221944cf8cf33d706f1418545c2cc5f375743e0cb2db913ceda97b7eef31f776

Resubmissions

04-09-2024 18:54

240904-xkj9kavdjq 9

04-09-2024 18:42

240904-xcj9lawdkc 9

Analysis

max time kernel
1919s
max time network
1868s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04-09-2024 18:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sqlite-autoconf-3410100/Makefile.fallback
Size

547B
MD5

8ff4cdbeec29d794549a0aa48da06bc3
SHA1

7fd897fc720b6c9c6f760867c97a95431fa4693e
SHA256

67d473327dd92f5cad68fddb78b8bb3e8745aba851147945893e4db5a2b59892
SHA512

9871a654d8b140ad5d6768d385b86ba7f32927f8ed6374e62c93db99be4a40841f6900d648f33d07dc118b6ea93f00c45f53e4b675643b2b487c9c0df1ea1474

Score

9^/10

credential_access discovery execution spyware stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

Executes dropped EXE 14 IoCs

pid	Process
5428	MixerLapx Setup 1.7.3.exe
2608	MixerLapx.exe
412	MixerLapx.exe
3048	MixerLapx.exe
2512	MixerLapx Setup 1.7.3.exe
5468	old-uninstaller.exe
2252	MixerLapx.exe
2576	MixerLapx.exe
1336	MixerLapx.exe
3492	MixerLapx.exe
5092	MixerLapx.exe
5772	MixerLapx.exe
4136	MixerLapx.exe
464	elevate.exe

Loads dropped DLL 48 IoCs

pid	Process
5428	MixerLapx Setup 1.7.3.exe
5428	MixerLapx Setup 1.7.3.exe
5428	MixerLapx Setup 1.7.3.exe
5428	MixerLapx Setup 1.7.3.exe
5428	MixerLapx Setup 1.7.3.exe
5428	MixerLapx Setup 1.7.3.exe
5428	MixerLapx Setup 1.7.3.exe
2608	MixerLapx.exe
412	MixerLapx.exe
3048	MixerLapx.exe
412	MixerLapx.exe
412	MixerLapx.exe
412	MixerLapx.exe
412	MixerLapx.exe
2608	MixerLapx.exe
2608	MixerLapx.exe
2512	MixerLapx Setup 1.7.3.exe
2512	MixerLapx Setup 1.7.3.exe
2512	MixerLapx Setup 1.7.3.exe
2512	MixerLapx Setup 1.7.3.exe
2512	MixerLapx Setup 1.7.3.exe
2512	MixerLapx Setup 1.7.3.exe
2512	MixerLapx Setup 1.7.3.exe
2512	MixerLapx Setup 1.7.3.exe
5468	old-uninstaller.exe
5468	old-uninstaller.exe
5468	old-uninstaller.exe
2512	MixerLapx Setup 1.7.3.exe
2252	MixerLapx.exe
2576	MixerLapx.exe
2576	MixerLapx.exe
2576	MixerLapx.exe
2576	MixerLapx.exe
2576	MixerLapx.exe
2252	MixerLapx.exe
2252	MixerLapx.exe
1336	MixerLapx.exe
3492	MixerLapx.exe
5092	MixerLapx.exe
3492	MixerLapx.exe
5092	MixerLapx.exe
5092	MixerLapx.exe
5092	MixerLapx.exe
5092	MixerLapx.exe
3492	MixerLapx.exe
5772	MixerLapx.exe
4136	MixerLapx.exe
4136	MixerLapx.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Command and Scripting Interpreter: PowerShell 1 TTPs 64 IoCs

Run Powershell to get system information.

execution

PowerShell

T1059.001

pid	Process
1124	powershell.exe
2088	powershell.exe
4112	powershell.exe
5348	powershell.exe
1008	powershell.exe
348	powershell.exe
3220	powershell.exe
4968	powershell.exe
3800	powershell.exe
1852	powershell.exe
5648	powershell.exe
5452	powershell.exe
3132	powershell.exe
240	powershell.exe
1440	powershell.exe
2180	powershell.exe
5764	powershell.exe
1764	powershell.exe
684	powershell.exe
2944	powershell.exe
6048	powershell.exe
5416	powershell.exe
1780	powershell.exe
228	powershell.exe
2964	powershell.exe
6028	powershell.exe
5652	powershell.exe
5664	powershell.exe
2184	powershell.exe
1940	powershell.exe
3224	powershell.exe
4584	powershell.exe
3892	powershell.exe
1472	powershell.exe
5428	powershell.exe
1044	powershell.exe
5488	powershell.exe
1224	powershell.exe
5576	powershell.exe
4936	powershell.exe
5220	powershell.exe
4308	powershell.exe
5520	powershell.exe
1448	powershell.exe
3492	powershell.exe
2192	powershell.exe
5884	powershell.exe
4876	powershell.exe
1828	powershell.exe
6012	powershell.exe
1252	powershell.exe
5652	powershell.exe
2452	powershell.exe
888	powershell.exe
4624	powershell.exe
4812	powershell.exe
6044	powershell.exe
3208	powershell.exe
4128	powershell.exe
4532	powershell.exe
4936	powershell.exe
5144	powershell.exe
684	powershell.exe
1828	powershell.exe

Enumerates processes with tasklist 1 TTPs 5 IoCs

discovery

Process Discovery

T1057

pid	Process
4576	tasklist.exe
3044	tasklist.exe
4936	tasklist.exe
3500	tasklist.exe
5848	tasklist.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 23 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MixerLapx Setup 1.7.3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	old-uninstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MixerLapx Setup 1.7.3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	elevate.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
2420	taskkill.exe
1448	taskkill.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\NodeSlot = "17"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\26\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\Shell	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 50003100000000002459c29810004c6f63616c003c0009000400efbe0259b47a2459c2982e00000076570200000001000000000000000000000000000000fade94004c006f00630061006c00000014000000	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202020202	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202020202020202020202020202	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	taskmgr.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\Shell\SniffedFolderType = "Generic"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\26\Shell	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 820074001c004346534616003100000000000259b47a120041707044617461000000741a595e96dfd3488d671733bcee28bac5cdfadf9f6756418947c5c76bc0b67f400009000400efbe0259b47a245970972e00000062570200000001000000000000000000000000000000ff53ce004100700070004400610074006100000042000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\26\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f44471a0359723fa74489c55595fe6b30ee0000	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\26\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	cmd.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "16"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0 = 5c003100000000002459eb9810004d495845524c7e310000440009000400efbe2459bd982459ec982e00000076ab02000000010000000000000000000000000000006d6f04004d0069007800650072004c00610070007800000018000000	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000000000001000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\26	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202020202020202020202	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\26\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = 00000000ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202020202020202020202020202	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\26\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell\SniffedFolderType = "Generic"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = 00000000ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MixerLap_x64.rar:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3308	msedge.exe
3308	msedge.exe
4152	msedge.exe
4152	msedge.exe
1428	msedge.exe
1428	msedge.exe
4572	msedge.exe
4572	msedge.exe
1044	identity_helper.exe
1044	identity_helper.exe
1580	msedge.exe
1580	msedge.exe
5428	MixerLapx Setup 1.7.3.exe
5428	MixerLapx Setup 1.7.3.exe
3500	tasklist.exe
3500	tasklist.exe
3356	powershell.exe
3356	powershell.exe
3356	powershell.exe
1224	powershell.exe
1224	powershell.exe
1224	powershell.exe
1624	powershell.exe
1624	powershell.exe
1624	powershell.exe
2792	powershell.exe
2792	powershell.exe
2792	powershell.exe
684	powershell.exe
684	powershell.exe
684	powershell.exe
2452	powershell.exe
2452	powershell.exe
2452	powershell.exe
2944	powershell.exe
2944	powershell.exe
2944	powershell.exe
4232	powershell.exe
4232	powershell.exe
4232	powershell.exe
1008	powershell.exe
1008	powershell.exe
1008	powershell.exe
1188	powershell.exe
1188	powershell.exe
1188	powershell.exe
5576	powershell.exe
5576	powershell.exe
5576	powershell.exe
3164	powershell.exe
3164	powershell.exe
3164	powershell.exe
4624	powershell.exe
4624	powershell.exe
4624	powershell.exe
3812	powershell.exe
3812	powershell.exe
3812	powershell.exe
3816	powershell.exe
3816	powershell.exe
3816	powershell.exe
5848	powershell.exe
5848	powershell.exe
5848	powershell.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
3964	OpenWith.exe
1876	firefox.exe
3896	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	3316	7zG.exe
Token: 35	3316	7zG.exe
Token: SeSecurityPrivilege	3316	7zG.exe
Token: SeSecurityPrivilege	3316	7zG.exe
Token: SeDebugPrivilege	3500	tasklist.exe
Token: SeSecurityPrivilege	5428	MixerLapx Setup 1.7.3.exe
Token: SeShutdownPrivilege	2608	MixerLapx.exe
Token: SeCreatePagefilePrivilege	2608	MixerLapx.exe
Token: SeDebugPrivilege	3356	powershell.exe
Token: SeIncreaseQuotaPrivilege	3356	powershell.exe
Token: SeSecurityPrivilege	3356	powershell.exe
Token: SeTakeOwnershipPrivilege	3356	powershell.exe
Token: SeLoadDriverPrivilege	3356	powershell.exe
Token: SeSystemProfilePrivilege	3356	powershell.exe
Token: SeSystemtimePrivilege	3356	powershell.exe
Token: SeProfSingleProcessPrivilege	3356	powershell.exe
Token: SeIncBasePriorityPrivilege	3356	powershell.exe
Token: SeCreatePagefilePrivilege	3356	powershell.exe
Token: SeBackupPrivilege	3356	powershell.exe
Token: SeRestorePrivilege	3356	powershell.exe
Token: SeShutdownPrivilege	3356	powershell.exe
Token: SeDebugPrivilege	3356	powershell.exe
Token: SeSystemEnvironmentPrivilege	3356	powershell.exe
Token: SeRemoteShutdownPrivilege	3356	powershell.exe
Token: SeUndockPrivilege	3356	powershell.exe
Token: SeManageVolumePrivilege	3356	powershell.exe
Token: 33	3356	powershell.exe
Token: 34	3356	powershell.exe
Token: 35	3356	powershell.exe
Token: 36	3356	powershell.exe
Token: SeShutdownPrivilege	2608	MixerLapx.exe
Token: SeCreatePagefilePrivilege	2608	MixerLapx.exe
Token: SeDebugPrivilege	1224	powershell.exe
Token: SeIncreaseQuotaPrivilege	1224	powershell.exe
Token: SeSecurityPrivilege	1224	powershell.exe
Token: SeTakeOwnershipPrivilege	1224	powershell.exe
Token: SeLoadDriverPrivilege	1224	powershell.exe
Token: SeSystemProfilePrivilege	1224	powershell.exe
Token: SeSystemtimePrivilege	1224	powershell.exe
Token: SeProfSingleProcessPrivilege	1224	powershell.exe
Token: SeIncBasePriorityPrivilege	1224	powershell.exe
Token: SeCreatePagefilePrivilege	1224	powershell.exe
Token: SeBackupPrivilege	1224	powershell.exe
Token: SeRestorePrivilege	1224	powershell.exe
Token: SeShutdownPrivilege	1224	powershell.exe
Token: SeDebugPrivilege	1224	powershell.exe
Token: SeSystemEnvironmentPrivilege	1224	powershell.exe
Token: SeRemoteShutdownPrivilege	1224	powershell.exe
Token: SeUndockPrivilege	1224	powershell.exe
Token: SeManageVolumePrivilege	1224	powershell.exe
Token: 33	1224	powershell.exe
Token: 34	1224	powershell.exe
Token: 35	1224	powershell.exe
Token: 36	1224	powershell.exe
Token: SeDebugPrivilege	1624	powershell.exe
Token: SeShutdownPrivilege	2608	MixerLapx.exe
Token: SeCreatePagefilePrivilege	2608	MixerLapx.exe
Token: SeIncreaseQuotaPrivilege	1624	powershell.exe
Token: SeSecurityPrivilege	1624	powershell.exe
Token: SeTakeOwnershipPrivilege	1624	powershell.exe
Token: SeLoadDriverPrivilege	1624	powershell.exe
Token: SeSystemProfilePrivilege	1624	powershell.exe
Token: SeSystemtimePrivilege	1624	powershell.exe
Token: SeProfSingleProcessPrivilege	1624	powershell.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
1876	firefox.exe
1876	firefox.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe
3896	taskmgr.exe

Suspicious use of SetWindowsHookEx 38 IoCs

pid	Process
768	OpenWith.exe
4204	OpenWith.exe
4204	OpenWith.exe
4204	OpenWith.exe
1876	firefox.exe
1876	firefox.exe
1876	firefox.exe
3964	OpenWith.exe
3964	OpenWith.exe
3964	OpenWith.exe
3964	OpenWith.exe
3964	OpenWith.exe
3964	OpenWith.exe
3964	OpenWith.exe
3964	OpenWith.exe
3964	OpenWith.exe
3964	OpenWith.exe
3964	OpenWith.exe
3964	OpenWith.exe
3964	OpenWith.exe
3964	OpenWith.exe
3964	OpenWith.exe
3964	OpenWith.exe
3964	OpenWith.exe
3964	OpenWith.exe
3964	OpenWith.exe
3964	OpenWith.exe
3964	OpenWith.exe
3964	OpenWith.exe
1876	firefox.exe
1876	firefox.exe
1876	firefox.exe
1876	firefox.exe
1876	firefox.exe
1876	firefox.exe
1876	firefox.exe
1876	firefox.exe
1876	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4152 wrote to memory of 4228	4152	msedge.exe	86
PID 4152 wrote to memory of 4228	4152	msedge.exe	86
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 1708	4152	msedge.exe	87
PID 4152 wrote to memory of 3308	4152	msedge.exe	88
PID 4152 wrote to memory of 3308	4152	msedge.exe	88
PID 4152 wrote to memory of 4480	4152	msedge.exe	89
PID 4152 wrote to memory of 4480	4152	msedge.exe	89
PID 4152 wrote to memory of 4480	4152	msedge.exe	89
PID 4152 wrote to memory of 4480	4152	msedge.exe	89
PID 4152 wrote to memory of 4480	4152	msedge.exe	89
PID 4152 wrote to memory of 4480	4152	msedge.exe	89
PID 4152 wrote to memory of 4480	4152	msedge.exe	89
PID 4152 wrote to memory of 4480	4152	msedge.exe	89
PID 4152 wrote to memory of 4480	4152	msedge.exe	89
PID 4152 wrote to memory of 4480	4152	msedge.exe	89
PID 4152 wrote to memory of 4480	4152	msedge.exe	89
PID 4152 wrote to memory of 4480	4152	msedge.exe	89
PID 4152 wrote to memory of 4480	4152	msedge.exe	89
PID 4152 wrote to memory of 4480	4152	msedge.exe	89
PID 4152 wrote to memory of 4480	4152	msedge.exe	89
PID 4152 wrote to memory of 4480	4152	msedge.exe	89
PID 4152 wrote to memory of 4480	4152	msedge.exe	89
PID 4152 wrote to memory of 4480	4152	msedge.exe	89
PID 4152 wrote to memory of 4480	4152	msedge.exe	89
PID 4152 wrote to memory of 4480	4152	msedge.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3410100\Makefile.fallback
1⤵
- Modifies registry class
PID:3828

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa9c9d3cb8,0x7ffa9c9d3cc8,0x7ffa9c9d3cd8
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,15112507015806998809,12757845094656730158,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,15112507015806998809,12757845094656730158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,15112507015806998809,12757845094656730158,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15112507015806998809,12757845094656730158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15112507015806998809,12757845094656730158,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15112507015806998809,12757845094656730158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15112507015806998809,12757845094656730158,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15112507015806998809,12757845094656730158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1856,15112507015806998809,12757845094656730158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15112507015806998809,12757845094656730158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1856,15112507015806998809,12757845094656730158,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3796 /prefetch:8
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1856,15112507015806998809,12757845094656730158,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15112507015806998809,12757845094656730158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15112507015806998809,12757845094656730158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15112507015806998809,12757845094656730158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,15112507015806998809,12757845094656730158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15112507015806998809,12757845094656730158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15112507015806998809,12757845094656730158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15112507015806998809,12757845094656730158,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15112507015806998809,12757845094656730158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15112507015806998809,12757845094656730158,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1856,15112507015806998809,12757845094656730158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1340

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4204

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5556

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\MixerLap_x64\" -spe -an -ai#7zMap26994:86:7zEvent17608
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3316

C:\Users\Admin\Downloads\MixerLap_x64\MixerLapx Setup 1.7.3.exe
"C:\Users\Admin\Downloads\MixerLap_x64\MixerLapx Setup 1.7.3.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5428
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq MixerLapx.exe" /FO csv | "C:\Windows\system32\find.exe" "MixerLapx.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5600
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq MixerLapx.exe" /FO csv
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3500
- - C:\Windows\SysWOW64\find.exe
    "C:\Windows\system32\find.exe" "MixerLapx.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5436

C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
"C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2608
- C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
  "C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\MixerLapx" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2080,i,13293538220405240815,16646437139924380472,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:412
- C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
  "C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\MixerLapx" --field-trial-handle=2220,i,13293538220405240815,16646437139924380472,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2112 /prefetch:11
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3048
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3356
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1224
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1624
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2792
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:684
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2452
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:2944
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4232
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:1008
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1188
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:5576
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3164
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:4624
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3812
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3816
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5848
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:4576
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4936
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:3492
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5212
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:4648
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2180
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5972
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:3536
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4584
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:3472
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5416
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:4604
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5380
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4128
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5908
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:3312
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5904
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1252
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5316
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4532
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4308
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:3716
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5884
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5428
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:948
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:856
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5764
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:4172
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1780
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "& {Add-Type -AssemblyName System.Windows.Forms; [System.Windows.Forms.MessageBox]::Show('The application was unable to start correctly (0xc000007b). Click OK to close the application.', 'Application Error', [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Error)}""
  2⤵
  PID:3324
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "& {Add-Type -AssemblyName System.Windows.Forms; [System.Windows.Forms.MessageBox]::Show('The application was unable to start correctly (0xc000007b). Click OK to close the application.', 'Application Error', [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Error)}"
    3⤵
    PID:5832

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:5588

C:\Users\Admin\Downloads\MixerLap_x64\MixerLapx Setup 1.7.3.exe
"C:\Users\Admin\Downloads\MixerLap_x64\MixerLapx Setup 1.7.3.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2512
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq MixerLapx.exe" /FO csv | "C:\Windows\system32\find.exe" "MixerLapx.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6092
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq MixerLapx.exe" /FO csv
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    PID:5848
- - C:\Windows\SysWOW64\find.exe
    "C:\Windows\system32\find.exe" "MixerLapx.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2604
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c taskkill /im "MixerLapx.exe" /fi "PID ne 2512" /fi "USERNAME eq %USERNAME%"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2368
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /im "MixerLapx.exe" /fi "PID ne 2512" /fi "USERNAME eq Admin"
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:2420
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq MixerLapx.exe" /FO csv | "C:\Windows\system32\find.exe" "MixerLapx.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5640
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq MixerLapx.exe" /FO csv
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    PID:4576
- - C:\Windows\SysWOW64\find.exe
    "C:\Windows\system32\find.exe" "MixerLapx.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2080
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c taskkill /f /im "MixerLapx.exe" /fi "PID ne 2512" /fi "USERNAME eq %USERNAME%"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5868
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im "MixerLapx.exe" /fi "PID ne 2512" /fi "USERNAME eq Admin"
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:1448
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq MixerLapx.exe" /FO csv | "C:\Windows\system32\find.exe" "MixerLapx.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5300
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq MixerLapx.exe" /FO csv
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    PID:3044
- - C:\Windows\SysWOW64\find.exe
    "C:\Windows\system32\find.exe" "MixerLapx.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4768
- C:\Users\Admin\AppData\Local\Temp\nszCDEE.tmp\old-uninstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\nszCDEE.tmp\old-uninstaller.exe" /S /KEEP_APP_DATA /currentuser --keep-shortcuts --updated _?=C:\Users\Admin\AppData\Local\Programs\MixerLapx
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5468
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq MixerLapx.exe" /FO csv | "C:\Windows\system32\find.exe" "MixerLapx.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:948
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq MixerLapx.exe" /FO csv
      4⤵
      Enumerates processes with tasklist
      System Location Discovery: System Language Discovery
      PID:4936
  - - C:\Windows\SysWOW64\find.exe
      "C:\Windows\system32\find.exe" "MixerLapx.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2440

C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
"C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2252
- C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
  "C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\MixerLapx" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1740,i,12581257165097325020,15791094282130667872,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1732 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2576
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5220
- C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
  "C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\MixerLapx" --field-trial-handle=1988,i,12581257165097325020,15791094282130667872,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1984 /prefetch:11
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1336
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4936
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:348
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5648
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:3892
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5512
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:6028
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5520
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:2052
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:3472
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1764
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5428
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5196
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5652
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:4048
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5404
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1828
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4812
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:3220
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5452
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2184
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:3656
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:4540
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:2956
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1940
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5652
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:4624
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:3132
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4968
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:1104
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5520
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2964
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:1444
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:684
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1124
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:1852
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:3224
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:240
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2088
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:6044
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:4688
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:4172
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5416
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5384
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1852
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "& {Add-Type -AssemblyName System.Windows.Forms; [System.Windows.Forms.MessageBox]::Show('The application was unable to start correctly (0xc000007b). Click OK to close the application.', 'Application Error', [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Error)}""
  2⤵
  PID:1788
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "& {Add-Type -AssemblyName System.Windows.Forms; [System.Windows.Forms.MessageBox]::Show('The application was unable to start correctly (0xc000007b). Click OK to close the application.', 'Application Error', [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Error)}"
    3⤵
    PID:4924

C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
"C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3492
- C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
  "C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\MixerLapx" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1704,i,17485230240432403570,9833849549004406918,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1696 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5092
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:3800
- C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
  "C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\MixerLapx" --field-trial-handle=1972,i,17485230240432403570,9833849549004406918,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1968 /prefetch:11
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5772
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:4656
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2452
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:912
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:6048
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1044
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:6052
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:4592
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:3144
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:1504
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5736
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5488
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4876
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5192
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1472
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:2500
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:888
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5560
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:3672
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5664
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:4516
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5164
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5412
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:3208
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:4784
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:6040
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1828
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5116
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:776
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5664
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:3464
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1448
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1440
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:3176
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:2664
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:1460
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5448
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2192
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5672
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4112
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:6012
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:5272
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:4564
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5144
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:5348
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe /c "Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
  2⤵
  PID:1468
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "& {Add-Type -AssemblyName System.Windows.Forms; [System.Windows.Forms.MessageBox]::Show('The application was unable to start correctly (0xc000007b). Click OK to close the application.', 'Application Error', [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Error)}""
  2⤵
  PID:4688
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "& {Add-Type -AssemblyName System.Windows.Forms; [System.Windows.Forms.MessageBox]::Show('The application was unable to start correctly (0xc000007b). Click OK to close the application.', 'Application Error', [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Error)}"
    3⤵
    PID:3344
- C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe
  "C:\Users\Admin\AppData\Local\Programs\MixerLapx\MixerLapx.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\MixerLapx" --gpu-preferences=UAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2944,i,17485230240432403570,9833849549004406918,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2936 /prefetch:10
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4136

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa88f93cb8,0x7ffa88f93cc8,0x7ffa88f93cd8
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,15544491503892145411,2124590341426744123,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,15544491503892145411,2124590341426744123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:3
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,15544491503892145411,2124590341426744123,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:8
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,15544491503892145411,2124590341426744123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,15544491503892145411,2124590341426744123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,15544491503892145411,2124590341426744123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,15544491503892145411,2124590341426744123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,15544491503892145411,2124590341426744123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1972,15544491503892145411,2124590341426744123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:5396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1760

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4900
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23600 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8f4b066-5d70-4c5c-8a27-17b6889d7d7a} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" gpu
    3⤵
    PID:888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 23636 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e34f564-7059-4193-9b47-4fbbe5b224c7} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" socket
    3⤵
    PID:5740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3120 -childID 1 -isForBrowser -prefsHandle 3124 -prefMapHandle 2908 -prefsLen 23777 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b38ac368-bc70-4863-a7a8-68a2c347eaaa} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" tab
    3⤵
    PID:4240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2740 -childID 2 -isForBrowser -prefsHandle 3204 -prefMapHandle 3052 -prefsLen 29010 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0ffd981-3a1b-4b59-9f8f-195051c82273} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" tab
    3⤵
    PID:2196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4700 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4692 -prefMapHandle 4680 -prefsLen 29010 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8551e93a-49e1-40bb-bc2f-08aff12ee351} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" utility
    3⤵
    - Checks processor information in registry
    PID:2480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5316 -childID 3 -isForBrowser -prefsHandle 5344 -prefMapHandle 5352 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27aee2d1-2a4e-45ec-a428-99d925c5cf80} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" tab
    3⤵
    PID:6028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5596 -childID 4 -isForBrowser -prefsHandle 5516 -prefMapHandle 5524 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {257de65a-d5bd-4508-9b7c-75b6c8da57b7} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" tab
    3⤵
    PID:2364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5716 -childID 5 -isForBrowser -prefsHandle 5792 -prefMapHandle 5788 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5feeb4a7-0013-4dd3-8d49-ce7e80a6d4c1} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" tab
    3⤵
    PID:5288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6140 -childID 6 -isForBrowser -prefsHandle 6132 -prefMapHandle 6128 -prefsLen 27211 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01be1250-d072-4968-b112-a7fe84ab0d11} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" tab
    3⤵
    PID:2856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5104 -childID 7 -isForBrowser -prefsHandle 4232 -prefMapHandle 5088 -prefsLen 27998 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f40a55b8-86d5-4da3-adec-220a117b6db7} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" tab
    3⤵
    PID:6120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6428 -childID 8 -isForBrowser -prefsHandle 6440 -prefMapHandle 6436 -prefsLen 27998 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5aea90b-bce9-482b-a46a-6093ef411c94} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" tab
    3⤵
    PID:5940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6640 -childID 9 -isForBrowser -prefsHandle 2756 -prefMapHandle 2596 -prefsLen 27998 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b19fd28d-7546-4e9f-b208-b9be1d1ebaf9} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" tab
    3⤵
    PID:1444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5072 -childID 10 -isForBrowser -prefsHandle 5232 -prefMapHandle 5228 -prefsLen 27998 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d9a2886-0f54-4012-86e9-a58adad9ec87} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" tab
    3⤵
    PID:3172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2808 -childID 11 -isForBrowser -prefsHandle 6216 -prefMapHandle 6196 -prefsLen 27998 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c7b4eae-7a45-40bf-8275-face959c3e6b} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" tab
    3⤵
    PID:5212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8052 -childID 12 -isForBrowser -prefsHandle 1332 -prefMapHandle 2824 -prefsLen 27998 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a22aa0d0-5725-4e58-9d16-ff4bb1e401ba} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" tab
    3⤵
    PID:1968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6356 -childID 13 -isForBrowser -prefsHandle 8928 -prefMapHandle 8692 -prefsLen 27998 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef84ce5d-7479-4c59-9d38-ecaa986bbdd3} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" tab
    3⤵
    PID:6280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7288 -childID 14 -isForBrowser -prefsHandle 4304 -prefMapHandle 4984 -prefsLen 27998 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd0466d9-7308-46fc-9be2-ba946c6035fb} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" tab
    3⤵
    PID:6464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7760 -childID 15 -isForBrowser -prefsHandle 8632 -prefMapHandle 8508 -prefsLen 27998 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49563b7a-00fa-45f2-a0b4-362089377904} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" tab
    3⤵
    PID:6760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7744 -childID 16 -isForBrowser -prefsHandle 6320 -prefMapHandle 7156 -prefsLen 27998 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c4e756d-be19-42e6-867d-5de14028950d} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" tab
    3⤵
    PID:2544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7208 -childID 17 -isForBrowser -prefsHandle 8292 -prefMapHandle 6816 -prefsLen 27998 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e673fb3-41fc-49f6-bf8d-d1a48709a889} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" tab
    3⤵
    PID:4284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7108 -childID 18 -isForBrowser -prefsHandle 8432 -prefMapHandle 5220 -prefsLen 28497 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f93e7ee-7634-4033-ae9a-d96befd2854e} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" tab
    3⤵
    PID:6272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7716 -childID 19 -isForBrowser -prefsHandle 7656 -prefMapHandle 6460 -prefsLen 28497 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f059e5ae-46b9-4f21-86b8-c64627f43792} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" tab
    3⤵
    PID:3216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7736 -childID 20 -isForBrowser -prefsHandle 7724 -prefMapHandle 8884 -prefsLen 28497 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d53e0237-e4d9-4f8a-a4e7-f1569cd25a7f} 1876 "\\.\pipe\gecko-crash-server-pipe.1876" tab
    3⤵
    PID:1088

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3964

C:\Users\Admin\AppData\Local\Programs\MixerLapx\resources\elevate.exe
"C:\Users\Admin\AppData\Local\Programs\MixerLapx\resources\elevate.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:464

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:3896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
05850c6c0442ea6966fe2a888f219f4b

SHA1
e6b1c8eb783b307672a6f06b785a7e9b78633b46

SHA256
f51b54c5f5074076216b2d0a3e66c13e80d8f1da311614ec15c9170dff11ad5a

SHA512
9db20e00e103700f67256568e38f9b37f29af3c30f3454a38b3e033c6c2f6bd796c5b5a8c5faa98bb45d7521d76c2bf323d503b8a0196cacbd701167d441c6f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
abcda36a555b8c801cc1749e033b010f

SHA1
2c460c39a8ceaac882769be85f2d1519816e5c3a

SHA256
5526ecfe87e670ff84e4f3ab8becc304ada2afbf309fff934f6d272b1382c9f9

SHA512
7ac7e9449db6e37ba6ee3d77b27382af912e3c79121e94fa738182f3bd7dd456a4b5d9059cb9fa47dd3505f79c387d3cd23c38a2d9f59e6823a55b4aabdb5f42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0d9e6316c0c5837074a4175346c7d8ad

SHA1
cc38dc9254a8969422079aa7f4f4c93e8e6f0300

SHA256
90ba1a649f0cd23bfe61bd97a2e963fee4015c9363d449ed877e706143d500dd

SHA512
ff960d8e8e69f4d13bcbfe5db47903aed7f982b0fba0cebcebf4ef849193d0e9f95b339b96cd4f0252bf4f4b023c61124dc8da61dbcfafba495e311e43928fd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
150bb8f746383d4b835d227023b618f5

SHA1
abb8013f5752b5579cd993cb470968be84175505

SHA256
6a9e365668921107c3ba68288a0ab82783a80a03cb98c9e388339cb0a0746305

SHA512
75728bac4017fd9e73e1f2fe752b797082d0b2ade3585491ef67254eccf0ade052911a2163adc3c40c8c71b35539715242b4ad6b39ad419af9ed3970ab5c2a3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eae66abf9433c97fd8ee061e9d75f17a

SHA1
f6827cd253e644a657d85cf071d7e69d139625e7

SHA256
4e138e7947a1ae4c787128cf1d89c11a6ab4e7bd57acbc16c8913a917990bec3

SHA512
1e4a7a935ab30fdc84ee114ee62f445331ba40117bb1c038902aaf20728c4d70dc70bfb2098d95f292e44b2e628f49f36c5cb8bb81511726b9029f2362872eca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
04a02d7118cb3a5476049beaa25e0b9a

SHA1
0833eb483be4b8619452d17ddd5c0a9bc9b15ea2

SHA256
d979cffe68e6263ec5bb9bf5e9b29ab043a5fd85a3b7f345d0c2ef6418041c57

SHA512
29101d71dfaff7cb9398b5f748d13628d462bfe849aab6b5bcebac90b8b534655d1008d2e0ee18b5a3c970d9a44580c62cd542a8331d5bcaaca2e20a339a3c28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3fc2f14e588ca46d9fd1a60a36314ff2

SHA1
69883fb3fd53cbb3c9f34bbae3d6e503d76c04e9

SHA256
6cf24812e8e6e3be28bcabff0ea1d35e23f172e7bb7572338f04390a0e447e26

SHA512
1d04892868141afa2395086feb265e7d9bed5d9377235318b548065eed3bebc74a8f04c66f74a243fbb610222be1be3d1c434d0853ab79cbfa4d58c500165455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1ac1ebdf3ba038ca7f2d77ab8a49484a

SHA1
abc2c45b66d31df5931fe4fecce0e995fd510ae1

SHA256
6a24fc6728d42ad49d2a40153d1a862da36ba3a5bff111ab426e615665edf59c

SHA512
3fac89b47b0641a77a392bd196f808ad41fb4d8421feea9a0cde07607827a33744f647f465c3f683ff8f85a561dfe83e61221f0b0ca823ea90eeea6e56def069

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eeab54005d09e6fe4b5b7accf422edae

SHA1
33adc8dc63fb75aa78e17eea8ff5bf0b91bdfe0e

SHA256
78803a4d985d10d1b38dd4c81f9587292c185488919fd4f9966abbd204005e38

SHA512
383ce0771a6b31b244b7e333df483348a78b681fc5d6652512c8a86ac8f4e1d2e095ec1eca846f8bd8e53be04e27bf55ab7df0bf04269b5aa57e489c54d4aa82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d7935004d2cc9e41a5ea6676e234e470

SHA1
8698f3f2deb5af08ff8ac3d6aa2aff7b72c543a6

SHA256
2483c1a87fd6f2b0bbf5ce17320bea0014deac4c0270649f789dddcde30d76e7

SHA512
02f5c51a34e823fa2bbced5e00fe5fe1e18adf59930fc99eaba6b4c0f96193494890ddc81467f6725fd8b45b9a6b6cf071a1f3b7f683bcdfaf1cac324db9a9dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
0193b3aae67315c00bba748821e1b6a9

SHA1
8894ce52c4937213da1937265f28a9da9f33d0e0

SHA256
e27037ff3798055646cc946ca88269b55e98e10bf3bbd057057f3f1a52a3afea

SHA512
2dd184f82b6da5dfdb371c80632cc3321c6fd62a16d3798460a292b9348c42030558a0a7e7e6da53100fbf3d7aee4f7c0b28f62276c8f3cc74e348a4efae7bd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
ac3d0d277b6059d49c02b3667f227653

SHA1
88ec240cdf5021e694aad82826a399c13d6d2a73

SHA256
33563d4b6d1beed67c88c455c484aa112afc76ddc80c98079c2f3224b3ab2caf

SHA512
50f7c4c3102bcd5928f507153f14274f2f38c2409185a13a81f7ba54556f316e1e4f8ef6d8c3c140f34fe147b1408e9fb5d6c025e8611c659386a3c2ecf02ff6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
5fce26cbcf3b7310b39237aa717f754e

SHA1
105cbb62a8f621db288b626790990886814767fa

SHA256
cd2d70ed27ffc004900a2974e82c815a921db430e57eb8f464ac9c474a9a7d75

SHA512
9aa2703aea5c7076089f24c833b776280c18703c2f2a9988e3210b1a280eb3687f338efd52804fe5231aa6318dae93eff8ce468a2932da09b2a245e16a666ecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d6535.TMP

Filesize
872B

MD5
efb897c965a95800b30a62347f29ce87

SHA1
861c581e366f1ad93cfae539589cb1ed6b250140

SHA256
b8350e78306c9012617a814a27c89a022bd016e81eb1ecd48482c1d9c0d88ee5

SHA512
845f46df8293c1d46bdccdd223f18ec2571070ee218c8f712914088b961ea8773b7a32477f955ee706da292a045c62528b7ca92f4453cd9c56ec9c695ffcd7b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
02323517c12b6c5b71771bf2403fcf2d

SHA1
7fb141a8ae9f647752839f1057bc45b30ca503a7

SHA256
280480640fa1ebc6dd178c258ffc3863202733739f9d9f6b680545ba22935389

SHA512
ab1736c946bbb05d669481ba019622caa9da13905465db4415f0b8884cb9997c0a12e6ab256b190e025ea5d84f9c9cbbcacef48e88a2b5feb3c664efe1251fb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dcc7e8e2df5210823b6e0ebe0c6b5679

SHA1
eb481e761fab112bba91aa8b4b11862cc6a05623

SHA256
a6e22414f9510b741864634a64b9854381fabcb290b72b17b188e255b29e9609

SHA512
9b70c8029aed9976debc495214603abf078c59bcab160cbcb9b6a8e9524ef7a9eaa2b7b5ce1b8f81faaae744721a8895f15ce9d98ae190a821eeed0678c4a132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a0ab7344ff47b546997f4aec98b256d8

SHA1
b41a4cfe57a7756c99213512d239e5b03e762088

SHA256
0d41b3b8843488aacbe665ad0330913a91d7e9d5e9a9fed08a502a8e9a8a557f

SHA512
6d34b2cf91b6607b0f12bbeed6c738ea19e14133a1bb299992f90eec18f04dfa40d96fd857b40b85d496036788077932ef17aaeaac56f187d9241dbe0ecdd14c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
a8c5d66e32b1b6492c4bc2b457719c1e

SHA1
3fb708e6e9a8f21973b07b32888f0d5378645e63

SHA256
555a853cf629a81def14aca7ea72e3604b113bff010956cb3771308081a49d72

SHA512
a27e9860050dc334b43beb9a91ef767010a93b63b4422de0a811b73ba17c1288c57c5c59203a7ae4242a2c1ee7e11f3baf94a9386839466312ebc702c27c02f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
9c33215baa5955c2bb8f83e1679ce55b

SHA1
307986652c8342e1f9cc3ac422bd2fdd03d2d84b

SHA256
9ef2471e253bc9223f5ad75025884aeacc9efb65b7ab05b29a46898cb61378c2

SHA512
2bf6c1af58dc5a51bb4345cd8d29e1e3aa2585b834d62720938747a18bbf7f3c66967706443a5f3915cd52bdd3059ca6701a9ae3b4088aaa1ef5904655e4dad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
9edf4ff6d9d1ca128c97b5b46dbcb4be

SHA1
76f8549c17fd3e7c4b74b656a22bdb424e89fdda

SHA256
e8ec965d2e003fc6e23d7602664b66f1ddb36ab880a121648af0ab2fa56c874e

SHA512
70a7aad65970a2eebf243e868dbfa14cb8e1e89b815a89a0aa6f9781444d9f727826fafa3b98edf741a8a6570fd7fda580eda4e07b13ccf7f50b552d94419295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
f092198303788f31f51d234cb4276250

SHA1
675632d3d77774a28b92d3e199f044b25a962b74

SHA256
4969f8aace26e9adbf40d818ba0072fd4d27909f9ee451a6f0f83daac46099c2

SHA512
cda40aa5173bd4a5e7cf646cc0e3ecfde158eb8edeec61c2b2d845335262e699338a3fbd31d88dd18adc5b5a269bec6546723b19bda1ef5a6557f4a77ace2d8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
d2f53226f7152802af25e814c5a7454d

SHA1
d6832f2a4f1e4a437ca72bf1a3988710b68c29f4

SHA256
ca61f3154ac540fd7e74be8d02a7e87ee1fa939a888f10313603ae64d958b461

SHA512
fc19f2eb3c11c6356907a35364f167ccff4114d7b5141807daaa9e24266f51d343f56b9aa06ba48a2f8e0d4c5520baff87edd54184663ee42530eec2d7ef2e84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
cbd10c66a0b9614a6831e9bb184e7dbc

SHA1
6799903e8531ef431b841ed143ac817c67e40de1

SHA256
63a20b5ffbf77d6c244ddffd6c1fa536f22affdea2a96b6f11269742c5d34d23

SHA512
3f2e2d423cc1c6af92a7d0f92eb7fc442f44cf5081331b78188e25967f12b3a71928243101514e70aaa1c03cd69ec77cdaebc0613c00934d77c7bdc9935ae46d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\activity-stream.discovery_stream.json

Filesize
33KB

MD5
edcc9eefdef9050b054ef637903075d3

SHA1
f2e0ddba0b4cc8d4d1443488b41ac6cd304a15c4

SHA256
f06825b4a617526d2f0c326131d42374aaeec9d061f8bfb9f263856f34093509

SHA512
bec429db9da827379cb6c63113db41ca58dce236b080029bcbd28a0dc54c383d1d1e0d08df0bb16827a3c37fd0179c05e72c6daa76efd9a2e8046170ee9bfbc4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\cache2\doomed\1097

Filesize
16KB

MD5
f194813406b02672c79a4aa6538e37dd

SHA1
bcce0b1dd29cd1c1637734367530e27c87cc191c

SHA256
4f09cbbd44abb5a02b7fec52b4bf99ead518bf0c211b22b8c4b7288ac0a54deb

SHA512
72b93219c3bdc0699fcdcf16407e080c67407a12fcf8cede77d3e6725d2eb2805657a0de07768b15fb8098b6cf9f1db726e9fdc00962118744c2d3dea30f3258

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\cache2\doomed\13200

Filesize
15KB

MD5
8b7386ee20ee7eb88fd77b314b7e87db

SHA1
fe9512a0e8c29533a98565457eac6976da706f35

SHA256
45e695203bc40278d2002881fbd8f129e5dc47822197a4b8ce0006416e8cd4df

SHA512
9440796bfe543109fa9cb4977b53bb3b57383371df566903a92d8842d7354a36e93ef440bd23b1714f38f647756028da73593faafc0fd17162b1912a5b7dfad4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\cache2\doomed\13811

Filesize
14KB

MD5
f1c3beed23bb3d095be7ef872d8c2c4b

SHA1
2cf181bd214016f451fbb8b1198a255cae272696

SHA256
1fac2167a922c56716b3add1c65f55436a4ca504d10b3d43dd52be472447090f

SHA512
214907fa8b17d9ee50cfd1809a65aa4117665c82310f1d228d5b15ae9b7ffc46f675cd8383162c29d85c533d9bb68c10d97e82c05e98b17b2812a27e5f940198

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\cache2\doomed\14047

Filesize
24KB

MD5
b87622c3faffafc57dc8d8f07ec6b369

SHA1
d72bcad45da648de88bc1f75eef60835af5b14ad

SHA256
a441f57e1de7610dbd64499cfff888543d32f4493f96200de75bc8bc2d152469

SHA512
78540a73536f022361a076267787dc3326d15d207380e288b8ed1c4d066afc0bfbba2b3bd8cbe8b575e9fa509d576bac549bc17204e2d85238371909a28be500

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\cache2\doomed\20354

Filesize
46KB

MD5
0a3511ec497f76fc59de4541eebec34f

SHA1
f36eec881e9b3aa60028deb4403f3faa0ca67576

SHA256
850aead605e6017b92e08080051f025a024ff5d85804491c38adae9395fad4ab

SHA512
426c6a712fda98666fe0996692584a334d3174bf0907c4a52db2fe501b5add9d4047802b6774fbdae85b8feb16a760dc3453553286acb7e94d259809194c04f5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\cache2\doomed\23933

Filesize
15KB

MD5
b26136ecc3c1873d71aa01137bbdb106

SHA1
7e07580312d6a35ea2ddff04fd760805a86cd079

SHA256
8f0d39d111c2bf3d1a71fb49f842431713f5e9219b65e98a9e243c5a31da992f

SHA512
5e14a70552955d4f505bcddd3d58dae01ca734f17bb969d62e878a4ea5cac6c2387a189798fc8ad0f13760b19c9037a7fdfe129bdd4a0cbeee2e32877959c9af

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\cache2\doomed\29129

Filesize
36KB

MD5
45e0e181c0d36a2c8a686dd6e4374108

SHA1
89f48005a22de8103d9234352a87ff279754af63

SHA256
2ae73491620bfa3b13d7e6b990753720a78c92ec65a03f18c0f69573f8809460

SHA512
97b87f245ce056744b2ad3885d6a403f2ff627ebd633d41021442fed228fe9d17edbeb69645e47ee3824dc04ff6211d6de706c95c82e9f1386c2a783fd22e0ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\cache2\doomed\30107

Filesize
44KB

MD5
da3956265f5fb83b32d6ab0b93950a7b

SHA1
6787f851428877e963a0267dfe4ba3344b675880

SHA256
29be820fb29afd0949dd982da709832ce1b2479959559a4907f1c69587b66063

SHA512
b49b5002b00f9c4c66ca566322e69353cffd56506c2aa539b0dc807db346a6e03e03c915b2ad2c0e379ad65a815c8f0c3cff036bc66815711e9dd61284660204

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\cache2\doomed\30263

Filesize
14KB

MD5
c70ec2fd6bc5f57fa7c58693b25278f8

SHA1
8713222439f3ae0ee85434af8678c025cf4407dc

SHA256
45201aa985c6f1dd0c255e9ec54ec44fb2d49816dc7ec08bc1cf95916c250bd5

SHA512
bf5c44df159e1954513febb5a562b4ff14e3e8689d36ea5528954f201755c5e3798e98a8cbf4422904720b6e11ec3dc623555e501d417f0f530b96a603ab82e3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\cache2\doomed\7740

Filesize
34KB

MD5
78fc099b4398ca8a1871fb1b15894cc4

SHA1
66e749fef0146b9d05df71c36dd6f3759db88efb

SHA256
c0e13d13a66954dd3045a085ebc5cf34d793379b04ad636e3f6842859c091f60

SHA512
029c9b256a347ea1ac95da53ccc22c05a5c5cd8dfe7700515266ab74b1fd65261d33ae3f887335c5b97ae82d0b970bccd261f993ae9adbc9df91f7c8e4323b78

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\cache2\entries\2390F3CFCD591D36286B9F713F721FDA0957359B

Filesize
220KB

MD5
6bc09cd2c283455ff1aafc5f3d5b63e3

SHA1
b5fe915be2d0421c742d071c7348e34a13a993d3

SHA256
e8db2cfdda1b8d63a4384218906eef556d3ed6b61ae06e7ccdfd887441d1c543

SHA512
a86fb6deb6f67a80dc316cafc5496fab1ca75fe124c228cdc9ae959fd03f82813d65775bbeddb57e868a3ac2c7aaec6c9957e45d3c42af9aff1e88e5a60db7b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\cache2\entries\3E19797C472BCB559CD842EF2E72E0DA9A087D8E

Filesize
60KB

MD5
17c323d5e2a1a3252f6ebedf733665d5

SHA1
5b1d20de1e20588c33afac378664cedfabef3d00

SHA256
0b9c4e8fedd5effd0186789bf702eed6cbcc105dfaba135823479636c413588e

SHA512
cfe1661766e31ae6968bdaed410634f579a07c94120f2a3b7962f93a2e6cda46de90ff8069f392953c165e35f8c520f432f219c1a9b96433f483f6087864aea9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\cache2\entries\AAD28C69095B7B45F617D2F8EA7AC06E627AB3ED

Filesize
18KB

MD5
c03772a294e95d73196150e4c2807b97

SHA1
31e6f1398904841e55f3ef244c27af387e316da1

SHA256
110df9199eb7ab4bef821a9e7eee1868ca0f4c99f258852268c0aa8a4622c586

SHA512
b7cc4220ce0712f9eb564709d0a45c54f39c42c81286415b42f2531d9c5e66366ae364dabc61285c1f99a056770361e7ad8a6370caa2867325cef541401a45b4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\jumpListCache\ca1lqoC5maWkl5SlokvMgvsyVAYeTHdU4KeFykHTjxw=.ico

Filesize
15KB

MD5
a3c1306e53848dce3a3c2fec6e1cdff2

SHA1
87f8463535c624202f9b6efe26e993b0b1f3157c

SHA256
d2d32f8573ccc7ad555d258c8362cfb0b699eb4b004f93dbeb171f3510df055f

SHA512
871e877c73990e372a7a41d9851e9dcf301efdc543696aa4dbc35b8a121e24b7fcdf76d426b5f90fa3a14253440697de01ffa0d82d417e5490560ce7d9740aa1

Download Submit
C:\Users\Admin\AppData\Local\Programs\MixerLapx\Uninstall MixerLapx.exe

Filesize
135KB

MD5
b57b19671db20b9256980beb8ae04136

SHA1
b84162a4dcd4e8ce58e62a78d21438e72af799be

SHA256
ea9fc6ff8148ef53814b56fc7348f5ba1c777fbb38559b478969954aa042b5e4

SHA512
75c216e30f3508282b0c1241cb00e5701f9f4f1205318cc26839bb0f21e741e41829e4415f8749ed3700c8666b82db9c81fdfba28926dabda4e3564e30db8bd9

Download Submit
C:\Users\Admin\AppData\Local\Programs\MixerLapx\chrome_100_percent.pak

Filesize
147KB

MD5
3c72d78266a90ed10dc0b0da7fdc6790

SHA1
6690eb15b179c8790e13956527ebbf3d274eef9b

SHA256
14a6a393c60f62df9bc1036e98346cd557e0ae73e8c7552d163fa64da77804d7

SHA512
b1babf1c37b566a5f0e5f84156f7ab59872690ba0bdd51850525f86769bfebc245f83988a3508945cf7617d73cd25e8469228974dd2c38415388b6a378552420

Download Submit
C:\Users\Admin\AppData\Local\Programs\MixerLapx\locales\lt.pak

Filesize
615KB

MD5
b02bf54687716b5d5f18aee02411a980

SHA1
4cf766077382c49fb89d59d861de0f482f989798

SHA256
0b0e3fcb82ddca52f9eb1ff9e1ee224639ff81f1c0af6ded4e21944811babc0b

SHA512
aea879ac96a5719e8988011a7b82726bf51a24e170e260182146191f43914cd50991928d2283277d173ad650f7cfb1246fad9445260e9ca0769052079d431f25

Download Submit
C:\Users\Admin\AppData\Local\Temp\223b886c-47d5-4c54-a693-86c5369574d0.zip

Filesize
682B

MD5
b6b49de8b0e0aef48ded1ab20b93bc94

SHA1
f4da893a3149022c22e874f15bbfaab705507a3d

SHA256
7729268a35bb92808cd77e00e2a992a6465c1d4c136b4a03e9748d6b7e4e7a8e

SHA512
aceef628340c75cd8e5cb764df0862f0290a7f47fbb5f0ef7d93b3c8b53ea296c57ddc99c532ecf3c8ef9d4e5f946feb3251757a6a9b56380c940d84b173131c

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_e5hren3m.lf1.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\cff06903-823d-4d7c-b739-461c16ecda0f.zip

Filesize
682B

MD5
62c84719cefbfec32bd61324650d2c69

SHA1
a4897e34e669eba18556e5cdf62ede84d94aacd2

SHA256
10ac8f37345eb1fcdf41ae8145f4b9a3621170ecf5632545f0bd8d9e9dd22a16

SHA512
a770faf846cd4ff288b0501b839be72e7fb0ae291ebe497bfb31231a87ec56415d7b47be483dda4f16bc9537e670b604f3efc48fccf1a29d491d2f606800174d

Download Submit
C:\Users\Admin\AppData\Local\Temp\e8050522-2869-49f8-b343-ee922bc6247b.zip

Filesize
682B

MD5
c8d384bd73c2cdc68df6d83ee542818b

SHA1
d0232b112605e363ec56d18ac49de2bb0865b8bf

SHA256
f47fc362b7a07cc85ccc5694b74d1c262bc5d4b8039a3729ef0f5f5ee30a5cbf

SHA512
44d2ad910d2d19212d8b54d6793aaa37757e9d61c1b7a5bf5b0b0479628bce00ea160596d89e1ae983209cd36b501df29d2a58c7861cb03a78cd7ec3ea707dac

Download Submit
C:\Users\Admin\AppData\Local\Temp\e8050522-2869-49f8-b343-ee922bc6247b\History\Edge_Default.txt

Filesize
469B

MD5
2f3065790399a6b61d64df7c3536fdee

SHA1
82ff2f348f2988ed4c6881608bc5097d9d3a03e2

SHA256
01227600bc39222b1676ff7ba7c8533b75345dd9e0e1a9b8b1a800243a202c7b

SHA512
f5974e6541975377ad0b913b5c774cdcebca122c5d0738d7f988ea7aaa4c9467263e15a0bbc5b6c3c3720a333fe9840cbb578d7dafda7795083b1d2168c7bbd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\LICENSES.chromium.html

Filesize
9.0MB

MD5
f017c462d59fd22271a2c5e7f38327f9

SHA1
7e1bbeea6ac2599bd0f08877aa5811d32f1aceb9

SHA256
40f314c778851106918aae749d75b2d913984327602a1bfb7ef0cc6443ff2a37

SHA512
72177281486f6ec26ccc743b43481c31470c7dd53f17b0a67ac087dded190c2e3dde5570260150c2e9650186a515740af7f81e31965c95bb762340f9ac100c07

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\chrome_200_percent.pak

Filesize
222KB

MD5
3969308aae1dc1c2105bbd25901bcd01

SHA1
a32f3c8341944da75e3eed5ef30602a98ec75b48

SHA256
20c93f2cfd69f3249cdfd46f317b37a9432ecc0de73323d24ecf65ce0f3c1bb6

SHA512
f81ed1890b46f7d9f6096b9ef5daab5b21788952efb5c4dcd6b8fd43e4673a91607c748f31434c84a180d943928d83928037058493e7e9b48c3de1fc8025df7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.7MB

MD5
a7b7470c347f84365ffe1b2072b4f95c

SHA1
57a96f6fb326ba65b7f7016242132b3f9464c7a3

SHA256
af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

SHA512
83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\ffmpeg.dll

Filesize
2.8MB

MD5
ebf0485fbf546b010c2b10c5c8e7d5ed

SHA1
a4a546f6be93bae535aa724ce2832f428cc91f89

SHA256
46a20d91861f6e966959635dd5f1adfd7f33449dd814a9aecf207b0cd53117ba

SHA512
9e6011c0269556376907850fddac8fdf50e132434da7daf4d87be83c1b89b7aef847b25b6216686915225a82374fac6ff987f22efc01d5b1c2cc81d53d7facc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\icudtl.dat

Filesize
10.0MB

MD5
ffd67c1e24cb35dc109a24024b1ba7ec

SHA1
99f545bc396878c7a53e98a79017d9531af7c1f5

SHA256
9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92

SHA512
e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\libEGL.dll

Filesize
473KB

MD5
4c01b3614be1f38a6d594443a547c257

SHA1
7eaa456b164613577d0965ab5a57ba2b681a6ffa

SHA256
e36da1a4228899bebe50cc5da1fcbbc590cdcb3ddee0b2a19defd99a805b6ed4

SHA512
b72fc071dc791c63978465a68c9a4904d5f1c458d302bb710e83576f20ef928d73c487248a305bb455990c2d8a6b894ee47d88bca6bc92360f286849ae1a1257

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\libGLESv2.dll

Filesize
8.0MB

MD5
9bbeb7b27646442c8bc2d202a73516d5

SHA1
a7f7a52dc45bf130581953e07ce9b9851cbce90a

SHA256
2b80817443265e7979b9a77075492e8e29be3ba775d20f646cdda391efbab21c

SHA512
f9826e43f53bb9b906b5c62ff2502d4e8dc3ff99b72420cf313a5811061cb146651cba3b8f864f34dfcfd51c6e3b39a0a640719ef94d7696bdc4fab7e9d16785

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\af.pak

Filesize
508KB

MD5
09455048c30cecbb17d6e0e95e4c01da

SHA1
6572850b07df45933ed57754f72c44895a7ef662

SHA256
e973763dcc0ffd7a5afe0a62ec9651c4c3db7fe29a23797fafc34b83512d03aa

SHA512
f59b68c213815ad81379c964abe6597b900b9fac5fe17e2cb378d015c4803f96b598ef70333d594599b3283a88a9ca9cb2475afc2590eda2ddf7b041ba2368e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\am.pak

Filesize
822KB

MD5
1c47cbc228940f5c645f2fd77602253e

SHA1
474a5006ae9ae774b5d420c2f1fb0d0f2ff36afb

SHA256
5245154c986ca89ef53a24a4246345e3db01ebe47219f1d0772935b03e81e37b

SHA512
dd4e7c1e26759001ab1ef63f93e847e2908c78d943c7546c88e1988d96a6625f9de9e0ab8b38af4c7b07202e1a5488023cc3429075de6c9b9394307c88442673

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\ar.pak

Filesize
901KB

MD5
513e6bea67200feef37fb2e8c7fcec36

SHA1
b0edbb5846b8ddfd95ad74905e890892192279d3

SHA256
00a9c88b644807369637ddb78d9832d7137b5f1c64ca9720a36bfccea8c38d98

SHA512
fbc184640fc419b50f6b1a78168a9efb63f8ac4c151baed17b5e9b9d333a360dce109351654ebf1c71c97471917c922456cf9c816118c6c781efdee14d8360fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\bg.pak

Filesize
938KB

MD5
e1322b5cdbb96d2cf4a5fa5993c2acc6

SHA1
e813a5685b1885c2788c4826a8f8659493febbf5

SHA256
39707fb80e38e9404accac5f12ff1f3745589bd80b1586e2208b27c0c8eafcc2

SHA512
2c6e766d671bc4ac772196e40b818039fc88f02eeaa59f78c78558e5e2670c1fb7fed9391684160c0af5a92acf8991533b298b5aabc3919c706f23f094f2ac15

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\bn.pak

Filesize
1.2MB

MD5
880e325d5643051ad7e29c2280fab954

SHA1
cc46cff349031f9036cafafd3c091d1a5ab93f2f

SHA256
2fbcb9524eba04637e3f6c2874f7fce917326ba90877e1715eae4b35f141dd3d

SHA512
d16d085bd51ad267738c649f6bbfb15b8ce5ac73b838cfb7e2ab0f4c135317c358b83a7b5d3506c492f75b97edb8d1eeee9733d12c9eca1bc51012d660b9e912

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\ca.pak

Filesize
571KB

MD5
84b1e5be23e838708773d4e022f99986

SHA1
53e411d571605a0a86a1040bff32a5e951ce9ee8

SHA256
faff0931e9479b76d2b6247739d4f934023a64bbe8578be08e2dd0eb053231f6

SHA512
8afc396b859fbd0c03d1b7604f5cd80d41fd8e3df52ab88ba22a31a6a0df447671377f2ad0f6797682da6aa32d7c779defa1097ee140af207adc94575957fca8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\cs.pak

Filesize
589KB

MD5
709ed2e9426081c9e86d9abdc74b44a3

SHA1
f55fc17c8b9bc5f09a539ecb8b995c1b43fc4d25

SHA256
6597d0dadf724999741e0f24953ce9be02c8b98ecb8a382115b205edde87c160

SHA512
992ba983cb8b24bf0ff190715c5845f34b13f17227486350fc736c872ac8f0b21347f5f6d13e2e204e928ec664e283ca65b65f72d9910725f55d737b6c5fda40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\da.pak

Filesize
533KB

MD5
96bbef1eee0b0a197ec834839c00e11c

SHA1
35adba0aafbb4d19015e11dde1f37de87292252d

SHA256
600e02877374dc083b21deb3cc3bf6a4e3e2b2c581a631955494b0591c56289c

SHA512
e1ae7ad30735b6c42f81d30d50162330603753b0ce7705506918d0bf3bf9a52ac60f8fca570cdfe87f0d6dd46cfa3064d5a1526d39d81a053571b434b1cbffe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\de.pak

Filesize
569KB

MD5
3a9f06d1708b7620e2639851024ed0b8

SHA1
51c0d824bf38250ec0aae58e63141489931f02ec

SHA256
91da97794994f6544707299fee6b775745dc3891fc879d8e8a05844c6383eb53

SHA512
08e80783de403651af208387a3191db30d1353cc25f310c917a1133b2622e4b6809bc2bd881517678e9229e6492705c5f45be3e849c0512c4a651c5b7026c926

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\el.pak

Filesize
1.0MB

MD5
4009c890acb9b81928e6e1a4b593dd62

SHA1
83083e9c948ebba18fa990e230ee33fceae43cbc

SHA256
897b6fae230e6a3cd14e16eb537f96d820950f5a4537fe146a732ab028b7124d

SHA512
b4c87024d3cd612b8af6f73b31853936614f4315ba9a48b4687120dc64e1794c568c4e074e41ae6f8dedeab61484e145dc0ca3bdb95482fd85492fddc26ab6ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\en-GB.pak

Filesize
463KB

MD5
ceba44242f8b24b70c9b59b5094d8da8

SHA1
84e16c522ad397289a923e5cd4b012e2d323af4e

SHA256
b0fd61679565a7649c90214efecdf6e1231a8e7895dad93452bfa1425417d5b7

SHA512
31cd936157a7408a43dcba597f6e098499dd4c5fc011ef818ce93eb7a05c9d354229c3b2295dbc290a6d3f3600373f18f75b334ba9013a5dc0be44c82f2e51bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\en-US.pak

Filesize
467KB

MD5
d47cded365a28d27906414035c1cb3ca

SHA1
429123c86f6ca48a89bedc9a26027e01508e6db9

SHA256
46958caf9847e33a11593ad024d5a95cc696edcd4620cf07e7b2b78c72b9c00c

SHA512
1a16d784913fead116460c9ff42e21ae482865cfe2d6ed1b1296496e46a05e513f8d048fa4d245e7a82ef61de4c4130696d5b1c647c918995f6877a888bd0853

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\es-419.pak

Filesize
562KB

MD5
ae62374bc2e71d9abed6e0c1d4bfe309

SHA1
624a8210376e11814485fe90a8825bb6ca883188

SHA256
48bd8f17823ce0f0a6f1c9fda020d5b5655e2419634f92725ab263339d9a321a

SHA512
345794d617dd3aa200ca248566e9ba36dc846af9afe259545b5a61e787b1b52e112c7eb68bc025b0d2076790a4b77a82a724bc213fad9f0f38db6054332bfced

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\es.pak

Filesize
562KB

MD5
070cbd6f42db1cb9b6a2f74e03d6b124

SHA1
f8830e1c8a601123d85fd75188ed01833f910691

SHA256
91de93a4dc9c9276b9ee3ae498bdafaa55fd464c1f20fdaca84c4b79842327d4

SHA512
2ebee4e289eb2a19a97c86d1abdc1ad53c6a76b8c1dc28fc89cfde236c4abfbb823bf52573cc0848fd76ed9e0ab2d49def542837bc5c474ca1593fb5ed10a390

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\et.pak

Filesize
511KB

MD5
294c830b9e6667c8d5e7287cabd6a4b6

SHA1
52f44b97b71624bee6360301e8f6f34cfa428e72

SHA256
198674c98f10c36205161e382cc31560a4bf0de5f597a0c65f7f95777dc9bb24

SHA512
ade98fa9cc25148979f325660ed3f0f649a38709ea34b759796c4e202b3c30e76da3b8c17ecf2e1948db4a5be26af23c3a6e6b28f9445ceff68d251a5645db5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\fa.pak

Filesize
836KB

MD5
e5d53b9d5756871d684d018fb0c745b5

SHA1
b00a40704c91b33c2aa0f6829ae3dd886ba7177d

SHA256
8b93023af6428322b9b13aca5da9bd395a9c4775c72b758df8eb564d35d15cbd

SHA512
e722f114485cbbb5284d23f1ad1061213f40083c5da2ac9753e1416f75f7cee9d8315e6f4582322d992beb9a8cacefb607ee0b1737e3a6da775fc059a17c3fb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\fi.pak

Filesize
521KB

MD5
925f45e80be419aa0125096ebb81a23f

SHA1
e73a32362952dc0aea997ee408da090f1886a438

SHA256
bf20054eb68d3d67d17d2a8c594d896c9c33fbbd562535d0c7e6cf6c940a8732

SHA512
8510e2e9749b4342eb8d79bbfb983c43293f7f37d138464c96053a79685c578a148dd54013d211b02115256f174f51a74ca9155883055801bbe146053de52eb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\fil.pak

Filesize
590KB

MD5
a96f6f164897e62c984e9a61f6c3f7cb

SHA1
3ab2a714eb8e9b57e8a39792d152606ba0ef6a3a

SHA256
ff21df22f24c92a06f6bbda2c70b57e098d7bb6754988a5ada087aed9bc8b8af

SHA512
cd522884b66c940d64eb1377f9dd60143ae984fa7d144aa9d83b82a006b5da2ee9eabdcf046d362b2096d8a6b8486f36a10ac9f0642bb8cfb1e7903fda4c41f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\fr.pak

Filesize
608KB

MD5
fe0ea306a7b48ee2750af3a263d9f3d1

SHA1
877968909cfbbe499911b4d8b807a593c4be52c7

SHA256
955de4737419c06609227c63c2fbba7c8abf497fb976c99a4dc9f5d5105afbd1

SHA512
07978311caa9be82bd398100d1d8367c5ca840ffcc166b73aeea0bc7c86b53db13bf648decfb3f54a43b9d199e0d98fcd29fdfb291a703502369b025eccdf872

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\gu.pak

Filesize
1.2MB

MD5
cd212ed25482d2b5a246440b62c4fbbf

SHA1
197f3616dec4fb308e0ec5a17458ef8a2d027cd1

SHA256
0e8762ac08963088c33b74ee790df95370bbfc298bae8abfb87eb1307ef46d37

SHA512
207d3e9a6bfbd3eb19cf53a0a300eb0172ecb872496d627ac5b55b9ea11d52f24f01393893450fefaa3c42bb481129d54e552679f2f67a2af0e117d12464601d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\he.pak

Filesize
734KB

MD5
06e89cfa4c6f4bfb7aaead492c4f08f2

SHA1
39d943e0eb1637cd3f5a7b66ebcd28e76c89aaeb

SHA256
6b7937f16ae53457ac9a0c18fbac68b2076200b0fc98cb781415fdaf18c49301

SHA512
8b6d33657eda8a3f1d1bfd55135de88953d21916e72df646fec2b5f5b17e9e15849f428b0fd83143f375ada174aa953be8f07fa8ba90ca4d07dd1b859d034b4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\hi.pak

Filesize
1.2MB

MD5
e3b31e519b925414176ef2d9546c356c

SHA1
7cebb1c5fd9c78f704bb9e5c463f67c5426d0171

SHA256
82fbb97e7d9634df3c806439e144cf8d153d840bad98f6e790726841a91acd13

SHA512
fc3e735f010776cbdaba1592e6f685a1fb4773ab5062f5ba9ed95d9bcab2f0ce9ab024ed95158263450fc58c3197b84e38883262a588d6d92c4e623c61b4d200

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\hr.pak

Filesize
567KB

MD5
92e6ef5db4c0191282ce2dd3645461ea

SHA1
045d3ed58a625516af741c9e2f85680fc1561ed4

SHA256
f8d6694f1c05ca259a31e0427ba7cef5b57f0c4b33493fda21003911a5da6f07

SHA512
08b09857f173ef2a3067d60120167223b4ec7414ff6117d206bb12213ce9563c8d7923fc0ce6e7df0ea5d8ae2b3ded2a23993ab43bc46bea3c08df1bf59e16ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\hu.pak

Filesize
611KB

MD5
40807c6b0eefd2a2f16cf0ac2c28ed53

SHA1
1b416b29e59ef41e1f18b168947e42b7fa969d2e

SHA256
533ae7e865898b61ecfdec68c581b3c4858f2c3ec1fe496ab02c61db0362d941

SHA512
487cf71df0f2e59ce1151c146651f567b624ac0e48f770a2f1da76b27933aa2bdc30990788e2dba4543a11b9e5d3da6f31badb26d7f3a5c87088c5b4e1bd7756

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\id.pak

Filesize
504KB

MD5
a20c777901a144622f8a5520583af79b

SHA1
3506f8e07ee301bb195eb185032ebdc7fd231272

SHA256
fd44af213520242ba41f4c9003ddeedc71f923cb37e25b14e595f3e652ae18dd

SHA512
6a53bc2f5d0e4660767d21070d19f0c407fe676b9e9cbdc20e6016e333b2ad33da225bfc2833a0c0724e1b6245ca6ee3cc0e782ac955d6aebac3dc468db79a1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\it.pak

Filesize
554KB

MD5
acfd6f4b73b87455acb703e59303db33

SHA1
70eabbca61eb365191cd1256f3be40ea9223b2d5

SHA256
cae7bd535284f5f156c1466820aae2bcc0b0c0ba378ad0f04eef3a145deed9b9

SHA512
bfd52bc383f1f5a7d559968bdd779198c81286796564499174c3b5b9bbc7112f427e8316f78fb09ebc668c5cbf94c89c37e97abb00c9b87b5c5c108028fc549d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\ja.pak

Filesize
675KB

MD5
63cbeb056020b6ee8cfad26c7c6abb79

SHA1
99bf018555eec56aae4b19d10c85ac506f4164a7

SHA256
aad9e17b2170b76248d61a3bac9b1bebc44b94885403ec2cc21a31397bf029b4

SHA512
5aa4e764f06f0e8490dab89a8b3754cccdd41739b4654ac8e30de160cad335f681fa5dd7782482aaf66ff1d827ce0c34df85c23c334a35035a3a4e3d0f305343

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\kn.pak

Filesize
1.3MB

MD5
f4c1e83eabd580c0b4c63b2dc510ce6a

SHA1
fc1d9fed0f073504b022606e424e7cc9796648b2

SHA256
79fd72e764a1d8ad623892e563e174463f29d6ce61a2ae29af102d71da4b8e25

SHA512
927e6ff4c7d1c28c89afdf44c62643740a94b01e9f6e927e543834c833e1b4abf97de1489c6717f9054243c180474fc695a70c4ea8852d95c690f38c785705e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\ko.pak

Filesize
572KB

MD5
626e172ad9b55ba0a1e2802ce5e10d0d

SHA1
ecd855a47448609e8e9d7bdd80f92edd494ca77c

SHA256
7111342770c33aaaffdd6fd9ef15095a6d89e48d2468c19172c0eb9b6f26ebdf

SHA512
d42594259929e35b763e71cb7022d34a11bf75a4b9bb058e251cbbe8e80bccdfb284eed1c6367f98e3023134c24d50542c64673d80e29230fdd057de70a10d5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\lv.pak

Filesize
614KB

MD5
df9985ecfc958f343ab7e56e71149d71

SHA1
fc0d2c4a194d500a1f4cfafcd9102186016ba5a3

SHA256
7e17246e23ca2d0241d56d91b5d5e6bfb3ff4e08f1a3734f9d032b4191282fa2

SHA512
0dd65eed7a5bccee0ac5e2826f0cceed848dff0d0d41904e00d35cec9d96fc0b91a4eb54fbcf0bbba61f89848562a606f9f7aa827cb180abe7e97a2e77a29309

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\ml.pak

Filesize
1.4MB

MD5
265d7fbee9a021895d51209dc0181f90

SHA1
30e37013971bacd3ee93ad2fca01cb59a26d6a87

SHA256
682463d4a0221711e565ecf409893536d727650efd2ed0563c722cceab66b1ad

SHA512
028e1ad499b20ff7cda822b91f9b8d1cbb1efe108b7236d817b73a6f8e518b5f4a8ae77d653ae5c9d799842eaee3915250ef56f634f847fc5fc8a3b36eea176c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\mr.pak

Filesize
1.1MB

MD5
af7c7d72a968e1936f26a3c755157f6b

SHA1
2ec71950847f5fb4b85697b6acd05224c28bb092

SHA256
e5702b9578435abbbcc922f1d4ff8c5a345856926c2174c329e228987c3ac7d5

SHA512
d265eeee96adafc3ced76901c9263bc1cb349caf925a02d5deb010c02843fb653a17e1e8a4e942c9912f654316c4a7a1776e6a7eda56ab82ae9d4d077a58a929

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\ms.pak

Filesize
528KB

MD5
06f24bba6fa8e9a009b3062227d4c259

SHA1
f50b0da2a86a138d16022f5642d96ff1a3ce7568

SHA256
cdfcbd86ddf584621bb2966c2d43f18096f974edb795cac0d1db43a60f3bc24c

SHA512
02239741f103c8b63072abab475ac313cb48612cac36890b7946fd816028fcba9be7ecc17ba5b934016d8817c52855ef208bffe5191d0eed35aa5243527e2150

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\nb.pak

Filesize
512KB

MD5
cf18f58e8e4e37b2e5fa7ef8269a294f

SHA1
c60d6e84f5cfe4cadbf4efed9b5998307b20fb9f

SHA256
3f1ed8ff0207c678b6a0a98e82fefd6340e35b7d16689672dfa90d9ee63921c6

SHA512
8f336fc50943d693ee80475250d2dbfc1401c615da571115f2c02551959028125b91ea6ffe22171dd12241688703e1869402146ef4e85a46059fe022759da953

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\nl.pak

Filesize
530KB

MD5
d7048d029ab3ff807dff790113328574

SHA1
07872f608062aa482532edda0dd2e1de31669380

SHA256
0e9c114529b9ec20118bb96ffeea05d1a408e4eb621e3fc65f49353195d1af96

SHA512
050b0eacf5b4da024d1a2af54f3511c4671756b0dab3f961d8acee5d1695eb29fba7768246dd5b3bcc253136df97e49a305832c37943380dc337776cb1fb1549

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\pl.pak

Filesize
591KB

MD5
4003c253ef85ec0ff8a65204955994b0

SHA1
af3074fb622445f6429899cb33a33bbcc60e5e5a

SHA256
4db10dace60cc56b610a7f92caebf4e7e98ddcaf8dac4f5a87db8f750f51ef8e

SHA512
5624c8f6268c8a8dbf1a69a032ebb89e670685cb736a3cb42a65e2dca118a85e076818b58ba2e392991eff7921495167616107f402c841a8456b5b5888b70ca1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\pt-BR.pak

Filesize
555KB

MD5
0711b3f59ac95761899b013b3b242c93

SHA1
73fe7a4f60a6b92a966f1177c71bf85c6f95004f

SHA256
be445bfcd9429570e5006063b1c8299a41e762e8e0c2b63551bcf16cb6fb868b

SHA512
aad5ff84d1833db418a46961a5e3abd040e19e5a87bd6763039f8db7dda19c3cd9d7ea862585080636c2888ab1a50f2ba579cbc0ca0df8135537f1cc7543882b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\pt-PT.pak

Filesize
558KB

MD5
fbff8ba7e31acc6c26c0e4b7277cbbd0

SHA1
b9acdcbe2f0f429474acc4dd883d668cde9d3165

SHA256
477d6666bed083b27335a479c71279ad41a674f7b6a412ada1bba18be542ddc7

SHA512
ffdbb2773f18038f5d4cf145f3311feae25110ceb8efd9c895267f98acef7e901dd7d843f7c5291cd333fc81b80da301d0c92e5c0d6857da7e4eb68a5a0c540b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\ro.pak

Filesize
579KB

MD5
5d5a27c52ae905fd85f5d50cb793e7ca

SHA1
b858bba1ef66c4d3943be19a4bf8a508c23e6671

SHA256
9ff47f6890b3f543bc51015f263e791d8a3bc332098f8cd8199852fa131fa579

SHA512
f4754951ff0dd3f1ec2c0859a93422330145f9e4e3407bb7f95863c85227b96d3f8af449c0a051b60f333df3695eea5df70fd5f7fe4916e60eb6f7c4c21aa5e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\ru.pak

Filesize
951KB

MD5
4ec91cdba9839e214ef7c008775e9e6e

SHA1
ea9f0f22ee1bca09ac38c01300cc91e2fc8aee51

SHA256
64f069a34be4966a9c28361e1c4914ce23bf96faa3bb5533fc3d233bfeac5cc1

SHA512
8c49ca910bfff175a4d88778ea34437a5acb0d52e349160f31091bd33d8ed76524950fe3e0f508c243ed76b289a550291ec68a7e0c1c426a64fbff0579c94d14

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\sk.pak

Filesize
598KB

MD5
b7d16d6702d4b4b5d3a9e4c3e0e13eb2

SHA1
6b2f1591ec51c4a7cf1435fbec7b5af94e0b5d4b

SHA256
e93580dffc1715edb37965c5787048e3e282d0477f277668ca7f49cfda7142c0

SHA512
a09950a9bb3f9814d946857e32901a9b6d73b4862a85f00b7f1f035ce0cab5af4ebf3aa003731ffa8ccea88d71866ec01d9ce578fc0b13b3cfdd3df332a0c40c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\sl.pak

Filesize
574KB

MD5
48ead6e0160cbc6cbacb247cd3643110

SHA1
b39a91bb90f26c74dbc9fa28b257b705b54f2b81

SHA256
fc4cc46ff82cb8a41181e825a3d4e4508753fb68ff01a60486b7df4a4e11e89b

SHA512
c037d352d315805a18796a121e47c73d37d68e735c9334e11b393235ae75b803cbc03cf7cf8480683bc68c9b98fba9f5a7b045b650598e5d9367ab58a24e75f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\sr.pak

Filesize
883KB

MD5
5c811e0c9b775886bc11b46703cb67a0

SHA1
e9a777cc72263c7e7c4bfaa36e41b29e405a2a18

SHA256
4c524e149c02c37034ec92dd90f20f463413f2650ac9f32d52ef7260f9a34f1b

SHA512
d7db44fbfff3e3204b92aff44dc02c184344853d85fd79cd962bcad8efe85a13d1aaf9ed69a6e81fcc6e690afa4b1ba7cf1764225916f398c0f960d56e5bc57c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\sv.pak

Filesize
516KB

MD5
b75471d16a5b4cfbb43ea86d3077e63a

SHA1
302958743c97218d13a72ade3a22e4181922531f

SHA256
ec0f43dae8e52169396f289dfeb5d49b7f9258bafb0ed3060dd652fa744e5264

SHA512
63556f738df1527ad96cca95f3e37934b054df83cfacd4e120745ceeb0536d4bc1919c66acff3e5253a62824c032ae7e8f9496df13b9ccb6fe00f67920a63cb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\sw.pak

Filesize
543KB

MD5
912db9e797ea3e277f18e72173f26ad5

SHA1
a83461503becad16ea0d33fd5501603688a65ed5

SHA256
89d1245c645cc26d67ac0f556734ebeb99b436cf19edd3cb3b220e78a87796e0

SHA512
b5c334b528ba6d26dde9b4b1100c01bd1675cfcc7167a9bab4d9fb95584ae629e9567ab3a4729776fbee22ca927d42e04fa016cf3f9fe510edfdc340309110ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\ta.pak

Filesize
1.4MB

MD5
22949a4acb6639bc4fea591bde3f6cec

SHA1
672163723e294a5242e9654470e1efbb3e8aa0a4

SHA256
84776412fd7f2cff26713781be937bdb30352f9c7eb297ca811241e6cf4284d3

SHA512
5e3ee2d29eabfc4398b0f9784064eb03b3c3e13c59f4fb1b857c612727eebe1a4a1bcd76503b1356cf4b4d407431a643503d9068f61f1ed05041f3aad325262e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\te.pak

Filesize
1.3MB

MD5
f0a8ccf00882e83751fd666876c937bd

SHA1
6fd5045a20bdb912f61dd38f4d046b333bfb03c9

SHA256
65ce3f1fe059a8d8b67cd47485233c6ab3870cfbb313241fe0f24e948bb0f158

SHA512
8ea9f2215ac8354378aff1717ef6f1ba97ba8bcc1c660290d8a070c9a7cb9b0e1a87b8e37e68cd71d7bd429adba8b17c6cda68508b7389e42841fbe2f9c79528

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\th.pak

Filesize
1.1MB

MD5
77721a07831a7aef49934706398559cc

SHA1
240ac6e472ac7312f02b99a8d588813d3dfeb468

SHA256
e8cdabe4557192a6ad7040de396d807f96f50d6ef256dd04972211b9c898bc1d

SHA512
f73be17166c7a94c216d13d837146c3c72a5e205688479ce8199c8cf468eb1bf780f2569d42e908684f0059e6ded370428d9b123389ad2cf1553a0aecd1ef06f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\tr.pak

Filesize
554KB

MD5
41bc209ee64f56f04836fca3e2de362d

SHA1
c019805b555d4c24c347112a583ac9f9bf2ef142

SHA256
71356710c485d7db228a866789ce9d253276725d94a4e4622e7b82037beb9825

SHA512
a65c4f9147c5796567e61b0661b4766c199f156541a252ec442fe5b5e3e1156c80e8fc7cfb6d9e55db4c5f60732b55cfa74a65e7dc46fbd5a4e5dfc8f3891add

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\uk.pak

Filesize
952KB

MD5
7e2cbb9d3591278a76dd08364d3dad4d

SHA1
a760a029070bfe57d4ef273b705650cef0a92f61

SHA256
38616b5f7f939a84d5205e758a8d3fed024a8e3fbcc8159c90666ce650ae1d30

SHA512
81e5ebada5990d79363e2583efdd3ccb19d8a10291cf6680d77d7c399816fe273a4fea5a7cb5e55e11f445df46a7ccad2942dc04f4fb8b6f66d2f2b151374de2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\ur.pak

Filesize
830KB

MD5
157117641502b63c89110363dc7083b2

SHA1
fc86039a03b2e48fafc70e1cadc096fd46389af2

SHA256
fb7cd2f4beeceaf445f4d299a3db26cce49a7950a37e5a9b48fae7f5a8e09f99

SHA512
422d92c5f0b2b2f9f35dbb7c11cd1b463085201912948c61222bb4f43f8dfd777fce678f04371df53ab6d07ec14cfbc9e4b1b084a72a0f2aa80ca7a4728e6359

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\vi.pak

Filesize
657KB

MD5
e6db9a8c61dc84aff75efc00b486a8d1

SHA1
6d1f0329f9a44b64fa3474313c7bf207bfd78557

SHA256
8ff2d05730915c1b15a97a3915c03d83239c34771ed661ccac745fb308901f14

SHA512
89cf188b5d21528166353b29986f5afb9aad9a51a57864951f7945124b157e0129125caeed58c70568e38f7ba3a34a17d10056902b58ba48ee2e4e10a4649f75

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\zh-CN.pak

Filesize
473KB

MD5
5356bf9ddeb7ffad20e27ef092dac528

SHA1
3514ded7211ff71297c87275ef0805588da2d47d

SHA256
0b6f0a9ded5734b260c1c02d7c717305d139bded5ec7ea80de40b641f13bfe0a

SHA512
887be5ed95b40d73e0f61f4b3e85f8a77d4bf4a222197b9d1c60711ae8481efbf9c183ba902dcbf437fdf70381bd232fe9c27cf0ce87c0f45b283b75b6d19962

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\locales\zh-TW.pak

Filesize
468KB

MD5
9c51b828271263d574382077abd2e2f3

SHA1
4de07caed06477855e4f4bba1d0d1178c5757171

SHA256
21550464b12c7f9b23380acf7ca2b42c1b578581613c342196da95908f14c8af

SHA512
0e6921dbc4be8d5d98bf80e9b0f8c7fc31cb4e7553ca76b9c697a3f1428f855e59ee0dee99903a5215dddee9375532226af81128f066656d98db28a8d9738604

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources.pak

Filesize
5.4MB

MD5
7398d5aee46689f03c278c8954f68f2b

SHA1
62e10057cfb2dc53c62d088d4fde3252d1216d86

SHA256
9590361aa74c43818881e622f2e3b7992c978397f7ac269f37accb435b134fc8

SHA512
1d6ae4cadd302fd683be66016cc4aa092bfe9689b81e1a764512327983f558a7ad9a10aadb7f8e13b73949d648d0e14ea0eb7c2de2420353a46e44c6b647c652

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar

Filesize
8.3MB

MD5
1ea30a9b696cd8a599f2cb898369a1b2

SHA1
8c6bbcd06ba1025251f06939c2c6c66b4e966a76

SHA256
507fa611b2fb48c321cc8e6a09c3aa4833e6cb804920a5cde2eb2ca834aa9880

SHA512
74f31b42c83e6aedbb55c63e6030aeee29391df969e692ba477c2bf85d7114aada23e231fb35182ea71710fd8744a7f9221ca610554ac82cd9066248faadf7ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\LICENSE

Filesize
1KB

MD5
7bd114b023fa6209fb7b02150a202ccc

SHA1
4451515f9d7b16ce8983abb4e85609fe4162c4d4

SHA256
455dda47a3fc2f58ab06d8e526f490ec43d0fc23a5ea80dd0942644397316d9b

SHA512
87ee4dc1da13937055eade250f1f8a357f549c709b9659258c137009060080aca5cfd979890a7b2d662083f4c646cce9af6e20774b58541af9e712fb5f4f1c60

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\dist\index.js

Filesize
412B

MD5
0b33e83d33b01a51625a0fdcbef42ce3

SHA1
1c29d999ff7da39426b97f2eb31a3d83db8f5fc7

SHA256
a7ff0225cb5ebcbef8499c6c8ac2be924f584eb375dacb1d8bd3dc6540b510f2

SHA512
1d04caf4fc2e876bdf2a089ae938a41fe4d3f2928aa846709bafd2de236fa8c754fcc84d7e8a5f5734bc1cecc04b395ab9d2114945b35e8c85cd3b9ee8f9799c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\package.json

Filesize
934B

MD5
83a6b767cd4ade2116654eb0a90fec3c

SHA1
07a0f29ddb1c8a48947ee05bb4d6ec3d2abe1df9

SHA256
59f4704391d2247b2a8d029d7338566d47d2ff0cd7477c49343efe93475f7a12

SHA512
404ed15686b7d611ba8aeac12e706af75a876502c51e40e48a598d05a9ac89f88902b2830a5c679f9bb7931f5c33bb10da3a32753fdb8c71a9d7b4346a1be8d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\prebuilds\win32-x64\node.napi.node

Filesize
137KB

MD5
04bfbfec8db966420fe4c7b85ebb506a

SHA1
939bb742a354a92e1dcd3661a62d69e48030a335

SHA256
da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd

SHA512
4ea97a9a120ed5bee8638e0a69561c2159fc3769062d7102167b0e92b4f1a5c002a761bd104282425f6cee8d0e39dbe7e12ad4e4a38570c3f90f31b65072dd65

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_addon.h

Filesize
206B

MD5
ea1e5899ec0210d7de4ce325d1d94022

SHA1
464da48d40547cb08a67a1ed38cb0ae8369f2f42

SHA256
18280b1135123aff82fbf4188a5aadfc9a5d6fffad9309f72f347f380f2da550

SHA512
6dae672ea822a7dc5e42914def21c019c0fa8aeaf1c27c155b78312d8a33a63ae9a1910dd32b72760578671780b8c37b91ff5e1f6588f08c7fbaaff80d8fb6fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_not_supported.cpp

Filesize
327B

MD5
c510e65ebcb2fa7c00712e770ec8c692

SHA1
ca1ea3c8340dcf69f344d5eaa884631eef37472b

SHA256
7c03cec11c438b6d2512239477d9f1b45d6e16763122a3a36458ab339f50d3c4

SHA512
b0b312426b4409c80b45a0f3337069be9870e050dc8b55184fb2bc63532c247089c8d35cbd1f12f0bd2bd38d581566faa74a6469b548a1ad7d837285ad37c178

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\dpapi_win.cpp

Filesize
2KB

MD5
4a55597a2c7466278439452bb708b822

SHA1
eaadcda8f410f2dd1fd9522fd7a2221624dd1713

SHA256
da37b02fb0babb651244479ea019d229fff1c41ecde74bc06335b5e603d9b30e

SHA512
b20efe8026de41dd8c13c6f844455cacc13fa80bc3dd41fef422fb178054a7c8d6f14af8b1d6928e52648ab95a793aee1f996dc2aceead3aa8d317a99aad23bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar.unpacked\node_modules\@primno\dpapi\src\main.cpp

Filesize
698B

MD5
88934cc736b505ada3d07afe22083568

SHA1
6d1d112f4e7fc943dc5c9ce5ad2f32154aeb2f3a

SHA256
1ada21451bab629832372d519e366bfb08c80facfefe5a40c76a4f10a697c905

SHA512
9f45386cba32d13a50360916b0c2f240e43cba5983a86ad80f85c75cd8e6ac2c6b931992842a736e84e234b91fc46a7a66824a3a2748f474cf1bbd22ec138a99

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\LICENSE

Filesize
1KB

MD5
79558839a9db3e807e4ae6f8cd100c1c

SHA1
ae3dbcee04c86fbc589fcf2547d4aaaeb41db3c2

SHA256
7686f81e580cd6774f609a2d8a41b2cebdf79bc30e6b46c3efff5a656158981c

SHA512
b42c93f2b097afa6e09d79ed045b4dd293df2c29d91dda5dda04084d3329b721a6aa92a6ad6714564386a7928e9af9195ac310deecd37a93bb04b6a6f744be46

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\common-sqlite.gypi

Filesize
1KB

MD5
92c4c5168a6a883f2a69ea4a1a37b7b5

SHA1
6dedc03d603631c1f70c626f5ef9d8ee6f342efa

SHA256
7b557c097c162c9ba04985ab822f92a176bf848c34ca38e54f061057ad0d8bd0

SHA512
904e605fe5bf1134031edcadc91ed55bf72d7fb1c862f99f25a672d29fdb34af22d4114cae389a853d703bc35bfc2c8429f86608fed5eec897c115ac3dea8de5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\extract.js

Filesize
224B

MD5
f0a82a6a6043bf87899114337c67df6c

SHA1
a906c146eb0a359742ff85c1d96a095bd0dd95fd

SHA256
5be353d29c0fabea29cfd34448c196da9506009c0b20fde55e01d4191941dd74

SHA512
d26879f890226808d9bd2644c5ca85cc339760e86b330212505706e5749464fafad1cb5f018c59a8f034d68d327cd3fa5234ceac0677de1ac9ae09039f574240

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite-autoconf-3410100.tar.gz

Filesize
3.0MB

MD5
c6d5034cf39232299ccfdf8e3ddc5781

SHA1
e77599a2df4c5b114c942ddba4483550d8982bf2

SHA256
4dadfbeab9f8e16c695d4fbbc51c16b2f77fb97ff4c1c3d139919dfc038c9e33

SHA512
6e6dafc35b8b11df3cd3bea48aaf84a102893242cffbe18eb7b111791563095111a2a8a5632636b8f46523d98d16e2b48dab79ee6707a141b22c2e6fde3002a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite3.gyp

Filesize
2KB

MD5
0e4d1d898d697ec33a9ad8a27f0483bf

SHA1
1505f707a17f35723cd268744c189d8df47bb3a3

SHA256
8793f62b1133892ba376d18a15f552ef12b1e016f7e5df32ffb7279b760c11bd

SHA512
c530aba70e5555a27d547562d8b826b186540068af9b4ccd01483ec39f083a991ac11d0cc66f40acaa8b03d774080f227ee705a38995f356a14abe6e5f97b545

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\binding\napi-v6-win32-unknown-x64\node_sqlite3.node

Filesize
1.8MB

MD5
3072b68e3c226aff39e6782d025f25a8

SHA1
cf559196d74fa490ac8ce192db222c9f5c5a006a

SHA256
7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01

SHA512
61ebc72c20195e99244d95af1ab44fa06201a1aee2b5da04490fdc4312e8324a40b0e15a7b42fab5179753d767c1d08ae1a7a56ac71a6e100e63f83db849ee61

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3-binding.js

Filesize
241B

MD5
ff6a0462767c6bf185a566f4aef65ba5

SHA1
7a3c3ee6748d00fac6e51e366518bb48a41794bb

SHA256
049b7b1b10417274be6c3e6a9518ac364729354435298d70abf834c35e8f3bf3

SHA512
088d706f5a18323128547b0f126564fb7fa7a36dc8365ee8287663b2cb63da2d02a991bc5cda19af24da2aa063357c25f21347835f9a8aaef341b33bd21127df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3.js

Filesize
6KB

MD5
275019a4199a84cfd18abd0f1ae497aa

SHA1
8601683f9b6206e525e4a087a7cca40d07828fd8

SHA256
8d6b400ae7f69a80d0cdd37a968d7b9a913661fa53475e5b8de49dda21684973

SHA512
6422249ccd710973f15d1242a8156d98fa8bdea820012df669e5363c50c5d8492d21ffefcdfa05b46c3c18033dde30f03349e880a4943feda8d1ee3c00f952b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\trace.js

Filesize
1KB

MD5
e5c2de3c74bc66d4906bb34591859a5f

SHA1
37ec527d9798d43898108080506126b4146334e7

SHA256
d06caec6136120c6fb7ee3681b1ca949e8b634e747ea8d3080c90f35aeb7728f

SHA512
e250e53dae618929cbf3cb2f1084a105d3a78bdfb6bb29e290f63a1fd5fbb5b2fab934ad16bc285e245d749a90c84bdc72fdc1a77af912b7356c18b0b197fbe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\package.json

Filesize
1KB

MD5
f9560f0fb25f1dc014682359373146c4

SHA1
b19c6321292cc63d26a18bef5d80787c5e57e746

SHA256
b145c00c63dde4da0eb3736b0d25fe79fa252a02daa9c3fdbb2d3a5783e98cf6

SHA512
dd51dcca43554f27b2718f87661cdfc86e6a51b36c15574870d793fa358f76816423c0ebcef34dd9a7fd7ce42e6be18f834100a327cdb3e6eb8dbd9d65792262

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\async.h

Filesize
1KB

MD5
7fcbaffdc03bb5164fbb27f8552dcf5d

SHA1
590e3430c1dfa30f241d56ea01f364d5b9e7e991

SHA256
b6e86bf43d74c8ee2c2f57eb1947be6ce5d8c258c4866609571ed6c97b58b53c

SHA512
e44d4850651e0e070d3f686db3d3797632121e32dc65b869739c0b45cfa13c055fc42d650f04c41915264b8772fcfeb2a38148b9fbe21a001af5a455854336b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\backup.h

Filesize
6KB

MD5
283f3987e0e65dca1b029bdbb625ccc2

SHA1
285d7995459c11a47e13834ae3ec0167eacf7d01

SHA256
d3956cdbb650e1ecff8c94fe4e8645f80e10088156d409703c19f186a9c41aa8

SHA512
ff5c21bd53bf75b33a5430d1abdc8a8649af1535ec02aa5fceb91ed1189e44f0818e25556946d3ad8032b077fa30e73503464aff219b42cbace1ea3f97acb605

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\database.h

Filesize
5KB

MD5
f023c6c0baf0411cb6eef0a7b2baad13

SHA1
748b78bf3ed5adc11e83f705033d8338d7eef2b5

SHA256
8c5bcd084dddab2f2994b6cddc9b69a8f78a1034588b765e7bd859f27868fe43

SHA512
08648cb37c0284799bb98fa2eb1abb508c8b992b43425203839e1e7f4092b7d2d7c83f6419417281ae278d3d61ade0b65959cf12f0c449a9688ee97749593dad

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\gcc-preinclude.h

Filesize
861B

MD5
55a9165c6720727b6ec6cb815b026deb

SHA1
e737e117bdefa5838834f342d2c51e8009011008

SHA256
9d4264bb1dcbef8d927bb3a1809a01b0b89d726c217cee99ea9ccfdc7d456b6f

SHA512
79ed80377bfb576f695f271ed5200bb975f2546110267d264f0ab917f56c26abf6d3385878285fe3e378b254af99b59bdb8bbcab7427788c90a0460eb2ee5b77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\macros.h

Filesize
11KB

MD5
592ca8ac280135c059c9ed651ac738c3

SHA1
ac8e8b5e835ea2810a443df2a57f3bdc3c60b2c6

SHA256
8d1afb5d27eab8302de08aca87eb6edc1b99ae963a854d3bd652a4fc61cbe3c6

SHA512
b4e317200e3cab4dfac93e684150d21f7dd89a656f8a9f576b9cfb22090e8db6c458008a4a1406121fabdac034cfb80200a740d0caf6ec63fbf71ad2fde41029

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\statement.h

Filesize
6KB

MD5
13d7bf3557e57ef3036bad68cfa8faae

SHA1
94c1af952f38e9f1ad2d722ec3a063fbe666e66b

SHA256
2c99d9cef21876db64b610dd9baba8de1f7c94028d6d1c463eb3db213745b3bf

SHA512
63e4543833d602b0c6ad9c21438e61782c252a5e30b776a9c942e1ecc34c1a7c471a39195caa20aefb072add66c83d99af902d620857d18ddad196f4f207a161

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\threading.h

Filesize
388B

MD5
f2a075d3101c2bf109d94f8c65b4ecb5

SHA1
d48294aec0b7aeb03cf5d56a9912e704b9e90bf6

SHA256
e0ab4f798bccb877548b0ab0f3d98c051b36cde240fdf424c70ace7daf0ffd36

SHA512
d95b5fda6cb93874fe577439f7bd16b10eae37b70c45ae2bd914790c1e3ba70dfb6bda7be79d196f2c40837d98f1005c3ed209cab9ba346ada9ce2ed62a87f13

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\snapshot_blob.bin

Filesize
306KB

MD5
0406a232eb55e516dc38b4967671846a

SHA1
aade7c03b1ecc81027c98a79285687bc19276fc5

SHA256
4f944691b7066ef5653cfbf6b016488f6e5f0afd2d6bc03b90de5485514f83f5

SHA512
c608095510f88348e1e412ef573e4aeb4a7d328dec2892bada688a06baa023fcea1cc0dfbba6f6c41de303f3b6d5e1c4335a2610f3ec47a690e4f309f8782359

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\v8_context_snapshot.bin

Filesize
650KB

MD5
3eef488e8b9d35f710634c4d404c7e1a

SHA1
971c730ccfba2db0fee379683f4e310df5c9f1df

SHA256
3a189b50da4b31b5af6cdfdb6398fa039ccac9e13898e4851b27c4d91f4dff6c

SHA512
f787b7633edf75905674c467f7c291a2b3791a8475b11e1d4fb1769ebe872c6b70d778124c22a55b96efe2ac443c82750371421ac9fe8f2cc8bb47ce0e3648d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\vk_swiftshader.dll

Filesize
5.2MB

MD5
abd993f23ed3c75fb80320a10451dd66

SHA1
95b13400418512870a37a4e59ecc7dd9c467df2b

SHA256
52c64e3bd5f852f7c2628bca773bb5a270ad40f5e31bcf8429323cb9fd1bd4da

SHA512
fe98cabf2e3500d52b09f9869f3ceab6c7ed8fefb7fba56eb62a5319053ea997881112abf139f2e642210eb4b61d5a726b8dc41d4565b81faaeb5d64a00e6267

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\7z-out\vulkan-1.dll

Filesize
874KB

MD5
0b95f0a5905c4075a3fbef0ddb71e915

SHA1
72a4536da15d5d9e1617331d8e4a5c5a579c75b3

SHA256
03b808d8045ebefebf2e2847be039358f7ec1db63e1c601847b8cd304c3db448

SHA512
9e57eeaafdaf0b5516822d1ca7ef1995442a03677f856828d49ccc01ab8492245d8659eec7675822fc8610ba250e49a6f3c8569aad2a324cec83e0d6b5201187

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxA55C.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
13KB

MD5
434fc9babb3ae09a7e49323af4205813

SHA1
836d9cd4639e93e2985a1815fc8c1ed6dfbc8632

SHA256
1d2082563fbe07c3eeb7a542112731d26ef614d36b89cd0c5d58b5f6cd9969a0

SHA512
e37ac78fe4583eab1a94492b450e18ab7e4cc180872d9c30677c8d6d81902c3171c12f02542978fa3fc0afbced6cf01a688e02afa525482a9eb0190027407edd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
18KB

MD5
f42964fd9fa6831e923d62afe918ab95

SHA1
a9780670d0a6b54790718ce559d2ebb8421e7676

SHA256
a426d4991e7bda31ccb95099f2447d498830ca764fe7e266b5d627875441c45f

SHA512
6881dc336c7cf2630e0f7ee800d957b8cc8572bcc9c5d73552916a1d6ed5aa9375a8a5d46692d3e6f3ec7da084cbc9f0b82b1a98d2615d840ad8e08ad968b0f5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
cc8191d79f6378ed574b21afcf46e056

SHA1
922dfbe88d78cdeee23c93a8958cbc45d5f6bcff

SHA256
96af6f4377952b44c1b2b413667f51d45292bbea46d2da1ccaf1e345d8d8c648

SHA512
ee0c387c353a30447266b15af292ccc5d88c025a8336cd847181653ce25e75db55c7030fae595831cc6c307c18bb9df80d44b4aec89ed6b5f4575ffd8f11f022

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
65101b44e10cdef82647f68bbc646509

SHA1
13ca7b2fb3640ad559f149542d34c7add7d32d78

SHA256
697639cc39677d7bf04ac7e378bfac4730ad81b72e45b6b34f09954c69800e0f

SHA512
cabfa726b527ecdc07233df62d93fd26c13bd5555ef3f64cdf1435fb26c73053681c4fd75ce05fed0ed49af2291180996fd17a933889f1e4e4c50ef18adf9ddc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
287330a01d61eedf430682094f160d83

SHA1
dc18dfbaed8b318f042de3181ffdff81d70053ea

SHA256
ba5f0fccd0e1ced6345c248d1a60292421bc31001d118488a9d69547a2756f84

SHA512
f098d4989428400fcfb5d7110d6d82524221d5b1dac0816c7b34f321529415eccaae62e589ccefe226c20e22e89780c29e71706952319a3bb475a31bd8213739

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\AlternateServices.bin

Filesize
8KB

MD5
d70f5694e073bf4060408d7cb7bba860

SHA1
5d0c145fc7569a2ab87f1a870c1cd5ee44621fc6

SHA256
e61d2974dcbcf34b98b47db76b71edb710d0563c00fb541fff69a9f41f98c0e6

SHA512
d86c042c39f28b5f2b6dd5e4fc50dca063871efb2fa777224488510353492ac8ea13a199b9e0b55b3bbaa18eb3bcc5238ac717cd045de2c5dbeb0f1f592de814

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\AlternateServices.bin

Filesize
12KB

MD5
6047e013b6b56a6c8d3659dbbca081f8

SHA1
f7eb4b62c4137d4a1d46091919457e3c80063431

SHA256
280e9f229025892dcf45978049b029e8e06ff3a5e320a035cdda7f7a9e7f0c61

SHA512
acf1654736aa0ad9ab81e71b76608c4476617d0bf3a7a85e88e9db55d0d9924775aab9cb66dd267f7db5f0108961d4ca90b826e75eda76176164fb724cf428c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\bookmarkbackups\bookmarks-2024-09-04_11_AxhfEr2-OFLpTzkjd981hA==.jsonlz4

Filesize
1001B

MD5
8693afadf4cc3bd876dc74648e6e4ace

SHA1
13fddc31ddf842e6c086e7e6bfb202c01ef713b2

SHA256
8050fc7748ef7604f657392e788aee4d49a112b62672d11c24ea301c7f2a30a7

SHA512
cacc0defdea88678dba4e329ca0088d027bec4c97fc763f9a6831fa5a5e5654397fe578aa59bfcb8592887b95f004a7b758569281142ab5c230824bf2fb39918

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.bin

Filesize
25KB

MD5
6caf3d681c7faad1b2f96f10305217e0

SHA1
4062315a5de15e8493817a22b5700e959ecd446e

SHA256
99509921ab91217a90f709e095e8c41f23b1a44278c70d26df4fd1e6638ad678

SHA512
2d6ed69b7b140acdcfa8c6663b45f7720b58dbae5411ee6d394c63e1821dfdb3adf105cab02e87b49c75fb6833dec7556298c3161b74f43e4e521c3af9899807

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.bin

Filesize
61KB

MD5
829e070518e19ad47a8afa655d6285e6

SHA1
7d28f29e69b161a07b314196870a128fa7fc692c

SHA256
508fd5b6c670e17b25d6b6af90eca19ac64a253b4ac918b4be3f20b5e36cda70

SHA512
0b0741421a3e533ec39f39363a7a8cc1327bb5f5834b316df2e0d3dbc59563f2bc78766a815094b0a8eefc1ce26b9bffd08bc3eda06bb6323bc1305ffba2aae4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
567c2a1f3299f62fd0a0dcb54df180ff

SHA1
d73b026f865a4735f7962003047312b71f5297b9

SHA256
8ccbf390d2b75893d17f8b04f84424e53952685750a3aec4eda6ec18dc49a750

SHA512
395bee0c66ac3cab13272a4d1660a3b7bdec308776b68826f166e9b31e12fd06e8c6393069d9685d56788a93fed2d16d60a9a21c617e2cfd542ba034a84d25e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
61KB

MD5
f081b4bfd37fb28c0b87a979b1475958

SHA1
5804d44d00f3944f4c991ab685718fa419eaeb93

SHA256
fbf610e2e6cc8e61ae5578c7a7eda0641d3a612f73b0e73cf7bd3bf911459304

SHA512
1a0f7d94a6d7f69c96ff191671a7f87cef910833946c915e5aded3e7bb476a487aeb2343eee92f31918e523ce3eef691de9dc953328e86c7683b59cc7810c7e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
61KB

MD5
5c968e9affae069bc013e3b6653ba0d0

SHA1
e1322553a845a95d30d2927f262615449c8bcb45

SHA256
383303a7f825e2c627d57114320ec96f580b22bd5578314a0498b394a966a416

SHA512
35cde10af0a768da024d26035dfc4b47ccfb7656a4d9270e5f81514a7ccdf305a9cc6633f2dd81cad813d01d70654a70946a5baf4c459a3150202d8659dfd3be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
153bdbafa5f6b87262580af43b42ab4d

SHA1
482423c5fd53e4a2f4f9e134b7b0d6b3f43c1b3d

SHA256
48220464638ad6d887aa2f78aa5ab61fe033574baf27e21f901188b1d5bf5d2c

SHA512
bbd488e6ee7a8d8c9f60d42ab674f1b4f7865e87efe5865186794ead74625f0cf5882a9172a858231dd92facc2b48b4d426fc429df8dbf79c96bd7feda82ee38

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
6bbbb900546469026b7f95527806a18e

SHA1
1d307b9a3b73cf4a8317ad6a0cb53b619926c45a

SHA256
031ece2072aeeeb7c17f82650acaa7d11b7003dade84b7e15ddc3756767f2f68

SHA512
760d84dbb02f1f1eebd4b0409f6a180a2bb637b58a1834a68f73cda0b32c55cdd5d3c86d47bfa6248d9960b5e43bc81c3f3b39c883d07d369724bef2b6e07979

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
61KB

MD5
b69bf2b049ea84b43935567e12653887

SHA1
efabd619161925c14ef32841e260fa76c175a7b3

SHA256
9f8a1e8292ded99b8d1c3db4669041a222cc8c9b934909eaebbe18552ee86168

SHA512
21799ec326d70bdb4a0f35d487dcde51910636b6f78832e415f7339d3719f672712797daa52ad3fda0da0c4be736d866bdf2bcd426176de20b5351d31138a9ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\pending_pings\15f0086f-4474-4ee3-b9df-7553d9f5137e

Filesize
847B

MD5
befa164d8656920e433e126d476747c9

SHA1
abb412f45c2e778e0c18fede42ba859ce8f022e3

SHA256
b6f621a15f182d3c0c3ec45c9572c023bef87c9d5c1abaddac5324d635638e8a

SHA512
229d42a0b537688b665a4ad827024fd3adcab82cd306fad2956e8a05d90c8c7d4e8b91b44e369bfb6add6f0379af1008021ce8924108efc6124cb497b70e6a60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\pending_pings\479a1b40-4780-4110-aeeb-d2a1c6911695

Filesize
27KB

MD5
1d1a9d81b172317bfd23bce785702dd5

SHA1
6ab5cc4a43e768bf0a831d280d8e1598f0a8496b

SHA256
d20c52416c56ff5ae1c883fd733a8e3fb8a86359dcbce7372941e3a6461889df

SHA512
306b3a8334074f18d3c0f72211c75995676a22ef1edd2940e27638c3f6ecb5b087783e56f12a875a40aea0c8595fc4519c07f1ecb31739d02fcfe2f9441c23ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\pending_pings\871b2474-864e-42ae-a684-1c7a8ebc2639

Filesize
982B

MD5
9611dd607285c825f73d2a0bd5fb38d8

SHA1
70841c5a9528972ff0ac131329ee8f1bcbf7ae36

SHA256
a7b6aa2e8dc476d6fe936afb32458757699cd407aab0f83625734674f5b7f0fe

SHA512
96608258e82f18f1e51c01e2da8ef24b04c7c39928c7e3c27145d9aefbc36b07a8353b7002f9e2af884fc83d0ab47fe748df590b8aae895d51fc3baa8719dad8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\pending_pings\be35deb0-391f-468c-a3c7-d0fe83660a51

Filesize
5KB

MD5
33c418576c4d091d7001e9317ffbb0b9

SHA1
a2c4a249fbbe394d249bc06f5fbea9d0e498436a

SHA256
1cf1ea490cbdd90c45128b11276aed010d21e7a077f30527930e999147435d09

SHA512
3cad7464e3507421fabddfb55e05703f8ac93859a1c37faa5e12b5c7a6cba3295a1e6d8fc814f9d231689e8a35bcd0fad2f98c9423bd19d3922a8719b7e833ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\pending_pings\e17ecc5b-54a3-481a-a44d-dfa105d326b5

Filesize
671B

MD5
e30a8b0ec83947539dfd31deebce8a56

SHA1
04a797f751ac00d79a6c58da3bb1b1be00e866d0

SHA256
bc170eec45564df485b63dfe2c87e7bf8015d2feb9fc07e0448e4e5f3911870c

SHA512
f91204f203b68b971d5bf3584482c85b3ca2b5153f44e0b725fbadc75eb6cb182c43594c02c3e252334eacb9a27101c9b945014d84a174abaa74b44d9a32d278

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\prefs-1.js

Filesize
12KB

MD5
fa1dfda619f7b1597dcbeacad7e8f0dc

SHA1
8f61eb97fa343720052066ee9d6e4d2576dbea30

SHA256
19617c88386edfb7d729b4e9fd9210364407a952c5bbbff573de535681e6dba3

SHA512
397fc3bf99be1523eef4dde5349c2985230d65fbc1a321a2f39ca3fa45a61beb0141c3d1ae24aef3e6e4af1455aea1184849522bff498228f2dbd5c96043b1a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\prefs-1.js

Filesize
11KB

MD5
90465d62b618cc80a4bc1f80ec924b55

SHA1
76e32dac6639fafd2a7bd1e84a5c9829fd4dddda

SHA256
0d36c615c8da883dfebf446934408c8d275bf43011f5d43512cfe298a67d25b3

SHA512
b2c3a908018f672603afe0f7d0bbf8ced0e70342f93c50004a1a4ea14f21d986aabd589302ff16707438a245d48010d2a409ccf99404f19d3f2e0ff389511ba6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\prefs.js

Filesize
11KB

MD5
a698220d971bbf34a9492cec0f48973f

SHA1
3a10d05201489cd4a451f2fffcf71d218d691a7a

SHA256
76d804683425a8999a778a34b6622511b53876c5a1acdf2330defd6a30556ab8

SHA512
784ac2d42f407bbbfec9a38ea38212d16f52374aaf4bf114758cc2ce36538ab0f5fb7428ac845328d5059e1bb4e9430ed07ddc1b8fa930c5181cd96729d74aa3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\prefs.js

Filesize
10KB

MD5
0e571d7bd60e6480e51a7a7d32588ebd

SHA1
cae6eec86e3b763264e600a802dabca5c1ee5661

SHA256
f7b6a039fefdc304154e421a13edc196538c1ccb8b52c516486527e65da16ac0

SHA512
ac21ff8d6ee2e58ed612b9a122190f41aa8279be10c52f8eeac356c67d082c399e3c46aa048bb66191a8fb079615b5562cf9d9ca64a699d20248b2f73f15530a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\prefs.js

Filesize
11KB

MD5
a2af77f9049252a66bed5381f6e377c7

SHA1
9823326c6055d118cf44ca0f538342378d26c9f9

SHA256
6ff6f0ada8e9c2af6b23db674cc12a74019e61391e340480af02c870e355d36a

SHA512
b9308f982dd954cfa7599677beb7a1c7f3a9608b8e8f46e417e0c6ccddf89a43c8bd04137414d92eae7b6fe7e4e0584f116bc8d1c4dcc4da0ed6f2338b0d5403

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\prefs.js

Filesize
10KB

MD5
78e0d4a1bd29676bc3ba973533194355

SHA1
a9c8b5ba23eb5d3ceae0e9c55545736355bc762f

SHA256
a22b26b1602570b6e99d73c3a1eb62c57a4ef8de239231f928a309e951b2da77

SHA512
e90b5bb253b60822f1f33b8da3d751a07a2b64fb8e2b1817952ebd5273d1164f8fa17c88cb0642c3c5ce4b89daa3b95b8425fa76d9cf2cc7f71ad6822c0f0be1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
eb6eb7f1804a3bc5944e42b62e61a715

SHA1
72e96b53e034fc7161cc4224caef479bd576c569

SHA256
0d4ebb7b72498033fceb5edaf74d630377a7c1a261278e5de9f73f497a9393b6

SHA512
9c0a391cc7bfd325af87486e087c187333d9285bdb5b814478d29e4f3d8ef65257533035e17896ee9127cab548d7e78476298de3bc1ad154d00c2641d17784bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
a6510599e2f728a18c8203d250b600e4

SHA1
effe2c045f66130cbb768b08f98a19297e8b60dd

SHA256
5fddfcfc32d323b7d433fb131b49c2249ab8d7939bbb49315016244b275ff99d

SHA512
4d58692db4efd640a81c978c1e2cc79b4dacb531c3558cf9d960d8dc4f409c5f3c5dbc268da1401275d8c27386b189de7f4677f55a756a1474e8f7eae3a9b0c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
dc9fe7aade3882007aca5ac79709f83f

SHA1
156cb00c4f7d1df5a3b4bcc3717671e5e53f902a

SHA256
31eaa5e52f955b2216c5189f4f6fcdf6a5ecd496e9df15bf9793e56935b2ff62

SHA512
16e5119076a70cf5d17385ff87533e7d91642fd9eaa30925c93336d6af151cd28ae9218f90cc15e0f80fca7f774d0c568df28819c3ac80464ff983cf4df84f76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
2deb4dd369e0f11b0b0e9c46cc1bf1d9

SHA1
ffd22ec943b240937862864ddb73dce736aba5bd

SHA256
a5310b1e2e61055a1c2319f04e023d503cc27843a98b001cae7aef774bdde12c

SHA512
b37d6b9340c9f078afc3518df53365aad194813fb719792ce6118a0f04f6e919f6a7156b72b8a8427d4435ae7a1cbfbaca9a6547a4d69789185baadee13c4e8a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
055668af6f0722fa3185a35e8e8b55a7

SHA1
2dc0d81c14fd1373097e2c6ac5b71c062015b76a

SHA256
b28454eb11af18ee1196d5b70a24213da466f1c760452e1ce439a269dd21b2ec

SHA512
a2b00e4e4ac944feceb827b416754ca546ddd1368daa512a4372939764f839bb274c0f8622465583df593d7e89419aafb474a1d27343175ca68e584dcb9dcc08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
61da83eedc54284db1d017f7a837d5a2

SHA1
6365993173750772c09179561ffa06986af04ca8

SHA256
8385423431f6d477167159085c7d474e55db6754910bdd391109a474d668bd5c

SHA512
237e72b82938f18395dd1f3e052c92f8427b7a75df9f3a0c234c4c30eb7a2899da4dee474870cf356a93724952169dbbe882cc25d0bb201d11f591fc0cdee9a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
b412a08c3e45ccafcdc0c7190b11df7c

SHA1
eaabc7570baf5503cb4c3c5ea5a187c72dc92221

SHA256
bb5c4573fb3288bd42f6d28182d83b737988ee72778d302c8fdce9c87dabe736

SHA512
4f3ac77eb67159aa14778f97d57a4770c9f2359e13dc631b1f094df8227ef4e5c225053027031e55b10ea3b3746139736a9336b4aa943b6726be3656f255aca7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
8bfd0f51a2885c358e4ccfe2da13c961

SHA1
1e2eb10c2011fc75b69795aad7d0420d9c6190b0

SHA256
58a5ea07f5b983164c472096ccbc4a2b8b48a127a8498a5a2e231564520ff698

SHA512
64d4f437015caf6526e11d93d264605e9e49e39e4c68719e727df09bd47bbd0f9739c93b80c1952cdf8b927b447fd073738984284d6e84065dbb09f3c272e5ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
4f4ec01bce36f3670c3dc72f6f15b0c8

SHA1
303aef8929d1006296852a40e45f2e1df96ca80a

SHA256
8128899daa8af404409fdaa6c4f16ac63fb4810a17eea326d0e1b74e750a6037

SHA512
1371b29f62d4c3ce035bc16e59c0a2f6ac37d4d406b512f5dd94c3605fb8c74aeeb0809801a289f2e2c906065c494025aec2f300ef322b7d602fd55e4d9c62e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
42e1714a0007f3ff079336b1b45bb034

SHA1
b8bbb4d1c956d91311fe2d10ba1e1f18ab08d547

SHA256
6def2c6d8f576ff9cf9b41a0e09f8cbe40cc76be204b810f176dd60887b30438

SHA512
37d285858b55f9d9894d75c18af0b0b908793a6c78b8d102681ca8c3c48db5fbdf74dd5161c487caef5108f25d0555cf8618d184bafc6ada2e4a70f702db19d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
35ca9b56c096ff8d816427b409d55d81

SHA1
16544674fac4051145523df12c6b919aff4ed8a2

SHA256
58465d183422ae7b6023c83df195d84a2f8e8fdbf1fa4d4834ea8eb36c67c55e

SHA512
6bf5e02b6a92dcbdeaec53feeef7229949c04731720a0a200564be14121f32d8e19e269401156fb029ea718cd0521029bfc88ceb925917dd27ef4df17f99176f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
6be625216add4e49aeb4dfc7e818ba24

SHA1
75a8512ba4e56efb1941e11d78f97cd490f9c406

SHA256
01c4856cc4a8466ce0f7899839b760f97ca8770ec0b0775f6f7077cd3e9a50a8

SHA512
2fea24eda301a3dfa71c1b689d6830995f25cf4d9334a3ac0fe3a95c94d813eeed4ec9f02d39583f328b299df761c855947879166c80b71f43ac16aeba69e7d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
2e10e0c60773fb9c800a450d76cf2150

SHA1
3331539667cb521802d9de0fce4b332a5e5a6cff

SHA256
8d580f44e60e47fb1902c458318ee709abca714ece9de6d87dbe4c8b6baba52f

SHA512
e8ea7863e118c776ada4ac8eb314667a4e76f5109e75cd9618a11dcad7464dfef4d2342de779344b4a797d5459b499e81e329f832ce8cfa580b1829e83de49a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
866bc96a76eb23f41f7515903aa1d6c5

SHA1
59d3fc6e3cb8a0e1c79407436c7cdd58cbec95fc

SHA256
b5ce9491080efdfa361fd0235c7afbf3804eb827916f6c0709da8a70197d2de3

SHA512
669cbe033b7a26fcb42aedfe5440790e690d026d8ff6557134dcdcc7c556be1be0c67a1f504d788b5a352bcfd3003753b7d3ddfbfd833d4c9cd4ae87d0badf15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
0d40c3ec0b7b62d347fa0d0703162519

SHA1
96a20a7bc1fb25beebb9a981d85504cb162bbb2e

SHA256
8ee2761c2c0a087093d0b558278a02c73d90978f839f9694fcfb9ccfc2a36c87

SHA512
abac847104bae40bc1466560b7a2e786d69e21929aa3ad643fdc8386b53e3eb8b040fae2fc0f15faef817aa5397e928c9abb44c5b7425a889ae9fc93ea5a492d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
351095a184db53a4c76c7ca109f32d7c

SHA1
a65b9acf84393c79dd3ea4eb9d036a14be5a52ef

SHA256
f843c8e4d14ab045df64420ff9b3141e01aad3cbd7913d992626fb15cafd918f

SHA512
8908b0f7fd54e1654148873b52063d9f90eaf0ab621c161e7625a68eb24c5ebc1bca6452aebe9dcf832cd57509244c52bb9255c8fad435b5f7a49cd4d299da48

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
e2d50da640ce98d9dc5c348a0e353b4d

SHA1
f3a64060b7e002f432340274fc23a59d197c517b

SHA256
84a0f8e69d27f5496805073aa7d5472c1cdc5cf2dc79ab08e12e481956e5773e

SHA512
c3a9332d01184ae22e5bcf705edd800f2f516856c10963801e8f6e3d5275d290d4a90fb5662fb17e1f34f2e2d2f7454347b9b6c163874c74a7ccd488d08c3fc7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
a4feb5ab0fdb4e663a566192384bac6d

SHA1
36243680f4ba96641df8a8a4ca70e1c020d19791

SHA256
d169d5569ad232a82a0a169d3766a7ac90ebb181724d2653c982cfe8c1d41535

SHA512
a6110e7872c74cebae05d1567334cff59c55efedd0af10941923982dcd74c064fbe8734b1dea846303a6d3ee4dec2731f5018f4e62e2804c1cabdeae1643a7ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
92d8c2ddf869870aefb28babb6885d81

SHA1
921cfb474c138562605d9b0860a6bebc2efcd8f9

SHA256
4041826a21eab049f6b52ff41f91da6a304bbb774a7fc92987e6e62dc3aeab3c

SHA512
236e31e63b91e4381504313155c036ecbd2d0fe3140720d0307bf77f40cb67f00f0c266e5a4bb59aafc2f2bece2add7a768ba3939028b62df94d0af31f6d0428

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
0e63c9f7e74461e5c3ea8880002dba56

SHA1
80e3b9eda6cae255f72d58b934ed35e3d8909ef6

SHA256
1ae5ff6b71d0f8454a7d86f6ac92854919dfb99220c613f3512b66df6a6f886d

SHA512
b7614a41470c2e95c02a85751838272a1b463b19ce4d78cb7e495e045f14e44a429000590c36f21bd0d287e2122559398a05b59ba9e5d56636132980a71e2a7d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
580657baf7352d1e649f0b8f46fb077e

SHA1
2d82725aff0a6b1da7ea7ec57e5f8ceb93b14792

SHA256
0569d25105b98d1865a464ce81ec5f2b48a1969270431fd974d814458b8ce59f

SHA512
1d0d3bc72f86a08311ada44221063ad319ab1baa5d351181b58e4c1c6cdda6e23939af16cdbb11133aad7ebc661dec50558ea117013f3968299e1cd95a3ef8d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
6e702f9d719a35d26a1bac57acac78f1

SHA1
4ba3122d595cc9faedb7b00947258473c70c8291

SHA256
a6c6925cb22e8c2082dfc90cf7d6bef9e66f5b137ad32fb6f0932de42d1589f8

SHA512
743bae1a9707c9eb4c6fd669266e37f05ea8798b641115ac33e41484ec790d0dc393d9140277251d30d5302b1480689a9464da923f1061264c06a13250b7ec53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
cf1195df2e5ba1d2bcf5a9b4dd6350e4

SHA1
6f5d9174dc1fe728f5188c75b49ec94c4eb35f24

SHA256
ca21e752982ff7516c225862929bf9cbf0708daced06da39eaec0dcb7078757f

SHA512
6a6fce35be14d42a6fbe357d2c02fafc6cfca540b4d6cc983b8d1179ad83dbe5efe3640687698314de29fb598a914e70c4a21a3b1fa220be0734fa4c998156a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
659f5b2abd6c404040362cefaf38769d

SHA1
cdace57097afc2d1c0903e7f11bbd9b033640806

SHA256
731e7ba4f9d92ee1eea82c7cbd7d2466d2e386e98881967b8a7d9383bf4da6f5

SHA512
5dad762d7dfa4bdb81e6c538f728f47ac348dd544dfeff774631b9af30051d9cadc60f6e54b7b43a8fc83650c18d798aad9906fc6756c1b2cbe42d5e23707001

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
0fb50005581df7090239fe8b0a1d5b6a

SHA1
f0144f3c6283a88800ed13e1c984349f36511880

SHA256
cde92da2a38afd897d9fedeeffb24850199be7237f24b39547fd3d13099556b9

SHA512
068d97aeddf185fb538e708bd27db118e9e84cd96668198f9b8f391a7e61dc9196f941bb673182f4dec642303415a5b303671076ce4fcb9f7707416b49935cef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
268ae15621c3d61ba984cc167ba2c517

SHA1
76696bf0329e974bc62bffefe8c7d838ab8a0c41

SHA256
e4e53f96defdd9afb5ea657af83149270f5c69b9fa9ea7acddb0d7d58f93b464

SHA512
90745cd34d0338baa595269bf492879178e94dbf39e3d760b6e7b76704c5eb7273f41f3f86e70cdcb066fa657336e926d6e04742ef2d7c576a70d0eab9d04f2d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
9de48b7d1c337fed7e54a6eeb9e86419

SHA1
2d25e025399816e600667bda29c5b10d83fe345c

SHA256
0f5c3c12a5c111918283e7286f6f1f8d5ae358512d4df93aefb06f9652cac01e

SHA512
47e2ebb6049049ea63a15c0ab175e0d6b4b4c48731a9f1d56b5b8a9c1411140c9501313517644ed74f8d0e50b916de6cf0753e47eb09869a0eefa9c062875702

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\storage\default\https+++www.virustotal.com\cache\morgue\113\{81ad248e-6311-4de1-b6e7-234605bfb071}.final

Filesize
5KB

MD5
50ef2c2487201527dfb6607023330e4f

SHA1
e6f6d0416b3a6540507e3f15f8638caaeb3f003e

SHA256
8c5ef9e1452bbd5ed7c1efb108bfe001296c34a7fdd9e73ac0056ec1db38be96

SHA512
9c3c9ddda7b627138008384cca9fd5190ac72cf23804b0971be52e69850afbb3a5ef1ba62b24b80724141e249192deb2cea1eb0ee2c8a30247269a973dc26e08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\storage\default\https+++www.virustotal.com\cache\morgue\127\{f55c3982-18dc-42a2-9578-aec7a520a27f}.final

Filesize
786B

MD5
1babbbab79f582a49f171f2fe8cc8e1f

SHA1
e4d32346c93af305be5f9692fc6c291c0b20f5f0

SHA256
1a7ed24f3a0f6b679daf48cfd45d00b1ef0e7fe28782089fa29f087606795204

SHA512
7b82c643f8d50e1925c101ce34fa2025e254de6d931d2a55521e50623ffd3e15c5fb92d5ba82a175b81d51d65380420cbaefd1244bf9258b38e488b246334886

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\storage\default\https+++www.virustotal.com\cache\morgue\149\{4a7a323a-c54d-41d2-95a1-093651a16a95}.final

Filesize
225B

MD5
bb8d8573ec411507e70016c059190b33

SHA1
56e456446e59bbb23809e31cf4fa0e261c0ef69c

SHA256
58d19c8b51e56c1e2ddef975897c4dde19137c9a566a72145f661eebc31d908c

SHA512
6913c73c16b156e385005530731b657a3a21b94ebfca2222988461c674285b75be9007cc0d78c6e0bd36107b02dc33d40f2ab5a61ae237c38784d0fe896d5b66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\storage\default\https+++www.virustotal.com\cache\morgue\16\{87ac702e-09a9-4db9-89d9-08c4c3fa4e10}.final

Filesize
7KB

MD5
124d85bdda117471167186a1c9ec9fc5

SHA1
03edca0b621ca72cd02bd7fe87d071446876534e

SHA256
7bdd3e63acff5e8aacfde23f8e7b4d8d254583d1c6514b5a922f3b066079145f

SHA512
af05dd52136be49d7cc92add9e3f163bc218232d96356781eeb50559ce2edbbdd92c3fdab4f8df045fff6e6dcd95a8c75987e31901a709aa7eeb88daa654406d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\storage\default\https+++www.virustotal.com\cache\morgue\183\{e4739697-222a-4f82-9480-732ffea885b7}.final

Filesize
6KB

MD5
099eb6fb4a25a03e1d0acf3ab8371986

SHA1
ea797e9c8300db9bb926b07218ec45462fc52a3c

SHA256
8c50ba92a88e293ae004c7360e1a55e3fefe2fb0995e0e792ccbee1a02533f4b

SHA512
7c96b829f080e0ebef9c924729b505955d6adf65981fc6371b951f6e7d9294478cfc5b8891c00ce199a43711ebdc125f1e2b873dd380de077d5059b94dae6e43

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\storage\default\https+++www.virustotal.com\cache\morgue\189\{af09fde9-f9c7-4c17-862f-e5c380ac29bd}.final

Filesize
226B

MD5
bc66619ec7b5411e42dab58fb4daa6a0

SHA1
3759c7aef133b8b097c7536f443bd6af8dc82a7a

SHA256
60aec9f5fcca87997204c94aad0fd4b94bdd8a318dd20dd60e94fcc7c9177257

SHA512
7e003cf92beef7eb8fb5c55ce08bf3e994f82f345b7a04b6d686719c9baaeea40b8f19ba4abb763d3b74634a610b0e9539a68c189be9583716a2b082a1b152b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\storage\default\https+++www.virustotal.com\cache\morgue\190\{b280ab35-a3c1-44bf-b7f2-5699b7bb41be}.final

Filesize
38KB

MD5
829ad4597a25ca70845f8a52bcebaf3d

SHA1
48512254404f973347a1f95ba63bc1b69b4454eb

SHA256
681ec400e590cfbd098c43c97a8203ea9c411b15e3803d957604e35cfc286173

SHA512
0732075b7e04e4eb0b2aa3bb7b2888817f0b0c7323eaace612a24061b3005c3ceb1ea607f951966b9053da928619b44d9b6f7d0e0a89f1207e1fb9b9be46e9f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\storage\default\https+++www.virustotal.com\cache\morgue\195\{ef19b25d-6e5e-467b-b8ca-1ace54429ac3}.final

Filesize
49KB

MD5
abe8136291e58ad26341be833595bd25

SHA1
b8ade8ed9676ace38107f7ec6348c3c4c339f8c9

SHA256
c046117990f0e1b4c0ef5cf7411318404b0c5bf0db5e38c31061de1c8f67324e

SHA512
29e346aa83bf8cb1ca7f16c5d44c98fa6576d7d0261ded948d6c90dbd274162456cdae4d6a81923ac307901f862bc3c109092a8a5cf20ad7dcfd153f1b6057f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\storage\default\https+++www.virustotal.com\cache\morgue\204\{970e7d15-5f71-405d-bd8a-d45044a47ccc}.final

Filesize
8KB

MD5
5cb27cc8e76772598a7f5c9c60ae0216

SHA1
89895095c7edc96cdcd995e7203fd8e5e7c2a99f

SHA256
c28b2e7180b6a0d0dc4f0b505851fee72225f272b43626516216300b9c8e561a

SHA512
a9fe8c1536fc02853b3b8bfd6bf18100d57d444334153d00b430fe3bed3a03825edb1f8fdebf47eb0751a4f058ff73237d569ca41879e526fc6046545580917c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\storage\default\https+++www.virustotal.com\cache\morgue\204\{fbf5b38e-985e-4aab-a17a-2083e236f3cc}.final

Filesize
37KB

MD5
52d7eba5f2b0983af864e3588d4cc45d

SHA1
21be3772f2e0961c562e5a53e40e658ee305f99b

SHA256
0304489759d0f197f9e75522263332c6ce110bcb6c34de5799486e5efbd7f876

SHA512
b211ace0849151f47123c77120c2d3e4354813bbbfb94fef55156b2332706e922fc31dc1236e45d7aca82d3ddae0fcbf84591299a1ab8fe4b6c281be9dad931a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\storage\default\https+++www.virustotal.com\cache\morgue\211\{e983713c-38fa-48f2-af67-8e18ef3cc7d3}.final

Filesize
18KB

MD5
561d6fec5de025d2ff8754fccf934b1c

SHA1
9595debf76704aa713944c58803395d601058cf0

SHA256
6b292c67bbfbde7be3f00e3ada531c6e59e45f6666b0609669fd85d7e43465aa

SHA512
9897a97eca20de7ac7b938654a6110e5e0255f3d94ba45cbcaae49e9859607d798f44d07baeec99297b3c3476bb372f7f4a005a1d4362fb52d9af88c9fcfc556

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\storage\default\https+++www.virustotal.com\cache\morgue\212\{01cce369-ccac-4b11-845f-1ac9bbd1f6d4}.final

Filesize
1KB

MD5
41f89c17bc683d7ac874df700dc8e3a0

SHA1
a2c830a546dc6991b139a178c2614b9ce6f2ecd5

SHA256
f75c39bfc4d1d4f01ca2e85897ee927fb9a473fc03b31c93ede767c465597b95

SHA512
d403d003b993eb53db650e9e68981a85aac0eb44598950992dd703ac9c31188e87c15f5f3138c33d8a6b1f2705b8e9f9ddbf5b6661e6e0774fd7fe0168b6215b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\storage\default\https+++www.virustotal.com\cache\morgue\225\{4e256eff-40b2-44c9-aa01-1cfad58a10e1}.final

Filesize
8KB

MD5
74ec8fde947bec52789af73a8aa964af

SHA1
7170784354cc1546eca879396f0c00c4fdf83a48

SHA256
641361684d7ada42e6d5a93c296edf75cf78eea24f0deb8c6c1aa1177530d8fa

SHA512
6d2ae5f4146dd8f68868bc2fbfa1615a2859a044da19f4f1b3f603558f0fe9e1e590eee91a47c7159554ae265b461acdcd2607ceea7004ac865e5b1a6f1618e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\storage\default\https+++www.virustotal.com\cache\morgue\23\{c94efbe6-bef1-416e-b08d-9df4b227ce17}.final

Filesize
252B

MD5
fe565da022d24a01cc4b3c29eb12d8ff

SHA1
f4d33ecc380fdd001060cc0429daa8993e96e341

SHA256
543378a602d39932a43e11cfe121f741400dbb3be229eed907c12f5a5b19efb1

SHA512
f0f814996b9fc39b4ca8ef0f9ac452fb72d566720382675e569754f0d8395d46a684cba4c576f1be6bbd57636ceecb557d5b144256312032d16136ebe8b5f25e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\storage\default\https+++www.virustotal.com\cache\morgue\240\{d4ae5ba7-69e4-476f-a1d7-5289e0ca9bf0}.final

Filesize
219B

MD5
c5dfb6d62f9a1d06dc82225daafda63d

SHA1
f2aab2417e1e2ff9986e99710ffcf4e1a3fb7306

SHA256
1e55c0e65589671821c530e796182460ae02eadeddb92eed26c2243e30537478

SHA512
3c7cdd6e2e8ed7a09c098b927ec038ea46b1b446c2418c1a0ba8553574b0e88f91d5753613d14a9f68635a056148e76c7320d83938f6bd36896b46142e24698d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\storage\default\https+++www.virustotal.com\cache\morgue\245\{9200b539-f5f8-42ee-86af-66cd615963f5}.final

Filesize
220B

MD5
8605abeca36f61159e78e658e570b2ef

SHA1
667cc6b8014296b028a4d25c90f3377d9a63d58d

SHA256
f0cc891588c81ae257ff3ed089f9ae9671694560ab09019dc4ec0ca9979a1994

SHA512
b04c093a96a762c1483054fdea732fac15f7d9eac33a8db7b08d842dd7e88c7c3af4043654988bc9203daeb47987c811cdbefcefbc905475a638d4c8f05af04e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\storage\default\https+++www.virustotal.com\cache\morgue\32\{0bc16411-065a-443a-b5f6-a92f6a093220}.final

Filesize
50KB

MD5
f44cf767c6e10a10317759d1ac4170a8

SHA1
a8b53012539616f8ba82cc351e23460552327ebd

SHA256
16473a55684f5c6b51153c75881604b4e20f763854de7bc003fd483ebc4b7f35

SHA512
a4134c51cf8c620e86fc3e3cf261aec85093c0f6255a5d5e03dc54e37554a8abbd29d83332fefeee3148ba7e35ce1602f3fa96ad66f3544cf059dd1812ceea41

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\storage\default\https+++www.virustotal.com\cache\morgue\37\{5140bf9a-5eb4-45fe-91bd-66a79ba6ed25}.final

Filesize
238B

MD5
f6039a89c8d0ca3a18b744fbf87f16a9

SHA1
994a484bb3c69939d50028c351abcdde835eb000

SHA256
9e6acac477ce4e5669df6294ec4dee013adf6828e60ed6ec3053b0eb5ba1dcd0

SHA512
d4064ac028455624741f65598ddbdbf90b30355ce828713fc67ddaaff23d5fd294fc511408a82f9a8dcf309d3a6b4813e643a665b82fad737ca2f7d04e99aefc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\storage\default\https+++www.virustotal.com\cache\morgue\3\{caa76671-09d5-497a-9f89-d36e3fdf3003}.final

Filesize
49KB

MD5
1172d5f52638468f2ca69fb38d678b84

SHA1
d41fe379d5b30fd99fd81ba34fb0de34b9c35b17

SHA256
16628e31021a928c307919dbe9fa5dd0881014d803ca807bfaa8b6994946149e

SHA512
b5a67b394a3b1fbab1da3ee680410d96f5957a9750c15a013602db25f65929e4965663a059649083c700eb8e5d32ab08e840372cc4d85160fc821b773f2049e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\storage\default\https+++www.virustotal.com\cache\morgue\56\{2a5b034a-a5e0-4cee-b351-9242be0ec738}.final

Filesize
8KB

MD5
3129726272aa8de8eccbeeddf684ea0e

SHA1
c44a2aabe94b14373be2090c7dbb445c1c70b8c6

SHA256
b278cb6f25fbadafa95bf441da4125242dd0a44c8c53ce8bcf7325b4a5dd66a8

SHA512
243b63a272c9eeda9a2579751ed2636e81333f2e201234bfd2c15ef7f8e5f8a79355da6bc9f8dc9fa63b0c4763b41770db6d6242741f7f88109114e7f35411b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
576KB

MD5
7ad1912b3d0a81bf21a038fd8eb9b073

SHA1
7883cb93edab218115b7ee97eda53b674ba46323

SHA256
25e52ea43e2ee6daac5fabf3a4a40c6306b72c0a2db9421ab8c52832d7963f31

SHA512
526debea79ff2801b5d71ec9e1ef4a2c2e59c8ca7b69479c5982e75948ccc90f3b2bc395cd93a71065dbd9d34f130c1f3e4fa0cb6c6530015f01a636482ab7d9

Download Submit
C:\Users\Admin\Downloads\MixerLap_x64.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/3356-1350-0x000002BC6D440000-0x000002BC6D462000-memory.dmp

Filesize
136KB

Download
memory/3356-1351-0x000002BC6D850000-0x000002BC6D87A000-memory.dmp

Filesize
168KB

Download
memory/3356-1352-0x000002BC6D850000-0x000002BC6D874000-memory.dmp

Filesize
144KB

Download
memory/3896-5105-0x0000017927450000-0x0000017927451000-memory.dmp

Filesize
4KB

Download
memory/3896-5113-0x0000017927450000-0x0000017927451000-memory.dmp

Filesize
4KB

Download
memory/3896-5104-0x0000017927450000-0x0000017927451000-memory.dmp

Filesize
4KB

Download
memory/3896-5114-0x0000017927450000-0x0000017927451000-memory.dmp

Filesize
4KB

Download
memory/3896-5109-0x0000017927450000-0x0000017927451000-memory.dmp

Filesize
4KB

Download
memory/3896-5103-0x0000017927450000-0x0000017927451000-memory.dmp

Filesize
4KB

Download
memory/3896-5110-0x0000017927450000-0x0000017927451000-memory.dmp

Filesize
4KB

Download
memory/3896-5111-0x0000017927450000-0x0000017927451000-memory.dmp

Filesize
4KB

Download
memory/3896-5112-0x0000017927450000-0x0000017927451000-memory.dmp

Filesize
4KB

Download
memory/4136-4761-0x0000027516F70000-0x0000027516F71000-memory.dmp

Filesize
4KB

Download
memory/4136-4763-0x0000027516F70000-0x0000027516F71000-memory.dmp

Filesize
4KB

Download
memory/4136-4755-0x0000027516F70000-0x0000027516F71000-memory.dmp

Filesize
4KB

Download
memory/4136-4756-0x0000027516F70000-0x0000027516F71000-memory.dmp

Filesize
4KB

Download
memory/4136-4767-0x0000027516F70000-0x0000027516F71000-memory.dmp

Filesize
4KB

Download
memory/4136-4757-0x0000027516F70000-0x0000027516F71000-memory.dmp

Filesize
4KB

Download
memory/4136-4766-0x0000027516F70000-0x0000027516F71000-memory.dmp

Filesize
4KB

Download
memory/4136-4765-0x0000027516F70000-0x0000027516F71000-memory.dmp

Filesize
4KB

Download
memory/4136-4764-0x0000027516F70000-0x0000027516F71000-memory.dmp

Filesize
4KB

Download
memory/4136-4762-0x0000027516F70000-0x0000027516F71000-memory.dmp

Filesize
4KB

Download