264	powershell.exe
5060	powershell.exe
5060	powershell.exe
5088	powershell.exe
5088	powershell.exe
5452	powershell.exe
5452	powershell.exe
5668	chrome.exe
5668	chrome.exe
3752	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4400	tasklist.exe
Token: SeSecurityPrivilege	3520	MixerLapx Setup 1.7.3.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	4500	MixerLapx.exe
Token: SeCreatePagefilePrivilege	4500	MixerLapx.exe
Token: SeDebugPrivilege	5492	powershell.exe
Token: SeIncreaseQuotaPrivilege	5492	powershell.exe
Token: SeSecurityPrivilege	5492	powershell.exe
Token: SeTakeOwnershipPrivilege	5492	powershell.exe
Token: SeLoadDriverPrivilege	5492	powershell.exe
Token: SeSystemProfilePrivilege	5492	powershell.exe
Token: SeSystemtimePrivilege	5492	powershell.exe
Token: SeProfSingleProcessPrivilege	5492	powershell.exe
Token: SeIncBasePriorityPrivilege	5492	powershell.exe
Token: SeCreatePagefilePrivilege	5492	powershell.exe
Token: SeBackupPrivilege	5492	powershell.exe
Token: SeRestorePrivilege	5492	powershell.exe
Token: SeShutdownPrivilege	5492	powershell.exe
Token: SeDebugPrivilege	5492	powershell.exe
Token: SeSystemEnvironmentPrivilege	5492	powershell.exe
Token: SeRemoteShutdownPrivilege	5492	powershell.exe
Token: SeUndockPrivilege	5492	powershell.exe
Token: SeManageVolumePrivilege	5492	powershell.exe
Token: 33	5492	powershell.exe
Token: 34	5492	powershell.exe
Token: 35	5492	powershell.exe
Token: 36	5492	powershell.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	4500	MixerLapx.exe
Token: SeCreatePagefilePrivilege	4500	MixerLapx.exe
Token: SeDebugPrivilege	5860	powershell.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeIncreaseQuotaPrivilege	5860	powershell.exe
Token: SeSecurityPrivilege	5860	powershell.exe
Token: SeTakeOwnershipPrivilege	5860	powershell.exe
Token: SeLoadDriverPrivilege	5860	powershell.exe
Token: SeSystemProfilePrivilege	5860	powershell.exe
Token: SeSystemtimePrivilege	5860	powershell.exe
Token: SeProfSingleProcessPrivilege	5860	powershell.exe
Token: SeIncBasePriorityPrivilege	5860	powershell.exe
Token: SeCreatePagefilePrivilege	5860	powershell.exe
Token: SeBackupPrivilege	5860	powershell.exe
Token: SeRestorePrivilege	5860	powershell.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3520 wrote to memory of 2284	3520	MixerLapx Setup 1.7.3.exe	81
PID 3520 wrote to memory of 2284	3520	MixerLapx Setup 1.7.3.exe	81
PID 3520 wrote to memory of 2284	3520	MixerLapx Setup 1.7.3.exe	81
PID 2284 wrote to memory of 4400	2284	cmd.exe	83
PID 2284 wrote to memory of 4400	2284	cmd.exe	83
PID 2284 wrote to memory of 4400	2284	cmd.exe	83
PID 2284 wrote to memory of 4768	2284	cmd.exe	84
PID 2284 wrote to memory of 4768	2284	cmd.exe	84
PID 2284 wrote to memory of 4768	2284	cmd.exe	84
PID 2260 wrote to memory of 800	2260	chrome.exe	89
PID 2260 wrote to memory of 800	2260	chrome.exe	89
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 3060	2260	chrome.exe	90
PID 2260 wrote to memory of 4120	2260	chrome.exe	91
PID 2260 wrote to memory of 4120	2260	chrome.exe	91
PID 2260 wrote to memory of 3008	2260	chrome.exe	92
PID 2260 wrote to memory of 3008	2260	chrome.exe	92
PID 2260 wrote to memory of 3008	2260	chrome.exe	92
PID 2260 wrote to memory of 3008	2260	chrome.exe	92
PID 2260 wrote to memory of 3008	2260	chrome.exe	92
PID 2260 wrote to memory of 3008	2260	chrome.exe	92
PID 2260 wrote to memory of 3008	2260	chrome.exe	92
PID 2260 wrote to memory of 3008	2260	chrome.exe	92
PID 2260 wrote to memory of 3008	2260	chrome.exe	92
PID 2260 wrote to memory of 3008	2260	chrome.exe	92
PID 2260 wrote to memory of 3008	2260	chrome.exe	92
PID 2260 wrote to memory of 3008	2260	chrome.exe	92
PID 2260 wrote to memory of 3008	2260	chrome.exe	92
PID 2260 wrote to memory of 3008	2260	chrome.exe	92
PID 2260 wrote to memory of 3008	2260	chrome.exe	92
PID 2260 wrote to memory of 3008	2260	chrome.exe	92
PID 2260 wrote to memory of 3008	2260	chrome.exe	92
PID 2260 wrote to memory of 3008	2260	chrome.exe	92
PID 2260 wrote to memory of 3008	2260	chrome.exe	92
PID 2260 wrote to memory of 3008	2260	chrome.exe	92
PID 2260 wrote to memory of 3008	2260	chrome.exe	92

C:\Users\Admin\AppData\Local\Temp\MixerLapx Setup 1.7.3.exe
"C:\Users\Admin\AppData\Local\Temp\MixerLapx Setup 1.7.3.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3520
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq MixerLapx.exe" /FO csv | "C:\Windows\system32\find.exe" "MixerLapx.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2284
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq MixerLapx.exe" /FO csv
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4400
- - C:\Windows\SysWOW64\find.exe
    "C:\Windows\system32\find.exe" "MixerLapx.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff38e3cc40,0x7fff38e3cc4c,0x7fff38e3cc58
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3200,i,16945498551907986484,17365078373548199185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:2
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1804,i,16945498551907986484,17365078373548199185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3476 /prefetch:3
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2004,i,16945498551907986484,17365078373548199185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3556 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2668,i,16945498551907986484,17365078373548199185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2676,i,16945498551907986484,17365078373548199185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3908 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4336,i,16945498551907986484,17365078373548199185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2768 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4692,i,16945498551907986484,17365078373548199185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4816,i,16945498551907986484,17365078373548199185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4524,i,16945498551907986484,17365078373548199185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:4912

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:780

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:900

C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
"C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:4500
- C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
  "C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\MixerLapx" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1812,i,14281140638178332281,16169641755957760749,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3388
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5492
- C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
  "C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\MixerLapx" --field-trial-handle=2012,i,14281140638178332281,16169641755957760749,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2008 /prefetch:11
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5508
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5860
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:6052
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:3808
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:648
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:996
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:4600
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:5292
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:4836
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:5692
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:5592
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:3496
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:4040
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:4056
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:1720
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:2068
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:5264
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:5060
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:5088
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:5452
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:3752
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2308
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5280
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4220
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:3516
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5496
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5900
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1984
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:6096
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5704
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5176
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4340
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:3432
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5984
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1192
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5420
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1212
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1848
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:3764
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4340
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2624
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5892
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5916
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4572
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:6140
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "& {Add-Type -AssemblyName System.Windows.Forms; [System.Windows.Forms.MessageBox]::Show('The application was unable to start correctly (0xc000007b). Click OK to close the application.', 'Application Error', [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Error)}""
  2⤵
  PID:6032
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "& {Add-Type -AssemblyName System.Windows.Forms; [System.Windows.Forms.MessageBox]::Show('The application was unable to start correctly (0xc000007b). Click OK to close the application.', 'Application Error', [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Error)}"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:4192
- C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
  "C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\MixerLapx" --gpu-preferences=UAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1592,i,14281140638178332281,16169641755957760749,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2664 /prefetch:10
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff233ccc40,0x7fff233ccc4c,0x7fff233ccc58
  2⤵
  PID:5968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2220,i,10694625456949593255,7910176096306258258,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1716,i,10694625456949593255,7910176096306258258,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1888,i,10694625456949593255,7910176096306258258,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=2488 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,10694625456949593255,7910176096306258258,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,10694625456949593255,7910176096306258258,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4480,i,10694625456949593255,7910176096306258258,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:4996

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff233ccc40,0x7fff233ccc4c,0x7fff233ccc58
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2356,i,9280442696871421272,16693560361947881957,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=2344 /prefetch:2
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1700,i,9280442696871421272,16693560361947881957,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=2600 /prefetch:3
  2⤵
  PID:5348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1952,i,9280442696871421272,16693560361947881957,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=2456 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,9280442696871421272,16693560361947881957,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,9280442696871421272,16693560361947881957,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4464,i,9280442696871421272,16693560361947881957,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4644,i,9280442696871421272,16693560361947881957,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=4616 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4772,i,9280442696871421272,16693560361947881957,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4944,i,9280442696871421272,16693560361947881957,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4288,i,9280442696871421272,16693560361947881957,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:5236

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5300

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
719b5a19c4d86a1f1c8a69b0c3ca1a86

SHA1
8d10a71dd51e5982dad6ead4c44d8e9de2bbab9a

SHA256
9d760ffb787d9e03cc6528d9d501ee0eb380cadbb1483215c9f9336739ee841d

SHA512
30a2bf66eefcf8843aac4d0647d4acae8c530671798d1c88737d91be40b9fd8667c335cb3a105f7135b5ff016da435e7aaf27c7843acfb7689f328cf2afcd5db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2d25f183-b9bc-4cd8-9d01-bfbd6c1019da.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8a59d60a84e6a5d2ad91dea524f7be83

SHA1
ffd5f95a69cc867ad8a1078e19550e430d9cc016

SHA256
202abee7cfd848483faa66ae6ec5257cf258e5888239841fb540dfb54baded7b

SHA512
863d207f9c99d3197e4db65d999d9dfad129de844cc5c67bdfa55a4ba3a70e1ad699f14becedf7826b48144a2af19698a2b0bcbfdf8b3f51c5d8d707863be08d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
500f71d71f432927ced8900b8f6dbdcc

SHA1
4540f925656e67b85a49ea5654167e47d046d4e7

SHA256
9cb970ffa5f98b510fc0b86aa9ddea4d12b630c12e73c2d3c1f752e92c040754

SHA512
01ac199c7ac0875d38552f563a1f2e2ecd5de00149a86bbdc1ed8d47b831708c96c21aef6a486e49579bb8d504e46923eb8d013c2823904088dc9dc2c8de0598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
29e7ab2a4b91d2140780a1059686f94d

SHA1
aafd6e80e10188e48412752530ac825022034b43

SHA256
7b2c1a54e600bda7794c1894007f5d0a3c771da957bc9ec8d36e33f7a327e5db

SHA512
4dd7c56f915cb700cdfb645817082b255bfc9b39d8e1aaa61e4505726659818f54d7a0c52c48f3d863c055ec5aec4f5099438ca4482498ab43252815d02285d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
871855abbc02071fa66cd89f35e8bc18

SHA1
fbd50837d1b04d13e5a553ef97003148381d3a44

SHA256
1287604063de7b4999257ba6f567c87b3ceb7effac768a45e1ced01ad1ecde77

SHA512
f1950cfddd241e98aaabdf0ae172a703e07e39ad2259fd3282a4044b187d4aee5beba9897a8fbb0eeb4d0ae977d32097c23cfe6de77e7d00cb58995b2ec43e6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6b1c5bd8e1f74eabfcb4d12d83d7cb0e

SHA1
8bf06b4a7d793095708885cfd477b479c14a1e7e

SHA256
a05d3a698a4888169be36480f8fb156619502e24f94fa6de136c5f8f773a7aef

SHA512
df3adcc4fed6e25d94551f68e449d9838f950f77ec8bd4074235919f6f4f7b55aea0da336f7ad1f9c77c7e345a6a4f3e89d1c31aebd96a191266c3b125fb67bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
433d46d7f840d6ffd63098f7a3e59129

SHA1
dcc98d1686fca53f3c8f697e6037952bfda1feca

SHA256
d57af3082f76a27c936fb839f58e05b94b63ec17b5717c72f186d640bfbb38a0

SHA512
b9fabc4f76b1c5619d105303b35fbff24e1ebca7cbca9df48fbddb93fb82636464ec5c8e40faeba1be45fe4c0a6378e55ff0ba3b300b922b3579a08ccad0075c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
e16db11c65dc2e671f9cc0898f65f12f

SHA1
6d035e2b3d0695558064d544e7279abfff6bf5f5

SHA256
5f72ae9c44ceb86b5589c5e0476a1a5dc881188e949fd15c14104fc29ccd8089

SHA512
1b535cd875325fd6ea6f92f3f986d212635542de39598e86cf096d057289a36d667a1a63172fbbd92b4285cf765adf72680167bb5c77e0f35e886e2fd94162e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
05850c6c0442ea6966fe2a888f219f4b

SHA1
e6b1c8eb783b307672a6f06b785a7e9b78633b46

SHA256
f51b54c5f5074076216b2d0a3e66c13e80d8f1da311614ec15c9170dff11ad5a

SHA512
9db20e00e103700f67256568e38f9b37f29af3c30f3454a38b3e033c6c2f6bd796c5b5a8c5faa98bb45d7521d76c2bf323d503b8a0196cacbd701167d441c6f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
0bf24cb5afce6a795556c5f78e5596d1

SHA1
346f801251325229af06f880c0df9b146d29b2cc

SHA256
1a9adebf24ba029a5dd5a93807b745becae8790bc5bc7309257ae09bdb66d08d

SHA512
538e400a94c04af4ec99c6b00f96a50822aa6c397bed8b4fdc38f045633558f1a7ab8ac67bcf96d1da2f588d90b8f586aed65818cb7062b6f9b9d3a9dbfe6872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
de59bde311feb3d088f51745ccbd3ae6

SHA1
2d1dcfad73716b29c5d7ae8478a28032a8347e0d

SHA256
cdfc26d19d688a8086baeb6b8e717e5146409a4607cab78d4d802b6dda454d9c

SHA512
570732fdb43587882ffdfa978cc373909c7d3377dba10196c4161376e9c3f372e7caa4dd20a84ed3905211ce066aa603293eeb934e354dc46f8fd69b1fc0912f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
9c33215baa5955c2bb8f83e1679ce55b

SHA1
307986652c8342e1f9cc3ac422bd2fdd03d2d84b

SHA256
9ef2471e253bc9223f5ad75025884aeacc9efb65b7ab05b29a46898cb61378c2

SHA512
2bf6c1af58dc5a51bb4345cd8d29e1e3aa2585b834d62720938747a18bbf7f3c66967706443a5f3915cd52bdd3059ca6701a9ae3b4088aaa1ef5904655e4dad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
a8c5d66e32b1b6492c4bc2b457719c1e

SHA1
3fb708e6e9a8f21973b07b32888f0d5378645e63

SHA256
555a853cf629a81def14aca7ea72e3604b113bff010956cb3771308081a49d72

SHA512
a27e9860050dc334b43beb9a91ef767010a93b63b4422de0a811b73ba17c1288c57c5c59203a7ae4242a2c1ee7e11f3baf94a9386839466312ebc702c27c02f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
d7eea1629b70cc7ebf9bd20059e83581

SHA1
c828586f7d588b4cacf0aff5c33561efad9e297b

SHA256
5d7470a644b39c3e8d246d448c7ba9424cdac7b9767f5e260b3133b6f93f1244

SHA512
6df7c11bb180519842e276641bcce9dbf46ecb3ac7b436045531fcaa93ff15c2a3b648dc5b4a2f8dcd4d0d8c641bac5d8b598d7ac7de83b5b1c722dfa79c2694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
079dc1f3d6ba1377afaa1d46be93e92c

SHA1
d90c479f1fd44dd511bfcf4d45ac1db68af39400

SHA256
0dd838848fdf49f08385d32c555e57b23cf27cde2e3efaee2c6e6fe9f62f0ef9

SHA512
79770994a314e3e26ddb015c2c6a47271af3a768c9091e2842584bb32a0b9299e1f1366d6167867969651de79c24ca662afe6beaef0a25070f17051571670087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
11f5758cbd24928e8e02fae339fb218c

SHA1
c448b62dd276b1a0ed4146543c5159aa7fa927f3

SHA256
c46e4ffd7b21790700f3f643773986162f59efba6e80f8f335b36fe470e28490

SHA512
197083bd411b0ec63fbec3e80064667e555327cfcdb4e2d274a3ad20ddccdf93b6663d8c13de71428329e50acc07c665a22735e70064e9ec93f1a07ec573efbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
ba3521778b7f5c6f9b21f42d33e13c70

SHA1
34bc003ad0247d3e1c1ce87f77f11d8f6716e3c6

SHA256
4518a788cb18d37672dcad29612aaea0cc4015898b66ddd48e1ba4c428faf3ec

SHA512
54cdb6b4bdf0e29e9971a8f36372c9007226ac12e6ad2331b054a5d025873d0123bdfe6511ca29bbe3ef06d74b6c6dbee911ec440e9d32f4ee04b576859f72e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
d3ee15676466414ef09eb73e031a2b35

SHA1
7e84c0f5ea6f3125296f2ed960e263bcda51b53b

SHA256
c447e3f936383d218040b3759c17923dbba378815dee2d26582ff1341a250017

SHA512
cb2d0057d99812d8c6b746bfeed699c3067ad120064040eb8930499f5693004d80c9c400ebc16004621707a1c93b50b0b1bca90e3f88342ca25c475eab37e062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
5dc4458b670771b996167824ad2b76bf

SHA1
7f3cf7f36d6dd4e2f769b3853070e5dd9e459eea

SHA256
f6b0f398a9ac69e3ab76e0fd16cb2254e20d00c85585497ebe70c8e0ae16dfab

SHA512
ff8ebbc944c8cd5d0da100985c884d4d5904592b962d00dee354019e8fb64f1c64c598606563bc7da7febff594b39d2b1a4e0a7772991e9a7beddf2336af2185

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
2c06e5dbe26cad75eff178e8de7e1dd7

SHA1
3e95013add14213af62bc88cd137c4af99a44c46

SHA256
07c81c9d9aecc5cb2fc56f7f9c52e2e7a905927c4435a1efd1339c8f1689e453

SHA512
2b42f4f63f2dad0a1192a2d68591d7f085c3074d162b5ac46e9ffe51f4417ff26f59c677c9bffcae4512f26a6293e9d61cd2cbecb9f01354305ba20ea2bdb2a3

Download Submit
C:\Users\Admin\AppData\Local\Programs\MixerLapx\chrome_100_percent.pak

Filesize
147KB

MD5
3c72d78266a90ed10dc0b0da7fdc6790

SHA1
6690eb15b179c8790e13956527ebbf3d274eef9b

SHA256
14a6a393c60f62df9bc1036e98346cd557e0ae73e8c7552d163fa64da77804d7

SHA512
b1babf1c37b566a5f0e5f84156f7ab59872690ba0bdd51850525f86769bfebc245f83988a3508945cf7617d73cd25e8469228974dd2c38415388b6a378552420

Download Submit
C:\Users\Admin\AppData\Local\Programs\MixerLapx\locales\cs.pak

Filesize
589KB

MD5
709ed2e9426081c9e86d9abdc74b44a3

SHA1
f55fc17c8b9bc5f09a539ecb8b995c1b43fc4d25

SHA256
6597d0dadf724999741e0f24953ce9be02c8b98ecb8a382115b205edde87c160

SHA512
992ba983cb8b24bf0ff190715c5845f34b13f17227486350fc736c872ac8f0b21347f5f6d13e2e204e928ec664e283ca65b65f72d9910725f55d737b6c5fda40

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kf35yjil.hcm.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\e504df92-a51b-499f-86b4-9d64bab66876.zip

Filesize
673B

MD5
b45374f8afc9da1c42351722181aea2e

SHA1
af5c153934a9cbcdbe356ac39654783b3ef19360

SHA256
0c478c0a4378802eb058026609312bcd2383d9b81c3e20e27987e18a79892d3f

SHA512
43ca6a908f385d69624964ccb07d03a81e5a4cc382e9b1f1fdb02d2fe173960ee2aa65b3fed3b44c2c74af0293a404e99bd633d13b5fffbfdb9541a3daca0332

Download Submit
C:\Users\Admin\AppData\Local\Temp\e504df92-a51b-499f-86b4-9d64bab66876\History\Chrome_Default.txt

Filesize
524B

MD5
5d07fd22c4243be85ab038c6bf84c04f

SHA1
02539034a046f6e134ccda57b4e0a27826caa6d4

SHA256
4c1ebca210fec99417bc48914fb348a687c61a1f994a2ac972d66342868e54ce

SHA512
8a51ddabe304febb2546bb42101564d98e29f9bcbe0ca7faa34faa3f553cd32b0a781c812d100b01f00344df93af46efffd5e2d8b617f2457b3a97e420025d26

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\LICENSES.chromium.html

Filesize
9.0MB

MD5
f017c462d59fd22271a2c5e7f38327f9

SHA1
7e1bbeea6ac2599bd0f08877aa5811d32f1aceb9

SHA256
40f314c778851106918aae749d75b2d913984327602a1bfb7ef0cc6443ff2a37

SHA512
72177281486f6ec26ccc743b43481c31470c7dd53f17b0a67ac087dded190c2e3dde5570260150c2e9650186a515740af7f81e31965c95bb762340f9ac100c07

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\chrome_200_percent.pak

Filesize
222KB

MD5
3969308aae1dc1c2105bbd25901bcd01

SHA1
a32f3c8341944da75e3eed5ef30602a98ec75b48

SHA256
20c93f2cfd69f3249cdfd46f317b37a9432ecc0de73323d24ecf65ce0f3c1bb6

SHA512
f81ed1890b46f7d9f6096b9ef5daab5b21788952efb5c4dcd6b8fd43e4673a91607c748f31434c84a180d943928d83928037058493e7e9b48c3de1fc8025df7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.7MB

MD5
a7b7470c347f84365ffe1b2072b4f95c

SHA1
57a96f6fb326ba65b7f7016242132b3f9464c7a3

SHA256
af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

SHA512
83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\ffmpeg.dll

Filesize
2.8MB

MD5
ebf0485fbf546b010c2b10c5c8e7d5ed

SHA1
a4a546f6be93bae535aa724ce2832f428cc91f89

SHA256
46a20d91861f6e966959635dd5f1adfd7f33449dd814a9aecf207b0cd53117ba

SHA512
9e6011c0269556376907850fddac8fdf50e132434da7daf4d87be83c1b89b7aef847b25b6216686915225a82374fac6ff987f22efc01d5b1c2cc81d53d7facc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\icudtl.dat

Filesize
10.0MB

MD5
ffd67c1e24cb35dc109a24024b1ba7ec

SHA1
99f545bc396878c7a53e98a79017d9531af7c1f5

SHA256
9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92

SHA512
e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\libEGL.dll

Filesize
473KB

MD5
4c01b3614be1f38a6d594443a547c257

SHA1
7eaa456b164613577d0965ab5a57ba2b681a6ffa

SHA256
e36da1a4228899bebe50cc5da1fcbbc590cdcb3ddee0b2a19defd99a805b6ed4

SHA512
b72fc071dc791c63978465a68c9a4904d5f1c458d302bb710e83576f20ef928d73c487248a305bb455990c2d8a6b894ee47d88bca6bc92360f286849ae1a1257

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\libGLESv2.dll

Filesize
8.0MB

MD5
9bbeb7b27646442c8bc2d202a73516d5

SHA1
a7f7a52dc45bf130581953e07ce9b9851cbce90a

SHA256
2b80817443265e7979b9a77075492e8e29be3ba775d20f646cdda391efbab21c

SHA512
f9826e43f53bb9b906b5c62ff2502d4e8dc3ff99b72420cf313a5811061cb146651cba3b8f864f34dfcfd51c6e3b39a0a640719ef94d7696bdc4fab7e9d16785

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\af.pak

Filesize
508KB

MD5
09455048c30cecbb17d6e0e95e4c01da

SHA1
6572850b07df45933ed57754f72c44895a7ef662

SHA256
e973763dcc0ffd7a5afe0a62ec9651c4c3db7fe29a23797fafc34b83512d03aa

SHA512
f59b68c213815ad81379c964abe6597b900b9fac5fe17e2cb378d015c4803f96b598ef70333d594599b3283a88a9ca9cb2475afc2590eda2ddf7b041ba2368e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\am.pak

Filesize
822KB

MD5
1c47cbc228940f5c645f2fd77602253e

SHA1
474a5006ae9ae774b5d420c2f1fb0d0f2ff36afb

SHA256
5245154c986ca89ef53a24a4246345e3db01ebe47219f1d0772935b03e81e37b

SHA512
dd4e7c1e26759001ab1ef63f93e847e2908c78d943c7546c88e1988d96a6625f9de9e0ab8b38af4c7b07202e1a5488023cc3429075de6c9b9394307c88442673

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\ar.pak

Filesize
901KB

MD5
513e6bea67200feef37fb2e8c7fcec36

SHA1
b0edbb5846b8ddfd95ad74905e890892192279d3

SHA256
00a9c88b644807369637ddb78d9832d7137b5f1c64ca9720a36bfccea8c38d98

SHA512
fbc184640fc419b50f6b1a78168a9efb63f8ac4c151baed17b5e9b9d333a360dce109351654ebf1c71c97471917c922456cf9c816118c6c781efdee14d8360fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\bg.pak

Filesize
938KB

MD5
e1322b5cdbb96d2cf4a5fa5993c2acc6

SHA1
e813a5685b1885c2788c4826a8f8659493febbf5

SHA256
39707fb80e38e9404accac5f12ff1f3745589bd80b1586e2208b27c0c8eafcc2

SHA512
2c6e766d671bc4ac772196e40b818039fc88f02eeaa59f78c78558e5e2670c1fb7fed9391684160c0af5a92acf8991533b298b5aabc3919c706f23f094f2ac15

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\bn.pak

Filesize
1.2MB

MD5
880e325d5643051ad7e29c2280fab954

SHA1
cc46cff349031f9036cafafd3c091d1a5ab93f2f

SHA256
2fbcb9524eba04637e3f6c2874f7fce917326ba90877e1715eae4b35f141dd3d

SHA512
d16d085bd51ad267738c649f6bbfb15b8ce5ac73b838cfb7e2ab0f4c135317c358b83a7b5d3506c492f75b97edb8d1eeee9733d12c9eca1bc51012d660b9e912

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\ca.pak

Filesize
571KB

MD5
84b1e5be23e838708773d4e022f99986

SHA1
53e411d571605a0a86a1040bff32a5e951ce9ee8

SHA256
faff0931e9479b76d2b6247739d4f934023a64bbe8578be08e2dd0eb053231f6

SHA512
8afc396b859fbd0c03d1b7604f5cd80d41fd8e3df52ab88ba22a31a6a0df447671377f2ad0f6797682da6aa32d7c779defa1097ee140af207adc94575957fca8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\da.pak

Filesize
533KB

MD5
96bbef1eee0b0a197ec834839c00e11c

SHA1
35adba0aafbb4d19015e11dde1f37de87292252d

SHA256
600e02877374dc083b21deb3cc3bf6a4e3e2b2c581a631955494b0591c56289c

SHA512
e1ae7ad30735b6c42f81d30d50162330603753b0ce7705506918d0bf3bf9a52ac60f8fca570cdfe87f0d6dd46cfa3064d5a1526d39d81a053571b434b1cbffe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\de.pak

Filesize
569KB

MD5
3a9f06d1708b7620e2639851024ed0b8

SHA1
51c0d824bf38250ec0aae58e63141489931f02ec

SHA256
91da97794994f6544707299fee6b775745dc3891fc879d8e8a05844c6383eb53

SHA512
08e80783de403651af208387a3191db30d1353cc25f310c917a1133b2622e4b6809bc2bd881517678e9229e6492705c5f45be3e849c0512c4a651c5b7026c926

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\el.pak

Filesize
1.0MB

MD5
4009c890acb9b81928e6e1a4b593dd62

SHA1
83083e9c948ebba18fa990e230ee33fceae43cbc

SHA256
897b6fae230e6a3cd14e16eb537f96d820950f5a4537fe146a732ab028b7124d

SHA512
b4c87024d3cd612b8af6f73b31853936614f4315ba9a48b4687120dc64e1794c568c4e074e41ae6f8dedeab61484e145dc0ca3bdb95482fd85492fddc26ab6ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\en-GB.pak

Filesize
463KB

MD5
ceba44242f8b24b70c9b59b5094d8da8

SHA1
84e16c522ad397289a923e5cd4b012e2d323af4e

SHA256
b0fd61679565a7649c90214efecdf6e1231a8e7895dad93452bfa1425417d5b7

SHA512
31cd936157a7408a43dcba597f6e098499dd4c5fc011ef818ce93eb7a05c9d354229c3b2295dbc290a6d3f3600373f18f75b334ba9013a5dc0be44c82f2e51bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\en-US.pak

Filesize
467KB

MD5
d47cded365a28d27906414035c1cb3ca

SHA1
429123c86f6ca48a89bedc9a26027e01508e6db9

SHA256
46958caf9847e33a11593ad024d5a95cc696edcd4620cf07e7b2b78c72b9c00c

SHA512
1a16d784913fead116460c9ff42e21ae482865cfe2d6ed1b1296496e46a05e513f8d048fa4d245e7a82ef61de4c4130696d5b1c647c918995f6877a888bd0853

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\es-419.pak

Filesize
562KB

MD5
ae62374bc2e71d9abed6e0c1d4bfe309

SHA1
624a8210376e11814485fe90a8825bb6ca883188

SHA256
48bd8f17823ce0f0a6f1c9fda020d5b5655e2419634f92725ab263339d9a321a

SHA512
345794d617dd3aa200ca248566e9ba36dc846af9afe259545b5a61e787b1b52e112c7eb68bc025b0d2076790a4b77a82a724bc213fad9f0f38db6054332bfced

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\es.pak

Filesize
562KB

MD5
070cbd6f42db1cb9b6a2f74e03d6b124

SHA1
f8830e1c8a601123d85fd75188ed01833f910691

SHA256
91de93a4dc9c9276b9ee3ae498bdafaa55fd464c1f20fdaca84c4b79842327d4

SHA512
2ebee4e289eb2a19a97c86d1abdc1ad53c6a76b8c1dc28fc89cfde236c4abfbb823bf52573cc0848fd76ed9e0ab2d49def542837bc5c474ca1593fb5ed10a390

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\et.pak

Filesize
511KB

MD5
294c830b9e6667c8d5e7287cabd6a4b6

SHA1
52f44b97b71624bee6360301e8f6f34cfa428e72

SHA256
198674c98f10c36205161e382cc31560a4bf0de5f597a0c65f7f95777dc9bb24

SHA512
ade98fa9cc25148979f325660ed3f0f649a38709ea34b759796c4e202b3c30e76da3b8c17ecf2e1948db4a5be26af23c3a6e6b28f9445ceff68d251a5645db5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\fa.pak

Filesize
836KB

MD5
e5d53b9d5756871d684d018fb0c745b5

SHA1
b00a40704c91b33c2aa0f6829ae3dd886ba7177d

SHA256
8b93023af6428322b9b13aca5da9bd395a9c4775c72b758df8eb564d35d15cbd

SHA512
e722f114485cbbb5284d23f1ad1061213f40083c5da2ac9753e1416f75f7cee9d8315e6f4582322d992beb9a8cacefb607ee0b1737e3a6da775fc059a17c3fb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\fi.pak

Filesize
521KB

MD5
925f45e80be419aa0125096ebb81a23f

SHA1
e73a32362952dc0aea997ee408da090f1886a438

SHA256
bf20054eb68d3d67d17d2a8c594d896c9c33fbbd562535d0c7e6cf6c940a8732

SHA512
8510e2e9749b4342eb8d79bbfb983c43293f7f37d138464c96053a79685c578a148dd54013d211b02115256f174f51a74ca9155883055801bbe146053de52eb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\fil.pak

Filesize
590KB

MD5
a96f6f164897e62c984e9a61f6c3f7cb

SHA1
3ab2a714eb8e9b57e8a39792d152606ba0ef6a3a

SHA256
ff21df22f24c92a06f6bbda2c70b57e098d7bb6754988a5ada087aed9bc8b8af

SHA512
cd522884b66c940d64eb1377f9dd60143ae984fa7d144aa9d83b82a006b5da2ee9eabdcf046d362b2096d8a6b8486f36a10ac9f0642bb8cfb1e7903fda4c41f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\fr.pak

Filesize
608KB

MD5
fe0ea306a7b48ee2750af3a263d9f3d1

SHA1
877968909cfbbe499911b4d8b807a593c4be52c7

SHA256
955de4737419c06609227c63c2fbba7c8abf497fb976c99a4dc9f5d5105afbd1

SHA512
07978311caa9be82bd398100d1d8367c5ca840ffcc166b73aeea0bc7c86b53db13bf648decfb3f54a43b9d199e0d98fcd29fdfb291a703502369b025eccdf872

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\gu.pak

Filesize
1.2MB

MD5
cd212ed25482d2b5a246440b62c4fbbf

SHA1
197f3616dec4fb308e0ec5a17458ef8a2d027cd1

SHA256
0e8762ac08963088c33b74ee790df95370bbfc298bae8abfb87eb1307ef46d37

SHA512
207d3e9a6bfbd3eb19cf53a0a300eb0172ecb872496d627ac5b55b9ea11d52f24f01393893450fefaa3c42bb481129d54e552679f2f67a2af0e117d12464601d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\he.pak

Filesize
734KB

MD5
06e89cfa4c6f4bfb7aaead492c4f08f2

SHA1
39d943e0eb1637cd3f5a7b66ebcd28e76c89aaeb

SHA256
6b7937f16ae53457ac9a0c18fbac68b2076200b0fc98cb781415fdaf18c49301

SHA512
8b6d33657eda8a3f1d1bfd55135de88953d21916e72df646fec2b5f5b17e9e15849f428b0fd83143f375ada174aa953be8f07fa8ba90ca4d07dd1b859d034b4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\hi.pak

Filesize
1.2MB

MD5
e3b31e519b925414176ef2d9546c356c

SHA1
7cebb1c5fd9c78f704bb9e5c463f67c5426d0171

SHA256
82fbb97e7d9634df3c806439e144cf8d153d840bad98f6e790726841a91acd13

SHA512
fc3e735f010776cbdaba1592e6f685a1fb4773ab5062f5ba9ed95d9bcab2f0ce9ab024ed95158263450fc58c3197b84e38883262a588d6d92c4e623c61b4d200

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\hr.pak

Filesize
567KB

MD5
92e6ef5db4c0191282ce2dd3645461ea

SHA1
045d3ed58a625516af741c9e2f85680fc1561ed4

SHA256
f8d6694f1c05ca259a31e0427ba7cef5b57f0c4b33493fda21003911a5da6f07

SHA512
08b09857f173ef2a3067d60120167223b4ec7414ff6117d206bb12213ce9563c8d7923fc0ce6e7df0ea5d8ae2b3ded2a23993ab43bc46bea3c08df1bf59e16ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\hu.pak

Filesize
611KB

MD5
40807c6b0eefd2a2f16cf0ac2c28ed53

SHA1
1b416b29e59ef41e1f18b168947e42b7fa969d2e

SHA256
533ae7e865898b61ecfdec68c581b3c4858f2c3ec1fe496ab02c61db0362d941

SHA512
487cf71df0f2e59ce1151c146651f567b624ac0e48f770a2f1da76b27933aa2bdc30990788e2dba4543a11b9e5d3da6f31badb26d7f3a5c87088c5b4e1bd7756

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\id.pak

Filesize
504KB

MD5
a20c777901a144622f8a5520583af79b

SHA1
3506f8e07ee301bb195eb185032ebdc7fd231272

SHA256
fd44af213520242ba41f4c9003ddeedc71f923cb37e25b14e595f3e652ae18dd

SHA512
6a53bc2f5d0e4660767d21070d19f0c407fe676b9e9cbdc20e6016e333b2ad33da225bfc2833a0c0724e1b6245ca6ee3cc0e782ac955d6aebac3dc468db79a1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\it.pak

Filesize
554KB

MD5
acfd6f4b73b87455acb703e59303db33

SHA1
70eabbca61eb365191cd1256f3be40ea9223b2d5

SHA256
cae7bd535284f5f156c1466820aae2bcc0b0c0ba378ad0f04eef3a145deed9b9

SHA512
bfd52bc383f1f5a7d559968bdd779198c81286796564499174c3b5b9bbc7112f427e8316f78fb09ebc668c5cbf94c89c37e97abb00c9b87b5c5c108028fc549d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\ja.pak

Filesize
675KB

MD5
63cbeb056020b6ee8cfad26c7c6abb79

SHA1
99bf018555eec56aae4b19d10c85ac506f4164a7

SHA256
aad9e17b2170b76248d61a3bac9b1bebc44b94885403ec2cc21a31397bf029b4

SHA512
5aa4e764f06f0e8490dab89a8b3754cccdd41739b4654ac8e30de160cad335f681fa5dd7782482aaf66ff1d827ce0c34df85c23c334a35035a3a4e3d0f305343

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\kn.pak

Filesize
1.3MB

MD5
f4c1e83eabd580c0b4c63b2dc510ce6a

SHA1
fc1d9fed0f073504b022606e424e7cc9796648b2

SHA256
79fd72e764a1d8ad623892e563e174463f29d6ce61a2ae29af102d71da4b8e25

SHA512
927e6ff4c7d1c28c89afdf44c62643740a94b01e9f6e927e543834c833e1b4abf97de1489c6717f9054243c180474fc695a70c4ea8852d95c690f38c785705e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\ko.pak

Filesize
572KB

MD5
626e172ad9b55ba0a1e2802ce5e10d0d

SHA1
ecd855a47448609e8e9d7bdd80f92edd494ca77c

SHA256
7111342770c33aaaffdd6fd9ef15095a6d89e48d2468c19172c0eb9b6f26ebdf

SHA512
d42594259929e35b763e71cb7022d34a11bf75a4b9bb058e251cbbe8e80bccdfb284eed1c6367f98e3023134c24d50542c64673d80e29230fdd057de70a10d5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\lt.pak

Filesize
615KB

MD5
b02bf54687716b5d5f18aee02411a980

SHA1
4cf766077382c49fb89d59d861de0f482f989798

SHA256
0b0e3fcb82ddca52f9eb1ff9e1ee224639ff81f1c0af6ded4e21944811babc0b

SHA512
aea879ac96a5719e8988011a7b82726bf51a24e170e260182146191f43914cd50991928d2283277d173ad650f7cfb1246fad9445260e9ca0769052079d431f25

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\lv.pak

Filesize
614KB

MD5
df9985ecfc958f343ab7e56e71149d71

SHA1
fc0d2c4a194d500a1f4cfafcd9102186016ba5a3

SHA256
7e17246e23ca2d0241d56d91b5d5e6bfb3ff4e08f1a3734f9d032b4191282fa2

SHA512
0dd65eed7a5bccee0ac5e2826f0cceed848dff0d0d41904e00d35cec9d96fc0b91a4eb54fbcf0bbba61f89848562a606f9f7aa827cb180abe7e97a2e77a29309

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\ml.pak

Filesize
1.4MB

MD5
265d7fbee9a021895d51209dc0181f90

SHA1
30e37013971bacd3ee93ad2fca01cb59a26d6a87

SHA256
682463d4a0221711e565ecf409893536d727650efd2ed0563c722cceab66b1ad

SHA512
028e1ad499b20ff7cda822b91f9b8d1cbb1efe108b7236d817b73a6f8e518b5f4a8ae77d653ae5c9d799842eaee3915250ef56f634f847fc5fc8a3b36eea176c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\mr.pak

Filesize
1.1MB

MD5
af7c7d72a968e1936f26a3c755157f6b

SHA1
2ec71950847f5fb4b85697b6acd05224c28bb092

SHA256
e5702b9578435abbbcc922f1d4ff8c5a345856926c2174c329e228987c3ac7d5

SHA512
d265eeee96adafc3ced76901c9263bc1cb349caf925a02d5deb010c02843fb653a17e1e8a4e942c9912f654316c4a7a1776e6a7eda56ab82ae9d4d077a58a929

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\ms.pak

Filesize
528KB

MD5
06f24bba6fa8e9a009b3062227d4c259

SHA1
f50b0da2a86a138d16022f5642d96ff1a3ce7568

SHA256
cdfcbd86ddf584621bb2966c2d43f18096f974edb795cac0d1db43a60f3bc24c

SHA512
02239741f103c8b63072abab475ac313cb48612cac36890b7946fd816028fcba9be7ecc17ba5b934016d8817c52855ef208bffe5191d0eed35aa5243527e2150

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\nb.pak

Filesize
512KB

MD5
cf18f58e8e4e37b2e5fa7ef8269a294f

SHA1
c60d6e84f5cfe4cadbf4efed9b5998307b20fb9f

SHA256
3f1ed8ff0207c678b6a0a98e82fefd6340e35b7d16689672dfa90d9ee63921c6

SHA512
8f336fc50943d693ee80475250d2dbfc1401c615da571115f2c02551959028125b91ea6ffe22171dd12241688703e1869402146ef4e85a46059fe022759da953

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\nl.pak

Filesize
530KB

MD5
d7048d029ab3ff807dff790113328574

SHA1
07872f608062aa482532edda0dd2e1de31669380

SHA256
0e9c114529b9ec20118bb96ffeea05d1a408e4eb621e3fc65f49353195d1af96

SHA512
050b0eacf5b4da024d1a2af54f3511c4671756b0dab3f961d8acee5d1695eb29fba7768246dd5b3bcc253136df97e49a305832c37943380dc337776cb1fb1549

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\pl.pak

Filesize
591KB

MD5
4003c253ef85ec0ff8a65204955994b0

SHA1
af3074fb622445f6429899cb33a33bbcc60e5e5a

SHA256
4db10dace60cc56b610a7f92caebf4e7e98ddcaf8dac4f5a87db8f750f51ef8e

SHA512
5624c8f6268c8a8dbf1a69a032ebb89e670685cb736a3cb42a65e2dca118a85e076818b58ba2e392991eff7921495167616107f402c841a8456b5b5888b70ca1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\pt-BR.pak

Filesize
555KB

MD5
0711b3f59ac95761899b013b3b242c93

SHA1
73fe7a4f60a6b92a966f1177c71bf85c6f95004f

SHA256
be445bfcd9429570e5006063b1c8299a41e762e8e0c2b63551bcf16cb6fb868b

SHA512
aad5ff84d1833db418a46961a5e3abd040e19e5a87bd6763039f8db7dda19c3cd9d7ea862585080636c2888ab1a50f2ba579cbc0ca0df8135537f1cc7543882b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\pt-PT.pak

Filesize
558KB

MD5
fbff8ba7e31acc6c26c0e4b7277cbbd0

SHA1
b9acdcbe2f0f429474acc4dd883d668cde9d3165

SHA256
477d6666bed083b27335a479c71279ad41a674f7b6a412ada1bba18be542ddc7

SHA512
ffdbb2773f18038f5d4cf145f3311feae25110ceb8efd9c895267f98acef7e901dd7d843f7c5291cd333fc81b80da301d0c92e5c0d6857da7e4eb68a5a0c540b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\ro.pak

Filesize
579KB

MD5
5d5a27c52ae905fd85f5d50cb793e7ca

SHA1
b858bba1ef66c4d3943be19a4bf8a508c23e6671

SHA256
9ff47f6890b3f543bc51015f263e791d8a3bc332098f8cd8199852fa131fa579

SHA512
f4754951ff0dd3f1ec2c0859a93422330145f9e4e3407bb7f95863c85227b96d3f8af449c0a051b60f333df3695eea5df70fd5f7fe4916e60eb6f7c4c21aa5e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\ru.pak

Filesize
951KB

MD5
4ec91cdba9839e214ef7c008775e9e6e

SHA1
ea9f0f22ee1bca09ac38c01300cc91e2fc8aee51

SHA256
64f069a34be4966a9c28361e1c4914ce23bf96faa3bb5533fc3d233bfeac5cc1

SHA512
8c49ca910bfff175a4d88778ea34437a5acb0d52e349160f31091bd33d8ed76524950fe3e0f508c243ed76b289a550291ec68a7e0c1c426a64fbff0579c94d14

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\sk.pak

Filesize
598KB

MD5
b7d16d6702d4b4b5d3a9e4c3e0e13eb2

SHA1
6b2f1591ec51c4a7cf1435fbec7b5af94e0b5d4b

SHA256
e93580dffc1715edb37965c5787048e3e282d0477f277668ca7f49cfda7142c0

SHA512
a09950a9bb3f9814d946857e32901a9b6d73b4862a85f00b7f1f035ce0cab5af4ebf3aa003731ffa8ccea88d71866ec01d9ce578fc0b13b3cfdd3df332a0c40c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\sl.pak

Filesize
574KB

MD5
48ead6e0160cbc6cbacb247cd3643110

SHA1
b39a91bb90f26c74dbc9fa28b257b705b54f2b81

SHA256
fc4cc46ff82cb8a41181e825a3d4e4508753fb68ff01a60486b7df4a4e11e89b

SHA512
c037d352d315805a18796a121e47c73d37d68e735c9334e11b393235ae75b803cbc03cf7cf8480683bc68c9b98fba9f5a7b045b650598e5d9367ab58a24e75f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\sr.pak

Filesize
883KB

MD5
5c811e0c9b775886bc11b46703cb67a0

SHA1
e9a777cc72263c7e7c4bfaa36e41b29e405a2a18

SHA256
4c524e149c02c37034ec92dd90f20f463413f2650ac9f32d52ef7260f9a34f1b

SHA512
d7db44fbfff3e3204b92aff44dc02c184344853d85fd79cd962bcad8efe85a13d1aaf9ed69a6e81fcc6e690afa4b1ba7cf1764225916f398c0f960d56e5bc57c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\sv.pak

Filesize
516KB

MD5
b75471d16a5b4cfbb43ea86d3077e63a

SHA1
302958743c97218d13a72ade3a22e4181922531f

SHA256
ec0f43dae8e52169396f289dfeb5d49b7f9258bafb0ed3060dd652fa744e5264

SHA512
63556f738df1527ad96cca95f3e37934b054df83cfacd4e120745ceeb0536d4bc1919c66acff3e5253a62824c032ae7e8f9496df13b9ccb6fe00f67920a63cb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\sw.pak

Filesize
543KB

MD5
912db9e797ea3e277f18e72173f26ad5

SHA1
a83461503becad16ea0d33fd5501603688a65ed5

SHA256
89d1245c645cc26d67ac0f556734ebeb99b436cf19edd3cb3b220e78a87796e0

SHA512
b5c334b528ba6d26dde9b4b1100c01bd1675cfcc7167a9bab4d9fb95584ae629e9567ab3a4729776fbee22ca927d42e04fa016cf3f9fe510edfdc340309110ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\ta.pak

Filesize
1.4MB

MD5
22949a4acb6639bc4fea591bde3f6cec

SHA1
672163723e294a5242e9654470e1efbb3e8aa0a4

SHA256
84776412fd7f2cff26713781be937bdb30352f9c7eb297ca811241e6cf4284d3

SHA512
5e3ee2d29eabfc4398b0f9784064eb03b3c3e13c59f4fb1b857c612727eebe1a4a1bcd76503b1356cf4b4d407431a643503d9068f61f1ed05041f3aad325262e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\te.pak

Filesize
1.3MB

MD5
f0a8ccf00882e83751fd666876c937bd

SHA1
6fd5045a20bdb912f61dd38f4d046b333bfb03c9

SHA256
65ce3f1fe059a8d8b67cd47485233c6ab3870cfbb313241fe0f24e948bb0f158

SHA512
8ea9f2215ac8354378aff1717ef6f1ba97ba8bcc1c660290d8a070c9a7cb9b0e1a87b8e37e68cd71d7bd429adba8b17c6cda68508b7389e42841fbe2f9c79528

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\th.pak

Filesize
1.1MB

MD5
77721a07831a7aef49934706398559cc

SHA1
240ac6e472ac7312f02b99a8d588813d3dfeb468

SHA256
e8cdabe4557192a6ad7040de396d807f96f50d6ef256dd04972211b9c898bc1d

SHA512
f73be17166c7a94c216d13d837146c3c72a5e205688479ce8199c8cf468eb1bf780f2569d42e908684f0059e6ded370428d9b123389ad2cf1553a0aecd1ef06f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\tr.pak

Filesize
554KB

MD5
41bc209ee64f56f04836fca3e2de362d

SHA1
c019805b555d4c24c347112a583ac9f9bf2ef142

SHA256
71356710c485d7db228a866789ce9d253276725d94a4e4622e7b82037beb9825

SHA512
a65c4f9147c5796567e61b0661b4766c199f156541a252ec442fe5b5e3e1156c80e8fc7cfb6d9e55db4c5f60732b55cfa74a65e7dc46fbd5a4e5dfc8f3891add

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\uk.pak

Filesize
952KB

MD5
7e2cbb9d3591278a76dd08364d3dad4d

SHA1
a760a029070bfe57d4ef273b705650cef0a92f61

SHA256
38616b5f7f939a84d5205e758a8d3fed024a8e3fbcc8159c90666ce650ae1d30

SHA512
81e5ebada5990d79363e2583efdd3ccb19d8a10291cf6680d77d7c399816fe273a4fea5a7cb5e55e11f445df46a7ccad2942dc04f4fb8b6f66d2f2b151374de2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\ur.pak

Filesize
830KB

MD5
157117641502b63c89110363dc7083b2

SHA1
fc86039a03b2e48fafc70e1cadc096fd46389af2

SHA256
fb7cd2f4beeceaf445f4d299a3db26cce49a7950a37e5a9b48fae7f5a8e09f99

SHA512
422d92c5f0b2b2f9f35dbb7c11cd1b463085201912948c61222bb4f43f8dfd777fce678f04371df53ab6d07ec14cfbc9e4b1b084a72a0f2aa80ca7a4728e6359

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\vi.pak

Filesize
657KB

MD5
e6db9a8c61dc84aff75efc00b486a8d1

SHA1
6d1f0329f9a44b64fa3474313c7bf207bfd78557

SHA256
8ff2d05730915c1b15a97a3915c03d83239c34771ed661ccac745fb308901f14

SHA512
89cf188b5d21528166353b29986f5afb9aad9a51a57864951f7945124b157e0129125caeed58c70568e38f7ba3a34a17d10056902b58ba48ee2e4e10a4649f75

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\zh-CN.pak

Filesize
473KB

MD5
5356bf9ddeb7ffad20e27ef092dac528

SHA1
3514ded7211ff71297c87275ef0805588da2d47d

SHA256
0b6f0a9ded5734b260c1c02d7c717305d139bded5ec7ea80de40b641f13bfe0a

SHA512
887be5ed95b40d73e0f61f4b3e85f8a77d4bf4a222197b9d1c60711ae8481efbf9c183ba902dcbf437fdf70381bd232fe9c27cf0ce87c0f45b283b75b6d19962

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\locales\zh-TW.pak

Filesize
468KB

MD5
9c51b828271263d574382077abd2e2f3

SHA1
4de07caed06477855e4f4bba1d0d1178c5757171

SHA256
21550464b12c7f9b23380acf7ca2b42c1b578581613c342196da95908f14c8af

SHA512
0e6921dbc4be8d5d98bf80e9b0f8c7fc31cb4e7553ca76b9c697a3f1428f855e59ee0dee99903a5215dddee9375532226af81128f066656d98db28a8d9738604

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources.pak

Filesize
5.4MB

MD5
7398d5aee46689f03c278c8954f68f2b

SHA1
62e10057cfb2dc53c62d088d4fde3252d1216d86

SHA256
9590361aa74c43818881e622f2e3b7992c978397f7ac269f37accb435b134fc8

SHA512
1d6ae4cadd302fd683be66016cc4aa092bfe9689b81e1a764512327983f558a7ad9a10aadb7f8e13b73949d648d0e14ea0eb7c2de2420353a46e44c6b647c652

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar

Filesize
8.3MB

MD5
1ea30a9b696cd8a599f2cb898369a1b2

SHA1
8c6bbcd06ba1025251f06939c2c6c66b4e966a76

SHA256
507fa611b2fb48c321cc8e6a09c3aa4833e6cb804920a5cde2eb2ca834aa9880

SHA512
74f31b42c83e6aedbb55c63e6030aeee29391df969e692ba477c2bf85d7114aada23e231fb35182ea71710fd8744a7f9221ca610554ac82cd9066248faadf7ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\LICENSE

Filesize
1KB

MD5
7bd114b023fa6209fb7b02150a202ccc

SHA1
4451515f9d7b16ce8983abb4e85609fe4162c4d4

SHA256
455dda47a3fc2f58ab06d8e526f490ec43d0fc23a5ea80dd0942644397316d9b

SHA512
87ee4dc1da13937055eade250f1f8a357f549c709b9659258c137009060080aca5cfd979890a7b2d662083f4c646cce9af6e20774b58541af9e712fb5f4f1c60

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\dist\index.js

Filesize
412B

MD5
0b33e83d33b01a51625a0fdcbef42ce3

SHA1
1c29d999ff7da39426b97f2eb31a3d83db8f5fc7

SHA256
a7ff0225cb5ebcbef8499c6c8ac2be924f584eb375dacb1d8bd3dc6540b510f2

SHA512
1d04caf4fc2e876bdf2a089ae938a41fe4d3f2928aa846709bafd2de236fa8c754fcc84d7e8a5f5734bc1cecc04b395ab9d2114945b35e8c85cd3b9ee8f9799c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\package.json

Filesize
934B

MD5
83a6b767cd4ade2116654eb0a90fec3c

SHA1
07a0f29ddb1c8a48947ee05bb4d6ec3d2abe1df9

SHA256
59f4704391d2247b2a8d029d7338566d47d2ff0cd7477c49343efe93475f7a12

SHA512
404ed15686b7d611ba8aeac12e706af75a876502c51e40e48a598d05a9ac89f88902b2830a5c679f9bb7931f5c33bb10da3a32753fdb8c71a9d7b4346a1be8d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\prebuilds\win32-x64\node.napi.node

Filesize
137KB

MD5
04bfbfec8db966420fe4c7b85ebb506a

SHA1
939bb742a354a92e1dcd3661a62d69e48030a335

SHA256
da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd

SHA512
4ea97a9a120ed5bee8638e0a69561c2159fc3769062d7102167b0e92b4f1a5c002a761bd104282425f6cee8d0e39dbe7e12ad4e4a38570c3f90f31b65072dd65

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_addon.h

Filesize
206B

MD5
ea1e5899ec0210d7de4ce325d1d94022

SHA1
464da48d40547cb08a67a1ed38cb0ae8369f2f42

SHA256
18280b1135123aff82fbf4188a5aadfc9a5d6fffad9309f72f347f380f2da550

SHA512
6dae672ea822a7dc5e42914def21c019c0fa8aeaf1c27c155b78312d8a33a63ae9a1910dd32b72760578671780b8c37b91ff5e1f6588f08c7fbaaff80d8fb6fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_not_supported.cpp

Filesize
327B

MD5
c510e65ebcb2fa7c00712e770ec8c692

SHA1
ca1ea3c8340dcf69f344d5eaa884631eef37472b

SHA256
7c03cec11c438b6d2512239477d9f1b45d6e16763122a3a36458ab339f50d3c4

SHA512
b0b312426b4409c80b45a0f3337069be9870e050dc8b55184fb2bc63532c247089c8d35cbd1f12f0bd2bd38d581566faa74a6469b548a1ad7d837285ad37c178

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_win.cpp

Filesize
2KB

MD5
4a55597a2c7466278439452bb708b822

SHA1
eaadcda8f410f2dd1fd9522fd7a2221624dd1713

SHA256
da37b02fb0babb651244479ea019d229fff1c41ecde74bc06335b5e603d9b30e

SHA512
b20efe8026de41dd8c13c6f844455cacc13fa80bc3dd41fef422fb178054a7c8d6f14af8b1d6928e52648ab95a793aee1f996dc2aceead3aa8d317a99aad23bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\main.cpp

Filesize
698B

MD5
88934cc736b505ada3d07afe22083568

SHA1
6d1d112f4e7fc943dc5c9ce5ad2f32154aeb2f3a

SHA256
1ada21451bab629832372d519e366bfb08c80facfefe5a40c76a4f10a697c905

SHA512
9f45386cba32d13a50360916b0c2f240e43cba5983a86ad80f85c75cd8e6ac2c6b931992842a736e84e234b91fc46a7a66824a3a2748f474cf1bbd22ec138a99

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\LICENSE

Filesize
1KB

MD5
79558839a9db3e807e4ae6f8cd100c1c

SHA1
ae3dbcee04c86fbc589fcf2547d4aaaeb41db3c2

SHA256
7686f81e580cd6774f609a2d8a41b2cebdf79bc30e6b46c3efff5a656158981c

SHA512
b42c93f2b097afa6e09d79ed045b4dd293df2c29d91dda5dda04084d3329b721a6aa92a6ad6714564386a7928e9af9195ac310deecd37a93bb04b6a6f744be46

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\common-sqlite.gypi

Filesize
1KB

MD5
92c4c5168a6a883f2a69ea4a1a37b7b5

SHA1
6dedc03d603631c1f70c626f5ef9d8ee6f342efa

SHA256
7b557c097c162c9ba04985ab822f92a176bf848c34ca38e54f061057ad0d8bd0

SHA512
904e605fe5bf1134031edcadc91ed55bf72d7fb1c862f99f25a672d29fdb34af22d4114cae389a853d703bc35bfc2c8429f86608fed5eec897c115ac3dea8de5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\extract.js

Filesize
224B

MD5
f0a82a6a6043bf87899114337c67df6c

SHA1
a906c146eb0a359742ff85c1d96a095bd0dd95fd

SHA256
5be353d29c0fabea29cfd34448c196da9506009c0b20fde55e01d4191941dd74

SHA512
d26879f890226808d9bd2644c5ca85cc339760e86b330212505706e5749464fafad1cb5f018c59a8f034d68d327cd3fa5234ceac0677de1ac9ae09039f574240

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite-autoconf-3410100.tar.gz

Filesize
3.0MB

MD5
c6d5034cf39232299ccfdf8e3ddc5781

SHA1
e77599a2df4c5b114c942ddba4483550d8982bf2

SHA256
4dadfbeab9f8e16c695d4fbbc51c16b2f77fb97ff4c1c3d139919dfc038c9e33

SHA512
6e6dafc35b8b11df3cd3bea48aaf84a102893242cffbe18eb7b111791563095111a2a8a5632636b8f46523d98d16e2b48dab79ee6707a141b22c2e6fde3002a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite3.gyp

Filesize
2KB

MD5
0e4d1d898d697ec33a9ad8a27f0483bf

SHA1
1505f707a17f35723cd268744c189d8df47bb3a3

SHA256
8793f62b1133892ba376d18a15f552ef12b1e016f7e5df32ffb7279b760c11bd

SHA512
c530aba70e5555a27d547562d8b826b186540068af9b4ccd01483ec39f083a991ac11d0cc66f40acaa8b03d774080f227ee705a38995f356a14abe6e5f97b545

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\binding\napi-v6-win32-unknown-x64\node_sqlite3.node

Filesize
1.8MB

MD5
3072b68e3c226aff39e6782d025f25a8

SHA1
cf559196d74fa490ac8ce192db222c9f5c5a006a

SHA256
7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01

SHA512
61ebc72c20195e99244d95af1ab44fa06201a1aee2b5da04490fdc4312e8324a40b0e15a7b42fab5179753d767c1d08ae1a7a56ac71a6e100e63f83db849ee61

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3-binding.js

Filesize
241B

MD5
ff6a0462767c6bf185a566f4aef65ba5

SHA1
7a3c3ee6748d00fac6e51e366518bb48a41794bb

SHA256
049b7b1b10417274be6c3e6a9518ac364729354435298d70abf834c35e8f3bf3

SHA512
088d706f5a18323128547b0f126564fb7fa7a36dc8365ee8287663b2cb63da2d02a991bc5cda19af24da2aa063357c25f21347835f9a8aaef341b33bd21127df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3.js

Filesize
6KB

MD5
275019a4199a84cfd18abd0f1ae497aa

SHA1
8601683f9b6206e525e4a087a7cca40d07828fd8

SHA256
8d6b400ae7f69a80d0cdd37a968d7b9a913661fa53475e5b8de49dda21684973

SHA512
6422249ccd710973f15d1242a8156d98fa8bdea820012df669e5363c50c5d8492d21ffefcdfa05b46c3c18033dde30f03349e880a4943feda8d1ee3c00f952b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\trace.js

Filesize
1KB

MD5
e5c2de3c74bc66d4906bb34591859a5f

SHA1
37ec527d9798d43898108080506126b4146334e7

SHA256
d06caec6136120c6fb7ee3681b1ca949e8b634e747ea8d3080c90f35aeb7728f

SHA512
e250e53dae618929cbf3cb2f1084a105d3a78bdfb6bb29e290f63a1fd5fbb5b2fab934ad16bc285e245d749a90c84bdc72fdc1a77af912b7356c18b0b197fbe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\package.json

Filesize
1KB

MD5
f9560f0fb25f1dc014682359373146c4

SHA1
b19c6321292cc63d26a18bef5d80787c5e57e746

SHA256
b145c00c63dde4da0eb3736b0d25fe79fa252a02daa9c3fdbb2d3a5783e98cf6

SHA512
dd51dcca43554f27b2718f87661cdfc86e6a51b36c15574870d793fa358f76816423c0ebcef34dd9a7fd7ce42e6be18f834100a327cdb3e6eb8dbd9d65792262

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\async.h

Filesize
1KB

MD5
7fcbaffdc03bb5164fbb27f8552dcf5d

SHA1
590e3430c1dfa30f241d56ea01f364d5b9e7e991

SHA256
b6e86bf43d74c8ee2c2f57eb1947be6ce5d8c258c4866609571ed6c97b58b53c

SHA512
e44d4850651e0e070d3f686db3d3797632121e32dc65b869739c0b45cfa13c055fc42d650f04c41915264b8772fcfeb2a38148b9fbe21a001af5a455854336b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\backup.h

Filesize
6KB

MD5
283f3987e0e65dca1b029bdbb625ccc2

SHA1
285d7995459c11a47e13834ae3ec0167eacf7d01

SHA256
d3956cdbb650e1ecff8c94fe4e8645f80e10088156d409703c19f186a9c41aa8

SHA512
ff5c21bd53bf75b33a5430d1abdc8a8649af1535ec02aa5fceb91ed1189e44f0818e25556946d3ad8032b077fa30e73503464aff219b42cbace1ea3f97acb605

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\database.h

Filesize
5KB

MD5
f023c6c0baf0411cb6eef0a7b2baad13

SHA1
748b78bf3ed5adc11e83f705033d8338d7eef2b5

SHA256
8c5bcd084dddab2f2994b6cddc9b69a8f78a1034588b765e7bd859f27868fe43

SHA512
08648cb37c0284799bb98fa2eb1abb508c8b992b43425203839e1e7f4092b7d2d7c83f6419417281ae278d3d61ade0b65959cf12f0c449a9688ee97749593dad

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\gcc-preinclude.h

Filesize
861B

MD5
55a9165c6720727b6ec6cb815b026deb

SHA1
e737e117bdefa5838834f342d2c51e8009011008

SHA256
9d4264bb1dcbef8d927bb3a1809a01b0b89d726c217cee99ea9ccfdc7d456b6f

SHA512
79ed80377bfb576f695f271ed5200bb975f2546110267d264f0ab917f56c26abf6d3385878285fe3e378b254af99b59bdb8bbcab7427788c90a0460eb2ee5b77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\macros.h

Filesize
11KB

MD5
592ca8ac280135c059c9ed651ac738c3

SHA1
ac8e8b5e835ea2810a443df2a57f3bdc3c60b2c6

SHA256
8d1afb5d27eab8302de08aca87eb6edc1b99ae963a854d3bd652a4fc61cbe3c6

SHA512
b4e317200e3cab4dfac93e684150d21f7dd89a656f8a9f576b9cfb22090e8db6c458008a4a1406121fabdac034cfb80200a740d0caf6ec63fbf71ad2fde41029

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\statement.h

Filesize
6KB

MD5
13d7bf3557e57ef3036bad68cfa8faae

SHA1
94c1af952f38e9f1ad2d722ec3a063fbe666e66b

SHA256
2c99d9cef21876db64b610dd9baba8de1f7c94028d6d1c463eb3db213745b3bf

SHA512
63e4543833d602b0c6ad9c21438e61782c252a5e30b776a9c942e1ecc34c1a7c471a39195caa20aefb072add66c83d99af902d620857d18ddad196f4f207a161

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\threading.h

Filesize
388B

MD5
f2a075d3101c2bf109d94f8c65b4ecb5

SHA1
d48294aec0b7aeb03cf5d56a9912e704b9e90bf6

SHA256
e0ab4f798bccb877548b0ab0f3d98c051b36cde240fdf424c70ace7daf0ffd36

SHA512
d95b5fda6cb93874fe577439f7bd16b10eae37b70c45ae2bd914790c1e3ba70dfb6bda7be79d196f2c40837d98f1005c3ed209cab9ba346ada9ce2ed62a87f13

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\snapshot_blob.bin

Filesize
306KB

MD5
0406a232eb55e516dc38b4967671846a

SHA1
aade7c03b1ecc81027c98a79285687bc19276fc5

SHA256
4f944691b7066ef5653cfbf6b016488f6e5f0afd2d6bc03b90de5485514f83f5

SHA512
c608095510f88348e1e412ef573e4aeb4a7d328dec2892bada688a06baa023fcea1cc0dfbba6f6c41de303f3b6d5e1c4335a2610f3ec47a690e4f309f8782359

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\v8_context_snapshot.bin

Filesize
650KB

MD5
3eef488e8b9d35f710634c4d404c7e1a

SHA1
971c730ccfba2db0fee379683f4e310df5c9f1df

SHA256
3a189b50da4b31b5af6cdfdb6398fa039ccac9e13898e4851b27c4d91f4dff6c

SHA512
f787b7633edf75905674c467f7c291a2b3791a8475b11e1d4fb1769ebe872c6b70d778124c22a55b96efe2ac443c82750371421ac9fe8f2cc8bb47ce0e3648d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\vk_swiftshader.dll

Filesize
5.2MB

MD5
abd993f23ed3c75fb80320a10451dd66

SHA1
95b13400418512870a37a4e59ecc7dd9c467df2b

SHA256
52c64e3bd5f852f7c2628bca773bb5a270ad40f5e31bcf8429323cb9fd1bd4da

SHA512
fe98cabf2e3500d52b09f9869f3ceab6c7ed8fefb7fba56eb62a5319053ea997881112abf139f2e642210eb4b61d5a726b8dc41d4565b81faaeb5d64a00e6267

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\7z-out\vulkan-1.dll

Filesize
874KB

MD5
0b95f0a5905c4075a3fbef0ddb71e915

SHA1
72a4536da15d5d9e1617331d8e4a5c5a579c75b3

SHA256
03b808d8045ebefebf2e2847be039358f7ec1db63e1c601847b8cd304c3db448

SHA512
9e57eeaafdaf0b5516822d1ca7ef1995442a03677f856828d49ccc01ab8492245d8659eec7675822fc8610ba250e49a6f3c8569aad2a324cec83e0d6b5201187

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm8A5F.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/2976-1734-0x000002D6954C0000-0x000002D6954C1000-memory.dmp

Filesize
4KB

Download
memory/2976-1722-0x000002D6954C0000-0x000002D6954C1000-memory.dmp

Filesize
4KB

Download
memory/2976-1724-0x000002D6954C0000-0x000002D6954C1000-memory.dmp

Filesize
4KB

Download
memory/2976-1723-0x000002D6954C0000-0x000002D6954C1000-memory.dmp

Filesize
4KB

Download
memory/2976-1732-0x000002D6954C0000-0x000002D6954C1000-memory.dmp

Filesize
4KB

Download
memory/2976-1731-0x000002D6954C0000-0x000002D6954C1000-memory.dmp

Filesize
4KB

Download
memory/2976-1730-0x000002D6954C0000-0x000002D6954C1000-memory.dmp

Filesize
4KB

Download
memory/2976-1729-0x000002D6954C0000-0x000002D6954C1000-memory.dmp

Filesize
4KB

Download
memory/2976-1733-0x000002D6954C0000-0x000002D6954C1000-memory.dmp

Filesize
4KB

Download
memory/2976-1728-0x000002D6954C0000-0x000002D6954C1000-memory.dmp

Filesize
4KB

Download
memory/5492-1046-0x000001A7315C0000-0x000001A7315E2000-memory.dmp

Filesize
136KB

Download
memory/5492-1048-0x000001A749E20000-0x000001A749E44000-memory.dmp

Filesize
144KB

Download
memory/5492-1047-0x000001A749E20000-0x000001A749E4A000-memory.dmp

Filesize
168KB

Download