epsilon | hxxps://filebin[.]net/1bn9n6j9vnvlz3cb/Gun_Mania_Setup[.]rar

Analysis

max time kernel
431s
max time network
424s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
04-03-2024 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://filebin.net/1bn9n6j9vnvlz3cb/Gun_Mania_Setup.rar

Score

10^/10

epsilon spyware stealer

Malware Config

Signatures

Epsilon Stealer
Information stealer.
stealer epsilon

Executes dropped EXE 5 IoCs

pid	Process
3284	Gun_Mania_Setup.exe
3008	GunManiaSetup.exe
2712	GunManiaSetup.exe
2196	GunManiaSetup.exe
4928	GunManiaSetup.exe

Loads dropped DLL 11 IoCs

pid	Process
3284	Gun_Mania_Setup.exe
3284	Gun_Mania_Setup.exe
3284	Gun_Mania_Setup.exe
3008	GunManiaSetup.exe
3008	GunManiaSetup.exe
2712	GunManiaSetup.exe
2196	GunManiaSetup.exe
4928	GunManiaSetup.exe
3008	GunManiaSetup.exe
132	taskmgr.exe
132	taskmgr.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
34	ipinfo.io
39	ipinfo.io

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
2296	WMIC.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
3120	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
4984	taskkill.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings	firefox.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Gun_Mania_Setup.rar:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zOC7058958\Gun_Mania_Setup.exe:Zone.Identifier	7zFM.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4884	msedge.exe
4884	msedge.exe
4452	msedge.exe
4452	msedge.exe
3772	msedge.exe
3772	msedge.exe
1972	identity_helper.exe
1972	identity_helper.exe
780	msedge.exe
780	msedge.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4220	7zFM.exe
132	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	4220	7zFM.exe
Token: 35	4220	7zFM.exe
Token: SeSecurityPrivilege	4220	7zFM.exe
Token: SeSecurityPrivilege	3284	Gun_Mania_Setup.exe
Token: SeDebugPrivilege	132	taskmgr.exe
Token: SeSystemProfilePrivilege	132	taskmgr.exe
Token: SeCreateGlobalPrivilege	132	taskmgr.exe
Token: SeIncreaseQuotaPrivilege	3436	WMIC.exe
Token: SeSecurityPrivilege	3436	WMIC.exe
Token: SeTakeOwnershipPrivilege	3436	WMIC.exe
Token: SeLoadDriverPrivilege	3436	WMIC.exe
Token: SeSystemProfilePrivilege	3436	WMIC.exe
Token: SeSystemtimePrivilege	3436	WMIC.exe
Token: SeProfSingleProcessPrivilege	3436	WMIC.exe
Token: SeIncBasePriorityPrivilege	3436	WMIC.exe
Token: SeCreatePagefilePrivilege	3436	WMIC.exe
Token: SeBackupPrivilege	3436	WMIC.exe
Token: SeRestorePrivilege	3436	WMIC.exe
Token: SeShutdownPrivilege	3436	WMIC.exe
Token: SeDebugPrivilege	3436	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3436	WMIC.exe
Token: SeRemoteShutdownPrivilege	3436	WMIC.exe
Token: SeUndockPrivilege	3436	WMIC.exe
Token: SeManageVolumePrivilege	3436	WMIC.exe
Token: 33	3436	WMIC.exe
Token: 34	3436	WMIC.exe
Token: 35	3436	WMIC.exe
Token: 36	3436	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3436	WMIC.exe
Token: SeSecurityPrivilege	3436	WMIC.exe
Token: SeTakeOwnershipPrivilege	3436	WMIC.exe
Token: SeLoadDriverPrivilege	3436	WMIC.exe
Token: SeSystemProfilePrivilege	3436	WMIC.exe
Token: SeSystemtimePrivilege	3436	WMIC.exe
Token: SeProfSingleProcessPrivilege	3436	WMIC.exe
Token: SeIncBasePriorityPrivilege	3436	WMIC.exe
Token: SeCreatePagefilePrivilege	3436	WMIC.exe
Token: SeBackupPrivilege	3436	WMIC.exe
Token: SeRestorePrivilege	3436	WMIC.exe
Token: SeShutdownPrivilege	3436	WMIC.exe
Token: SeDebugPrivilege	3436	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3436	WMIC.exe
Token: SeRemoteShutdownPrivilege	3436	WMIC.exe
Token: SeUndockPrivilege	3436	WMIC.exe
Token: SeManageVolumePrivilege	3436	WMIC.exe
Token: 33	3436	WMIC.exe
Token: 34	3436	WMIC.exe
Token: 35	3436	WMIC.exe
Token: 36	3436	WMIC.exe
Token: SeShutdownPrivilege	3008	GunManiaSetup.exe
Token: SeCreatePagefilePrivilege	3008	GunManiaSetup.exe
Token: SeDebugPrivilege	3120	tasklist.exe
Token: SeShutdownPrivilege	3008	GunManiaSetup.exe
Token: SeCreatePagefilePrivilege	3008	GunManiaSetup.exe
Token: SeIncreaseQuotaPrivilege	2648	WMIC.exe
Token: SeSecurityPrivilege	2648	WMIC.exe
Token: SeTakeOwnershipPrivilege	2648	WMIC.exe
Token: SeLoadDriverPrivilege	2648	WMIC.exe
Token: SeSystemProfilePrivilege	2648	WMIC.exe
Token: SeSystemtimePrivilege	2648	WMIC.exe
Token: SeProfSingleProcessPrivilege	2648	WMIC.exe
Token: SeIncBasePriorityPrivilege	2648	WMIC.exe
Token: SeCreatePagefilePrivilege	2648	WMIC.exe
Token: SeBackupPrivilege	2648	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe
132	taskmgr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2236	firefox.exe
2652	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4452 wrote to memory of 1288	4452	msedge.exe	81
PID 4452 wrote to memory of 1288	4452	msedge.exe	81
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4928	4452	msedge.exe	82
PID 4452 wrote to memory of 4884	4452	msedge.exe	83
PID 4452 wrote to memory of 4884	4452	msedge.exe	83
PID 4452 wrote to memory of 4940	4452	msedge.exe	84
PID 4452 wrote to memory of 4940	4452	msedge.exe	84
PID 4452 wrote to memory of 4940	4452	msedge.exe	84
PID 4452 wrote to memory of 4940	4452	msedge.exe	84
PID 4452 wrote to memory of 4940	4452	msedge.exe	84
PID 4452 wrote to memory of 4940	4452	msedge.exe	84
PID 4452 wrote to memory of 4940	4452	msedge.exe	84
PID 4452 wrote to memory of 4940	4452	msedge.exe	84
PID 4452 wrote to memory of 4940	4452	msedge.exe	84
PID 4452 wrote to memory of 4940	4452	msedge.exe	84
PID 4452 wrote to memory of 4940	4452	msedge.exe	84
PID 4452 wrote to memory of 4940	4452	msedge.exe	84
PID 4452 wrote to memory of 4940	4452	msedge.exe	84
PID 4452 wrote to memory of 4940	4452	msedge.exe	84
PID 4452 wrote to memory of 4940	4452	msedge.exe	84
PID 4452 wrote to memory of 4940	4452	msedge.exe	84
PID 4452 wrote to memory of 4940	4452	msedge.exe	84
PID 4452 wrote to memory of 4940	4452	msedge.exe	84
PID 4452 wrote to memory of 4940	4452	msedge.exe	84
PID 4452 wrote to memory of 4940	4452	msedge.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://filebin.net/1bn9n6j9vnvlz3cb/Gun_Mania_Setup.rar
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb67603cb8,0x7ffb67603cc8,0x7ffb67603cd8
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,15727918110967427731,1614790304269902934,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,15727918110967427731,1614790304269902934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,15727918110967427731,1614790304269902934,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15727918110967427731,1614790304269902934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15727918110967427731,1614790304269902934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,15727918110967427731,1614790304269902934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15727918110967427731,1614790304269902934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,15727918110967427731,1614790304269902934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15727918110967427731,1614790304269902934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15727918110967427731,1614790304269902934,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15727918110967427731,1614790304269902934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15727918110967427731,1614790304269902934,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,15727918110967427731,1614790304269902934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:780
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Gun_Mania_Setup.rar"
  2⤵
  - NTFS ADS
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  PID:4220
- - C:\Users\Admin\AppData\Local\Temp\7zOC7058958\Gun_Mania_Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\7zOC7058958\Gun_Mania_Setup.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:3284
  - - C:\Users\Admin\AppData\Local\Temp\2dE7z4lYUbSNTHSelw5Fwvw67Fq\GunManiaSetup.exe
      C:\Users\Admin\AppData\Local\Temp\2dE7z4lYUbSNTHSelw5Fwvw67Fq\GunManiaSetup.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      PID:3008
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
        5⤵
        
        PID:552
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic CsProduct Get UUID
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\2dE7z4lYUbSNTHSelw5Fwvw67Fq\GunManiaSetup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2dE7z4lYUbSNTHSelw5Fwvw67Fq\GunManiaSetup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\GunManiaSetup" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1900 --field-trial-handle=1904,i,11046473807301989340,12674331027101215256,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\2dE7z4lYUbSNTHSelw5Fwvw67Fq\GunManiaSetup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2dE7z4lYUbSNTHSelw5Fwvw67Fq\GunManiaSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\GunManiaSetup" --mojo-platform-channel-handle=1936 --field-trial-handle=1904,i,11046473807301989340,12674331027101215256,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\2dE7z4lYUbSNTHSelw5Fwvw67Fq\GunManiaSetup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2dE7z4lYUbSNTHSelw5Fwvw67Fq\GunManiaSetup.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\GunManiaSetup" --app-path="C:\Users\Admin\AppData\Local\Temp\2dE7z4lYUbSNTHSelw5Fwvw67Fq\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2504 --field-trial-handle=1904,i,11046473807301989340,12674331027101215256,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4928
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
        5⤵
        
        PID:2320
      - C:\Windows\system32\reg.exe
        
        C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
        6⤵
        
        PID:3588
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"
        5⤵
        
        PID:3472
      - C:\Windows\system32\reg.exe
        
        C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath
        6⤵
        
        PID:1548
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
        5⤵
        
        PID:1036
      - C:\Windows\system32\tasklist.exe
        
        tasklist
        6⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:3120
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"
        5⤵
        
        PID:4796
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2648
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
        5⤵
        
        PID:2040
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path win32_VideoController get name
        6⤵
        Detects videocard installed
        
        PID:2296
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"
        5⤵
        
        PID:4952
      - C:\Windows\system32\cmd.exe
        
        cmd /c chcp 65001
        6⤵
        
        PID:2604
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        7⤵
        
        PID:4116
      - C:\Windows\system32\netsh.exe
        
        netsh wlan show profiles
        6⤵
        
        PID:3212
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
        5⤵
        
        PID:4080
      - C:\Windows\system32\taskkill.exe
        
        taskkill /IM chrome.exe /F
        6⤵
        Kills process with taskkill
        
        PID:4984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1956

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Loads dropped DLL
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:132

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1720

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_epsilon-Admin.zip\Antivirus.txt
1⤵
PID:768

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_epsilon-Admin.zip\Passwords\All Passwords.txt
1⤵
PID:3548

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_epsilon-Admin.zip\Antivirus.txt
1⤵
PID:2444

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:388
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.0.304654387\47646482" -parentBuildID 20221007134813 -prefsHandle 1808 -prefMapHandle 1768 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb8a54f7-d175-4b31-bc9b-3bfd42694f09} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 1888 2309c0d7158 gpu
    3⤵
    PID:4092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.1.481324927\424112604" -parentBuildID 20221007134813 -prefsHandle 2236 -prefMapHandle 2232 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9d9c29f-484e-49de-a980-d57d88bb87b7} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 2264 23090170158 socket
    3⤵
    - Checks processor information in registry
    PID:1316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.2.715587905\1896911247" -childID 1 -isForBrowser -prefsHandle 3276 -prefMapHandle 3272 -prefsLen 20886 -prefMapSize 233444 -jsInitHandle 1348 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b0dc6bb-3219-4f57-9ff8-b8d8a7666bed} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 2708 230a16f8558 tab
    3⤵
    PID:2780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.3.1197486865\847166788" -childID 2 -isForBrowser -prefsHandle 3484 -prefMapHandle 3480 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1348 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90044444-669c-47ef-b3af-6bd71d547689} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 3496 23090161658 tab
    3⤵
    PID:1484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.4.15369098\914913424" -childID 3 -isForBrowser -prefsHandle 4164 -prefMapHandle 4244 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1348 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e34219db-ab01-4106-a514-ac808d2c9a8e} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 3148 230a2e31558 tab
    3⤵
    PID:1224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.5.1456626409\1089763060" -childID 4 -isForBrowser -prefsHandle 5048 -prefMapHandle 5044 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1348 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {593ef21b-3b64-4cc1-9b9f-d96cf705e158} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 5060 230a3e28b58 tab
    3⤵
    PID:2864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.6.1246634708\1530837121" -childID 5 -isForBrowser -prefsHandle 5524 -prefMapHandle 5468 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1348 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f35b430-9ba7-45c9-aeeb-c161ecd383bd} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 5472 230a48ccb58 tab
    3⤵
    PID:4488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.7.22365695\478811992" -childID 6 -isForBrowser -prefsHandle 5548 -prefMapHandle 5544 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1348 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00e03fd8-5bf2-496e-8548-e63f2dac4cdb} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 5304 230a48ce058 tab
    3⤵
    PID:2452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.8.2030882096\694640097" -childID 7 -isForBrowser -prefsHandle 5308 -prefMapHandle 5472 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1348 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3418d820-3f6b-4560-b0e9-a4158905a1c1} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 5444 230a48ce358 tab
    3⤵
    PID:3792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.9.372522699\65818697" -parentBuildID 20221007134813 -prefsHandle 4496 -prefMapHandle 4508 -prefsLen 26644 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7884dced-47b5-4856-9a2d-fca1b12108d3} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 4524 2309e9d9d58 rdd
    3⤵
    PID:5816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.10.83244867\1747139309" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 2896 -prefMapHandle 2884 -prefsLen 26644 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2adc72d-2d1a-4a6f-885a-cb8a005e4e15} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 5408 230a0429e58 utility
    3⤵
    PID:5836

C:\Windows\System32\fefo75.exe
"C:\Windows\System32\fefo75.exe"
1⤵
PID:3752

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4060
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2652.0.284405946\1477362141" -parentBuildID 20221007134813 -prefsHandle 1808 -prefMapHandle 1800 -prefsLen 21136 -prefMapSize 233496 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b798b5f-0baf-4fb4-adeb-f780a042edc3} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" 1900 19e73f81c58 gpu
    3⤵
    PID:5180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2652.1.1477569337\830821100" -parentBuildID 20221007134813 -prefsHandle 2252 -prefMapHandle 2248 -prefsLen 21172 -prefMapSize 233496 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f72348e-d0e9-4f34-be6a-57c822f41e6f} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" 2264 19e72cfa558 socket
    3⤵
    - Checks processor information in registry
    PID:5244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2652.2.841318974\1038094104" -childID 1 -isForBrowser -prefsHandle 3136 -prefMapHandle 3076 -prefsLen 21275 -prefMapSize 233496 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db4fe29f-2d68-4b1a-856c-c9e1ec682507} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" 3132 19e781b2658 tab
    3⤵
    PID:2420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2652.3.577570670\336236133" -childID 2 -isForBrowser -prefsHandle 3444 -prefMapHandle 3440 -prefsLen 26453 -prefMapSize 233496 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebdb66d4-d51b-415a-854f-235d95a93d51} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" 3456 19e756e3c58 tab
    3⤵
    PID:5816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2652.4.91608051\174124619" -childID 3 -isForBrowser -prefsHandle 4576 -prefMapHandle 4568 -prefsLen 26512 -prefMapSize 233496 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f754eef-d413-49fd-8b2e-8cc44b4b86f0} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" 4572 19e7a4a1258 tab
    3⤵
    PID:4136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2652.5.1450969010\355791848" -childID 4 -isForBrowser -prefsHandle 5060 -prefMapHandle 5044 -prefsLen 26512 -prefMapSize 233496 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {126dc8db-f460-484a-8350-482cd3e461d0} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" 5072 19e66d65958 tab
    3⤵
    PID:4832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2652.6.611681120\585142358" -childID 5 -isForBrowser -prefsHandle 5212 -prefMapHandle 5216 -prefsLen 26512 -prefMapSize 233496 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3418f022-fb39-4c4b-a836-c8435a9d7909} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" 5200 19e74850e58 tab
    3⤵
    PID:2672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2652.7.2129822959\532398599" -childID 6 -isForBrowser -prefsHandle 5404 -prefMapHandle 5408 -prefsLen 26512 -prefMapSize 233496 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a4c6040-22a0-4d6d-91b4-7c704d19153e} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" 5396 19e74851458 tab
    3⤵
    PID:2980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2652.8.80608939\1825047423" -childID 7 -isForBrowser -prefsHandle 5788 -prefMapHandle 5688 -prefsLen 26512 -prefMapSize 233496 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {027bbecf-86c9-43ab-ac71-56c26b6b3d03} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" 5800 19e7bda2458 tab
    3⤵
    PID:5832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2652.9.1013078801\675133256" -childID 8 -isForBrowser -prefsHandle 4580 -prefMapHandle 4848 -prefsLen 26512 -prefMapSize 233496 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d655d065-8396-41ec-8859-1c227fb0cf8f} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" 4696 19e7c250d58 tab
    3⤵
    PID:436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2652.10.1753104629\1691642870" -childID 9 -isForBrowser -prefsHandle 6116 -prefMapHandle 6120 -prefsLen 26512 -prefMapSize 233496 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a864b995-9676-4bfa-8c3a-a9405f901094} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" 6104 19e76c8d258 tab
    3⤵
    PID:4620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
12b71c4e45a845b5f29a54abb695e302

SHA1
8699ca2c717839c385f13fb26d111e57a9e61d6f

SHA256
c353020621fa6cea80eaa45215934d5f44f181ffa1a673cdb7880f20a4e898e0

SHA512
09f0d1a739102816c5a29106343d3b5bb54a31d67ddbfcfa21306b1a6d87eaa35a9a2f0358e56cc0f78be15eeb481a7cc2038ce54d552b9b791e7bee78145241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce319bd3ed3c89069337a6292042bbe0

SHA1
7e058bce90e1940293044abffe993adf67d8d888

SHA256
34070e3eea41c0e180cb5541de76cea15ef6f9e5c641e922d82a2d97bdce3aa3

SHA512
d42f7fc32a337ecd3a24bcbf6cd6155852646cae5fb499003356f713b791881fc2e46825c4ff61d09db2289f25c0992c10d6fadb560a9bea33284bd5acc449f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6bf7f8eb73c82b6edbfa38a5bc36a9af

SHA1
ffe12b2e1b056d34e82c981d1128cae280772c44

SHA256
ba32d3667b44a6403e6f9ff162f5243cb534b6846f7c7fd1ac7be022c13a5469

SHA512
0544162776b840a5234c8ae58088f089967f6e831ca79d21c177d1b54dc4f1518da76f2bfd48895cd91c404db8de7927c6f857e0f65a0420d311a3df4610c8af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0e544b648215df74256cc4c42c26c636

SHA1
d0b6f215bfeed644d3453bfb69d598ecea2bdf15

SHA256
a783d046bfdc4362e5587a1fa4b18990b536fbd26241a406a51d06d4e69caa2f

SHA512
a0456225cbe820b860f2d03599be1b0c2d0b4d3c52678efee94df6ae80b2a566afd34f67e9f75ee353d9d4346ffce58fbca7056ac0a260100aaee622bd568a2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
731ebf2a4e2814f56c5f40d2eb1d76c6

SHA1
5331a00cc1f81f9e90ac6af6530766cd65c9d157

SHA256
a8ad7225f1baab4394fd4562073b645cfc01f358686ff9a5f1f1f7dbade2272c

SHA512
e53df95aa64805492089fa370971cc5d73e37b25d25f5182e8f27030269f9548294667da8e8be731f1ebd301940f16dbb3137d9f3b96e5b06d2f5d9c9ae31702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
72a75e7016e28737c558495b9852b7e8

SHA1
750dc4b317ea06be204a95fdfae66ea3926c3540

SHA256
a22aad39fd2451dc3e74bf68b10c57b0996936e6ed4b69555c6889b981d22ef5

SHA512
d348c8abb03966dc8a96c0a916a3e6c5c387743cfe855179956c779d787b06a1b6e2f0dd84020d80b8eeecbf9543a86da1d74b453501678f85f908f8baf1eea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
778fac9f4005251e638ae27be3e932a6

SHA1
d89f36e443f1c88ef64e249b14b837358fd38231

SHA256
c197816caf3411089152065ca9d6d328b1e932f07fc80a7facd3f8883e6db734

SHA512
6bab20271882608ce811fee2d83e90b1bad95c29a40aea392c539a92aef16a3c8a6c05e3f253aaac45f70ddd6d4681453e7b04e74a61d4b579700effe670e522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5090c035d5df808330e7df915cff006e

SHA1
3b9a6c9537477812cbab7b3c5000cbfd94bf9cfe

SHA256
d4af84c527ba80a5e4860ea3bf34354761fa4ffcd51b5602ce0022816f1bb24a

SHA512
ccb28845e0bd3a19ecf7a549a639d90bbdafdaa6a9007ba02d8c09b26730eba28f327097994a64c62ce352a6f8f7122d2da37b16e9d104f92493359d5acf25b7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zs0352kg.default-release\cache2\doomed\6241

Filesize
15KB

MD5
bbd48c897b76b80e82f9ec1059c2601d

SHA1
879fb9b42f4f00b163a09db7d325f9e197f7ef3c

SHA256
c077cc764e0206e811dfe38933dc754a849fb2fd07bcc52be8f0cb011c26efb9

SHA512
12ecb7c1b956c150054688aa3f38570207c38aeeaf657ae88d79247e8a28574bbb267de9813576615b32a11dde5035fc52f87164e03559598cf71aa85ca6c0ba

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zs0352kg.default-release\startupCache\scriptCache.bin

Filesize
7.8MB

MD5
ff834298f93c88d28bad31b2291dc851

SHA1
65fded0e139f8fb2adfc8384a8b36b34719814c8

SHA256
cefec672f689cfe39ba7d7f15a57b7512af02409373591203e9de5cce10df6ce

SHA512
150ff032b31ebe2746a178ac4d07ff5ee5e90eba105086c9a67ba539782f74adab123c403a57279262b3fc05012bba5a0a1727515c98f64fe8def7fcdb9b7d1c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zs0352kg.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
fb2ab5ce71c26a1f9dbf31269f154162

SHA1
cb1537a5a1fcd2cc107cfb54b00fdb5ca20809c1

SHA256
1903d551859cae183272ee29f4fa77d5981007f1ffc35da29839484d259bf3e7

SHA512
a37d7516833582b4d1542aa8d65dd1c087e02aa7983a7933b5ecf2ed58d8a13765186aa9b434409deef606ceb9c72c9fc69894a492efcaa3193a4954fbf025b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dE7z4lYUbSNTHSelw5Fwvw67Fq\GunManiaSetup.exe

Filesize
13.2MB

MD5
26aba07f98e30b86a58e615358a4b411

SHA1
2abc8aaec7044cbbb56365aa8cb9c3ce7a1a3b87

SHA256
22c5e6a70ad833931de1672d5fbc392a25ba62e485a14754df635536ef5b47f8

SHA512
ec98f809eb20a5c96d5ad548f5b3b2dca5e9899da74b02751f82020679a7d438093cc2d9fc20968ebda3bbd8d3062d6ac4edbc425bd0a0863d1ecc353ae8f293

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dE7z4lYUbSNTHSelw5Fwvw67Fq\GunManiaSetup.exe

Filesize
8.8MB

MD5
8b7662f534e49ec1e0ee7a7699b7f08a

SHA1
3f4caacc07f01cf2acfcf09dc31556764b8c6d03

SHA256
b938cae2859e09a9d1c240562c840972b113a725d0736753928a7fbd9fac97e7

SHA512
133323cb5363d6121f3ad2df21d46724f0b6360ef90960ab334f988903e8c1389adab545f5b5cb2b614d90e8787ccbd96464a5f2c5fc4405838db5d6dff41bd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dE7z4lYUbSNTHSelw5Fwvw67Fq\GunManiaSetup.exe

Filesize
448KB

MD5
09115342fef4e52e9a41cc976f8eb0e2

SHA1
7de7f117bae0afd3c03dc4f3fe4fdcb23eb9fb32

SHA256
f1f0b496c0b5f893e5bc7a2dec5cfea858030b23ffefd7f65e3716ec74a3d9b6

SHA512
1251364bb89fc3ad6196bb82eec7ed6ef3612da56fe70e807b5613229c6f4dcc45862760f0a8f8e2bbca5e818914461f69bf2a4c506d1441f35781ac885e2736

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dE7z4lYUbSNTHSelw5Fwvw67Fq\GunManiaSetup.exe

Filesize
2.9MB

MD5
614327e11210acbcc622c6bd2091968b

SHA1
9a9cd2f8a7751a49025f722f8c3bbbf91ca91801

SHA256
6ea73fa9f987fe24d9e1a6faf7847df5b0782ef5cbf7a52f3dca8bc05496843e

SHA512
daa80cd460609eaecb3f4849f00a54c3638d5c38f710c38baaaf1a759928e90820f9e91300ab94b358599e49b212f784053c06adbebdd33b1f8729d87444e73c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dE7z4lYUbSNTHSelw5Fwvw67Fq\GunManiaSetup.exe

Filesize
2.3MB

MD5
7725ece6ed54070b94e3bc07401d0035

SHA1
d3634efe3bf7a34c3c506272ccfad2e4818514cd

SHA256
ec42bd96f28c8d5c4d95a36f2cfe0007c8411a715ea6fe72e2d789df385a9959

SHA512
5dba2706aa6b334cf9732d5855df538fb68bc77f65559b181471be3ed64320236d1c39ebb2f5c33ee3713350ed7f50fb24a5715794507a914e9e025f84256ae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dE7z4lYUbSNTHSelw5Fwvw67Fq\chrome_100_percent.pak

Filesize
163KB

MD5
4fc6564b727baa5fecf6bf3f6116cc64

SHA1
6ced7b16dc1abe862820dfe25f4fe7ead1d3f518

SHA256
b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb

SHA512
fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dE7z4lYUbSNTHSelw5Fwvw67Fq\ffmpeg.dll

Filesize
448KB

MD5
20ab861dd089eb597b7f4e58df68a047

SHA1
d7679399c36921ba489c1f8e52c7749f95c20dc5

SHA256
be72d01c6b58dd407bffb49752a261474fdb7af796389950f5a2063e2884ac2d

SHA512
f1b885708c86910c6796ae31c7bb6341e02595d7903ad8bf8562c90de479b98ad5d8f49f72bed39b579409bedbbb59a15b9cfac8397fb7997a8dab3d9f4d624c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dE7z4lYUbSNTHSelw5Fwvw67Fq\ffmpeg.dll

Filesize
384KB

MD5
6942ab56045246e010c887666e89ecf1

SHA1
bf32ecdb1f6bf48fad0ec8d0e732d4235cc3ca1c

SHA256
a994611f3773c3a8735c73918e42ed10da30cc794475d604462580b7375c1dd4

SHA512
e260f9d3238d1dab82a24c56cd6d2611d567b8fe2aef7ad1b073fd487f8bcb6aac3bd73f48551997afa84f44b25d865ba6746a6512b8f7f2095dfe3d82accba0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dE7z4lYUbSNTHSelw5Fwvw67Fq\ffmpeg.dll

Filesize
2.6MB

MD5
37115b1703d3252eec5e246dce31970b

SHA1
bda1412af15f495b57f3663566c2e352fb08ab9e

SHA256
fdba682db4b60fd958e539ccda66e41e4af37cc00f34d8ece2c8a514ad721e71

SHA512
327609f8aa7ddac2c0d1db1d62953b9828dca881011e5e43b9344b1d8ba70771c5220e90d398b3fb532963ad6dc55c2d44e28c3304e0aad30b949aeb783dc4c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dE7z4lYUbSNTHSelw5Fwvw67Fq\ffmpeg.dll

Filesize
2.2MB

MD5
5012bb22b5d6e26bc2c981a6a53aacfd

SHA1
5d88384bb6fe01f0942781ead0165991047dd3f2

SHA256
e9811f9264f402116f0e6bab0894ede8f120bf1ba8b9252f514c1690e1304032

SHA512
93e1281072a95df1a8fb14f9c62b6af27ab469db5351dc7a5193185653d7efdc7ebfdb95f7b8e7abe6ae02d8cba3708ec798fe5905a67fbb3c82de23265b3183

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dE7z4lYUbSNTHSelw5Fwvw67Fq\ffmpeg.dll

Filesize
2.4MB

MD5
65448041ca9bed88bc1979fc3d481b09

SHA1
1607aacbe7b27dea38f62c5762b8bf3d803a2c85

SHA256
42a4be1f33b9c3e9db0b226b56033ad7ba1bed04df9294aab832c36636be6913

SHA512
6ae16aff6960f5e4945eab620d18f980b30c934c9cf4c78c098242c95fe6fdbcd558ae8831867e54835256b8076e735845447e8e1dc3e383c78159175f1396ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dE7z4lYUbSNTHSelw5Fwvw67Fq\resources.pak

Filesize
2.4MB

MD5
877a1dea383a38309caa08e3d4104ee6

SHA1
ac038982fb7f0806756b72ca6b53b141c4d28c4d

SHA256
3af168541559fa38b16f579d0cddb2b96ba1bafb2e4826981cbe3c2868da40a4

SHA512
a425bfbc96de96b576d1f19a22544b21e6d02d5d5fb5cd4e9ee9f0a1abe15f91cb14bc504c183235d51ded9647f7839c92307955eeb9abdae1af2c94e5d2adc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dE7z4lYUbSNTHSelw5Fwvw67Fq\v8_context_snapshot.bin

Filesize
192KB

MD5
b5a165fd5dab07e674e3e1979dd5cd6e

SHA1
280e0afb9699e5b6ea2fb32dcec91a41a9ccfb87

SHA256
80b4df91aa65a956da35ba8fe7f606a966b00ac22cc55ef0c60e1d9756611653

SHA512
f1c756e2bd70df80f72567068c844e61143774055582401b668c55ba69efdf592a9b4f88bdb2f73442e09cda80567529d1ff1d372a3f2693440f0e8add0eb3da

Download Submit
C:\Users\Admin\AppData\Local\Temp\74454db5-0c2a-4026-8ff5-0f2429f91b46.tmp.node

Filesize
122KB

MD5
71bf205435479cf15d3943feb5d96adb

SHA1
ea87b97504c8862b6ae0e49470d24ab4dd386b83

SHA256
073734a2a4e557d393feda47ccc0643ee831c2c075fe32f2ba161ec2fce49ec6

SHA512
fb84b540d4c927269a727b7472786107946080495cce76a7c592932ef63c233347d7cbf8b5f9c8e56d6c2e34df7aff300f22c1edf050d6bd907b7d3c377ba570

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOC7058958\Gun_Mania_Setup.exe

Filesize
320KB

MD5
494f44401761bac6144a69ce09c6314c

SHA1
0634059a72823fe189e6580e42336a37be8f423d

SHA256
67524daa9341c60597266aa10687e94b32f213ba227fa5738a246cf1cf10bb0c

SHA512
d69301f15b28524a1a7189bfac9159755034078f2792265c1edbd91399d68c691543b4601ff1333f543046983ceeadb90addd1e2df5af3d8437a6da91f53fe0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOC7058958\Gun_Mania_Setup.exe

Filesize
8.4MB

MD5
aa7a7c86cfe6043ce4b9c6264d0aeb98

SHA1
cd31d15332c473fe6c99718f0eb73037d711ca47

SHA256
901e45bacf0331919e353892010c2827974eefe079c6ee5ce84eff5abb0766ca

SHA512
f802ae644f14f667d99210ef3e8928486273c9a2abc69847dce62301dd385ed7a4645c8eed7f036a8d0d68f8dcbebd40d09f6f0c118e90c72e9f2eac00759198

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOC7058958\Gun_Mania_Setup.exe

Filesize
15.4MB

MD5
0d54c4a014b9f713ea5a303c5e7a540e

SHA1
ac419687e0c4ecb72e1885274421c77e999e63b8

SHA256
e0b3d92314f2a7c41ac02cac5f373f5bbb591679af98fd6a3a2ebcb3c30e2328

SHA512
f55e70b7ed8c76fa7aa33e54c7d44ae2da3c20427e9d55cd6da90fe566440c3b6286dbfac0dd30f56e185e9cc60155c9febe7bb838c314bf17a772fb39b81b0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOC7058958\Gun_Mania_Setup.exe:Zone.Identifier

Filesize
618B

MD5
4fffb974dd5119f42f71c4c182db0888

SHA1
2cb75746613bc8fa7464c667cf42f832701ad1f2

SHA256
79d24620f370d8031abffb3e8cb398139ed423b3976ec9dce3fbe6a67f20700a

SHA512
f52b29e7df325f903f1c26a3af8421ffe57e5362759004136c4d63bc56a8a2ccbd47a5bdf465cfcbbe4085c9e043d0343f426161111864a6099642c71fcaf1a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\d14c47a1-7c42-4b3c-9ed9-325386f33c51.tmp.node

Filesize
832KB

MD5
f96dc5a39cc903a38968e3b5672d7568

SHA1
b772f0b983c02fcf89263bafecf20571430068cf

SHA256
1ff9d1a92528afc11310c2ee316b2380c81b652b4daffbf3c5f39e59b8e0c942

SHA512
8d3ccb801e0aba40e88c838c4536309f0b5eea1cfae92b7b025277600050d786af720fc80c12b112c7968776e68f1085b0d4689bf5f2cafd30aecb14d14034fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt

Filesize
249B

MD5
cf7e4a12f932a3fddddacc8b10e1f1b0

SHA1
db6f9bc2be5e0905086b7b7b07109ef8d67b24ee

SHA256
1b6d3f6ad849e115bf20175985bed9bcfc6ec206e288b97ac14c3a23b5d28a4b

SHA512
fab79f26c1841310cc61e2f8336ca05281a9252a34a3c240e500c8775840374edb0a42094c64aa38a29ca79e1cafa114d6f1bbe3009060d32f8c1df9f088c12c

Download Submit
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Passwords\All Passwords.txt

Filesize
231B

MD5
dec2be4f1ec3592cea668aa279e7cc9b

SHA1
327cf8ab0c895e10674e00ea7f437784bb11d718

SHA256
753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc

SHA512
81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\GunManiaSetup.exe

Filesize
7.6MB

MD5
0e93715ff1fad01680da8b43d0d433c6

SHA1
ba570f4abf02ef601c0a423db43f1846080b5c9d

SHA256
b57c0a5de80de131567428b79356fae3233c286d92340f79fef591dfe10a45b7

SHA512
e810fdf6bd192b413261767a3dcf289f59949283193e748ec00283385b0ddbd5df65889507d48b0453576afdef6d8c8ca4903a83ea410e00bbc2139564a2565f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\LICENSES.chromium.html

Filesize
6.8MB

MD5
738e73b434b19010dbf5668c43da8d08

SHA1
7af9a7afc1f0a55ff892024820612a78ff091644

SHA256
390a669b1cf3a20ee5a137abb9bcf88a3719bf56eeb861cfd13084d9d44e0617

SHA512
1fa35b86822e9738f67d814074d0a9b22acc808f51c3f9b8f9aa4d8314fcf56292304f8efb450ba07abb2c42035d2a79e0af9290c44e6ca3cd86dadaf4c3d4d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\chrome_200_percent.pak

Filesize
222KB

MD5
47668ac5038e68a565e0a9243df3c9e5

SHA1
38408f73501162d96757a72c63e41e78541c8e8e

SHA256
fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32

SHA512
5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\d3dcompiler_47.dll

Filesize
1.3MB

MD5
fc47bd041571ebf3d84e1a2641eb7b7c

SHA1
658da1cca020ce6779e5db81ad6b3043a8e5e519

SHA256
f2a90c6444148f296a5c8589d87efc40505c74cd2ba413941d8f6f55a1f42c91

SHA512
b61fcc1881fce000d8238bfa7405c9184317bfbdf04a6ce2ae454e4751317c08a9e03cbbf8ee34035c78c83ed6ae8cd858a6fe7c11a22d25564abbbe246e4864

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\ffmpeg.dll

Filesize
1.3MB

MD5
e6ccc7b7eaada824a456fd47e2508947

SHA1
6d97a7bead04159ed8f0d94559a991bf4032941d

SHA256
15d58a18897ba78c8352655e68ee7c8e16e0dcd5577d6b0f8b4aa9c193627ded

SHA512
e1490e4d5e6b115dfa4fa3a04dd57899c5b487d0cd9c3b6e6a69d61f66381e51c737335dc7d6e4d6a82a49ab1a7940b00420e8fc208e95f989ec86d9d45a8bf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\icudtl.dat

Filesize
192KB

MD5
b53dab2644e2b44c874df9eb7ff9ba9d

SHA1
8dd5459e1358026316bf4199ed39ab646def0c98

SHA256
8eee505762b93042e43cf8b4b79b48ac1e965bbcfba664965b7436c4202c477d

SHA512
3435fe2f1e8a357394358b47ef3931e9de4b33d9ca27b7db2f81520f8df79d9032abe7261aaf7be30f3f5aa8fb5b664bdceded3090ba278687d875b7fe4594f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\libEGL.dll

Filesize
467KB

MD5
7906d51818c053d8c99a8491936bc7c4

SHA1
2e7790d61a8aa639c6a02be0724715302171d14c

SHA256
66e424b122d13d4be5728215200d3b219fc4cecaa0e6128518d7f8e5600dd58b

SHA512
23de1a5718949b9c624e8a208aeb92596380ebdc2675c3286163e464f8f334baaf3bc5bec529a7022241884ed6b9c9061036106c972acd621f05385703b628a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\libGLESv2.dll

Filesize
5.9MB

MD5
f065bdfa943bd656d99c95f3e58c6643

SHA1
d54e5aa42c21cdc93a223410d4c199d760fa6cff

SHA256
df9782d4e5cb4a8263f9bb57986d18c59ef549ffbc811b64119819d566a95ac2

SHA512
6a03b54db9ff250026d6a93cfc90c4a07f559628632b5f39a50d20cc0540b7ac370fa1a53094b86cba0a862cd1216c872d38c0be4f226ecb43df25839c074303

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\af.pak

Filesize
14KB

MD5
8f1fad2944702292b36785f686be54a7

SHA1
4978000f2d96259d661d843a27982621adda4e0e

SHA256
64ddf87a9d460a6d08bcd8bcb6917655cf11fd13bb8ca93080888d2c4c3955a1

SHA512
65991c96eee02d63a84744c23b0dc12b12995135a9bf1018989a419192d9387ec1ad8f2f35e28c1e4476be74be99e7467cc7538e56abeb6485030029873cd7f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\am.pak

Filesize
756KB

MD5
4eaa15771058480f5c574730c6bf4090

SHA1
2b0322aae5a0927935062ea89bd8bd129fa77961

SHA256
b05dcb8136751aee5eced680a5bad935e386bfce657dd283d3ec00ee722fd740

SHA512
b67e7dd24eadc91d4cd920f8864cfb23a9c67b2cecd54ec97e01705636604ce504dc417d6af1c53f374b58eddf71a12bb82248bd8fd68307161d4833342681a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\ar.pak

Filesize
829KB

MD5
a7c00155a208816cf40b534856f2c5ff

SHA1
de423dd50b1cfb4c4981c567d9d2d0d7344c149c

SHA256
c931a2aba3341ca32b8fe9cb0cf9ed109ac6aa7bdb2368c465c3f8e2c25d94de

SHA512
554ac18de640b583422e2d3c20e247491fe738b1c24647e078abc96c24742ecf1d8f0f38260827152972c625cf36e86d6f6d35a92bbef47eb0c3645f7690686d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\bg.pak

Filesize
861KB

MD5
0e8005b17ac49f50fb60f116f822840d

SHA1
f2486da277de22e5741356f8e73e60b7a7492510

SHA256
50e4f6b9c387adf4baba3377c61d99326cc3987928d8d60b88d1ac29352820ea

SHA512
5df18bbeabd56e70d4c5a80dee5b7ce48259000665941634937e556e3b3a1c6403aa45c410f6f755607549c9dd35d722987b447c50efca51228ffeca4628756d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\bn.pak

Filesize
1.1MB

MD5
c8173f0cc63ca9e02c07abec94892b53

SHA1
2688b199cc40bb2082247fa451eac1304608e48b

SHA256
e6adcfb4f3b3bccd4a27edadc168b503c36551cd6b27fb24043efeb21f691ce5

SHA512
3d2317430722dc15c5d938fa55235af1caa03dcff7a574b44d37d89e7cf2c94dd2e84518b3eeca4a5a8dbec1b99d94aed97429aaf55c63998002d50ce9cb5019

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\ca.pak

Filesize
524KB

MD5
a96207d66f2a66bd9716a80ccaeb6106

SHA1
e7fe4a3cf0d681eb9fc6aa8707bda5e41d0be9d0

SHA256
61c1c2a1aad4d38538ac51f8dff57f3319baa9c5287ea5113ae6fc486cf8af3e

SHA512
c03b97c29ad57f54d3cfdcc3ae0e22e0042bbb792f442dc6ae3f29d202e7afdabf6b2f17925a5944fbb1b39da4f0ae181c5bc14e175ae2b3cb8499b318cad15b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\cs.pak

Filesize
539KB

MD5
70f320d38d249b48091786bd81343afc

SHA1
367decdcdad33369250af741b45bdc2ca3b41ab3

SHA256
1c9448ea3aefce1a7e1491e73af91af772d8b22d538676a2beab690558e668fa

SHA512
02b08ed9261fd021e367995551defaf4b4f54c357409a362f4d2470423644913375cac444f62153ec2963a84880a30a36f827dbfacdd76a6222838c276cf5082

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\da.pak

Filesize
487KB

MD5
426c1035169c079400d71e700cb7aa12

SHA1
90fd4c7c1ec66cf7a4fbf528b0522c3670c5a99f

SHA256
bbd28bfcfb94631347d4aa0ce0a0a756b7003fc486dc3360e0e7ecfc8fe1ee63

SHA512
5290cd34d7022ad6048dae6e02f5c793cde949187cd5527c090be7818a2f2eb71602ee3ceb184a6abef325bfd33ef72ea582a85ab989c2efaad10eadebebaee3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\de.pak

Filesize
521KB

MD5
63c6caba86699e3a5dcef5bd821d2091

SHA1
3a4d1652eabb943a94ee40b9e3f0aab465625fe5

SHA256
7c3c570580bdaf4224f9fa734efee79f913bdb3d63f28af56bfb96b18941a57f

SHA512
14fab1f4e718d5626302b672d3a76919a859bc3e9d8bc9728cebba55c530b7c18df1e181d26284dd18d067c83e50312b61e92803ef47d28943eaa44e32f662f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\en-GB.pak

Filesize
424KB

MD5
a1aa885be976f3c27a413389ea88f05f

SHA1
4c7940540d81bee00e68883f0e141c1473020297

SHA256
4e4d71f24f5eea6892b961fcda014fc74914c1340366f9c62f0535e9b94ae846

SHA512
8b6d67e09fbe7a2152a71532a82c1e301d56cdde34b83a9f17d9f471e258b255d5b2d4a0c39f38581da3a31cec24fb403156a8e493560d7206e1ec3db7e68b72

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\en-US.pak

Filesize
428KB

MD5
809b600d2ee9e32b0b9b586a74683e39

SHA1
99d670c66d1f4d17a636f6d4edc54ad82f551e53

SHA256
0db4f65e527553b9e7bee395f774cc9447971bf0b86d1728856b6c15b88207bb

SHA512
9dfbe9fe0cfa3fcb5ce215ad8ab98e042760f4c1ff6247a6a32b18dd12617fc033a3bbf0a4667321a46a372fc26090e4d67581eaab615bf73cc96cb90e194431

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\es-419.pak

Filesize
515KB

MD5
5abcb35738fcb4217888925eaa8f943b

SHA1
a195fb95343d2fad6ec79a80efc848497f2b0083

SHA256
51ff321a6612d56daabc7874ec306680f610c391ff4392c61a59d3ac2a3380b5

SHA512
1272ddc6310fa9135e327111c6426fff39187df07d770b9fb366d6a87922e5ee1dd81cc676b17f8ed6370b786badf92c850910674ef5dadcef3bc7987ea62d3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\es.pak

Filesize
515KB

MD5
31936c5b039863804c46145a27fc615d

SHA1
0d20953ab0ed681e7b7f44b5b75cceecb849f4a4

SHA256
d2f4bc89eae5bf98de0babc85f63ff9f801fbe388ad6534adb3582e5e0d320f8

SHA512
66e15c3585eee7bf5a8e7a7e796718e1a525155d12e9264798e52fbaebb5a8d83387a01ac831dd0eb570d5e5f559dd8d3de1b2b2d340ce22bec15c695ceaf052

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\et.pak

Filesize
468KB

MD5
e7ea23d6304d5d600d884f4e3b3cb2d7

SHA1
99fbef7eb1bde7df398cce9faf6c7c357769334a

SHA256
292eb18ec61502b0e952b447f73a66143c56dd95f170981945e5aab53a6b32b3

SHA512
23dfa1161d11faf440241b1f48f2ddbc8ec086a8e18da351734656551f0f54fe4c94b490c0d3ecc378a3de7f7713a1626a7a6c21da2500b9597b44fd08197d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\fa.pak

Filesize
767KB

MD5
e2bee9eeeac231de237100fae0aa77c7

SHA1
5e5eeb59656e2f8f4f62bc618966d38cc06a385b

SHA256
7a856070430e3cfad15b96b153b1cb483cca9a1b9a43453df3707b09c748a3f2

SHA512
5593c4a48e679f0f6283c3bca69838f581b6f928cc7170737778458393b6b85fab0e6ca390bc5da840f4b79de9e638015bf341c1a95e8f99770886f5354ecff6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\fi.pak

Filesize
478KB

MD5
63a9b4a90fcc68d1aa39faf43b1fe6dd

SHA1
d39c81d0e8f1428249101f96d78f1c2c5bc159c0

SHA256
51b79e415dadb02f3b56813104903ce47d7619298f7e2a1a13cc965abdc55bef

SHA512
3381f5709e4ad8d66637676013f51bfe9cc8455c1bfdad87b962dccdf1cf10a93a1bbb6d2e54518b9d1355f9942160003afdb67e7393d78ad883482c522c0c9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\fil.pak

Filesize
541KB

MD5
cbb431da002cc8b3be6e9fe546cd9543

SHA1
19fbf2715098fc9f8faba1ac3b805e6680bbcca4

SHA256
ab107369d45e105a4cb4f2f6bc8da2a8c1b6c65d5e94a7ab3e703e619c083dae

SHA512
3cabbfd021e5814587dad266c4f5c9f624e9d9278f22658dafd65ff2ad2bdc5f6df8a8672614b296cea826819211e12f8e77f183007c0a79075e2f0980b99911

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\fr.pak

Filesize
559KB

MD5
060bb646b557832d73d086f48b35230b

SHA1
cde85afd007b096d45a83b786ec5911318952d5b

SHA256
f7d886a07f4002cdb497c2b8af2fa98a6486439270da312a31691feb0875dbc5

SHA512
8971d51c15b1d695e726f92f306a98795ff7cd685b3314ef1a9549d8ac97b6e2a827a93daea819c4c9acbaa46344ea44753a75a2a35fcf9461cbbb6de4413047

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\gu.pak

Filesize
1.1MB

MD5
a9e6d8e291ffec28551fccf4d1b06896

SHA1
adc9784433fbf2ee89bcfe05baea21beb1820570

SHA256
716ea0433e19edb5113dc8a25ae67c2587bc17c7fb63a93ac473bdcef8f72d34

SHA512
3a60002dc6a9008cac78bbc050fc36d1053bfbd21ecf4d0579b2780985d4e7a7aec94483d8b0b8dd7a899b8435d54a27bba68917a23945431183eda021722697

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\he.pak

Filesize
672KB

MD5
ec16b50e6575cd6863df282847cac3b0

SHA1
a59e089951c3a5dcfac165774c68651055b829e0

SHA256
c3955c97b6998f1806f8871fd3137f6f504bdd091f8bd1ff5ab8cd089474ae8e

SHA512
3c640430e3391be156aab26f6057e966348dff50ea946a02db947e2316d3a915c29f329faa26725a90af4d06ead7c7fc28cfa7573033b2b9546fd8e4d2bb7ab1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\hi.pak

Filesize
1.1MB

MD5
18bdd1d8d1d5c6a5fb2678abaa1ef6a9

SHA1
e40602e86e758a518ec70bb6a9cfa23107955301

SHA256
1f49622ec6682c90e03fc42c319074565cf9d3532a2a4e3798e2f6cc159b2e8a

SHA512
c859118e7c1be0642ba9bb1112a98a8fa7114a00711f578971a55aab7254b1ee9bb3899c852b79a002596f29e02f487267aca7033e38cbfd14c90b2989b9595e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\hr.pak

Filesize
521KB

MD5
d80178f9df2b72a24a7dc58b5aa13229

SHA1
cda864bbfc6935cb4e3e30a6eaeabbab5264d01d

SHA256
e442d083c32d752d1ef2225d84a4f1a91efab768e86fc63a7ed22c10fbf7e520

SHA512
c08380fc0c415a529a035e6e9c0eebc719766c656a3d9e3a782f21b4fef320688e1d11de8c3a5d0e59a102c9fbadcc960478a17c534500e137f4cb0e697ec9b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\hu.pak

Filesize
561KB

MD5
0b62fc2b60b8a92dc506550339766139

SHA1
abf0b1ae99ae40d87f86ee04bdba467674fc1039

SHA256
6ca150d0fc35492bafb411bbc520f3b34da6399969fa9685ae74201623882560

SHA512
aab6058e2f41282ac5a9394cdcd503efdeb6b9eb8b9a64cc1215e31a806e60a34966b6823f91a97bfb81656d91ccfef3a226165811e6f4208fa436e1d04c1242

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\id.pak

Filesize
462KB

MD5
772e8582986160e40f21e561ac62ea2e

SHA1
bc31c93b402fdeb27046e87fe2ebe204460ac875

SHA256
f9adcd746fd74c2ae8724a1510f75fa67744d78c98a75a6a5c189545e941b6f6

SHA512
7607bc2c38403d81f34260f999ffbbf1584b332e136f7bb8ec38265c435b0022ae7e6247f6e27615aad88a05b5d76bf83209ad0afa3018b8ee3b116ab08cb830

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\it.pak

Filesize
509KB

MD5
43bdc7f52841215a3fb513b83624dc51

SHA1
8c76760489cf6dd329a957bb9473198ef15c08fc

SHA256
1640673bb801d15998866cc8ff1155d77dc36301aeae41fa1068b9c8a2b685f7

SHA512
ed88a94d4c2fb648ca42a5f2f707d742befaa1b0fb44776ff3d3a5fec4037f39964e544426b10fbc91e170fbdf7caeb9d4c31096a3ed26ea684c30675b53df56

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\ja.pak

Filesize
622KB

MD5
c6ad3618b362f0c0e031507e51d7353c

SHA1
7c473846adeffa367f849cda9edf469a02e15c27

SHA256
f1ae1518c516426f58d50c069757d993faaa9c5e45ef2365d1f5fbb92f05ce20

SHA512
fc1dfb7d9b1d0e4dbd26c620ff1fa366ac1dc66773549c6096dadcd1f26351cbf202f55b32cce0ada6963e491accd7c4a9eed970a9d3da5c84176c6199ef39b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\kn.pak

Filesize
1.2MB

MD5
59e6642f09ce97cfa4a4173413a1b036

SHA1
777a96a4aefbe138f26c8697e66633452285eb2c

SHA256
58d16195170f76e40e18ee0ac2e10e1b73bcfd083821158927a7d67a51bcbc42

SHA512
66deb67a4ce1914f5f27bb6423e5be62e05d0a36320accbe653572a437ce033ed5d26858a62d8c57476b34e1718d580f34ab44a3886d8d22d17f642d70f0138e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\ko.pak

Filesize
526KB

MD5
c13883dbbd379b7cc0b9e7a33f22c5f6

SHA1
f4e52ba1c6921c26c5d4c0eb6492f7385e3bd3ef

SHA256
cb160b249850b2413b73e7eec5a4bea19853a2cc8e4de1751138034fc16bf4b5

SHA512
34fb6af450d5501fcdf8defd548ad598675b86d0502b951ccf85f4be372083c586a96c5924e3078eaf266d630de7cf540f90c7b1846e105a717b5420dba844a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\lt.pak

Filesize
564KB

MD5
edb2c872a4fec5367cbe68035ef0ecc7

SHA1
b4d42bcc83c98dda1ea2ef962d097f6fb3d25c71

SHA256
1bd385b780f3d13d41f8cf782a322e37be889aee273ffde3d8959e0ebcaabd0b

SHA512
dd801a1aac2242e3f532e968b4c9639a2c8bf3eccc17470d9aa8bd6730ae4be3e7276fb782c7908bb6f87d3ade20a40c644b9db5d2201d96d91fd95ebdf429c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\lv.pak

Filesize
564KB

MD5
393c296fabe0c4c64a7d6b576d7d2cf7

SHA1
16c0605e5829cde9738e1cd3344a59b74fa1f819

SHA256
91642c04de64f88a5c49b4eeaf5d627554e60d56fc40e7cd58cd2601b0d3dbf2

SHA512
067cccb059d4526c104880a26ebf04c7e2498c49c5641abdc91785e859bc0be1475ec58cae9ad1eb076f26fb9215ac246155e123baa13c06a05e4f22a002c2ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\ml.pak

Filesize
1.3MB

MD5
b690b0f01954735e1bcea9c2fb2ac4e4

SHA1
8d98860e202b15a712822322058e80a06c471bb8

SHA256
83d187cd70048f4129fa65ba148c74a04a47ee1f14218e7c85b36fe83e87b5e3

SHA512
786f08019a0917d0b3f29aa2d1885db6a6f995990fd8faaf41a9630f8347b4d210a844cc6690a41b4af37d60e11f41fd2675df1a01bab5915e20cd9bc69b4541

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\mr.pak

Filesize
1.0MB

MD5
d349cd7e4428f0877dd7e17fb87e6581

SHA1
acea433713580c293215144a6a3a927b96dc802f

SHA256
d2cd6c1ca6f06bd9426f7b93d59b77f15a07573f1b00e4c802a6862b53358722

SHA512
e68ac1066bf7c871c7eefd7c84668f0bfeac2929887a45eff704d44a5efde4a97647c265caa2a59e558ef2db7ccc81de7b9a361b8d24a92ee5baf2fb5bbca61d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\ms.pak

Filesize
484KB

MD5
d22cfc1b78320157685839f14253fa1d

SHA1
0cfcb5c176d708e26bbca2427be611ce6609eb93

SHA256
c7b56e9ca2f75b4414c13144ff4deee1459c2a7cde79730d863ab234cd4c2f8b

SHA512
2eed40c50a63e362dfe2f172d16e4545f5b19c673e71db674bb004e4e6a4cf793ed4a44ee80d86b05aaa6cc4356c207476afdedc2b35017421ea9b9fa6ebc81d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\nb.pak

Filesize
471KB

MD5
bf9bfdfab1479bb52254329d7aa229ff

SHA1
cd9ff35321731b839ea6e5f31f5de0bfb475666b

SHA256
96747543d9b2dbfb4482d4c24d7818d366545b2476633ad4fec8cc958ab760d3

SHA512
ba8e62d0a87c532ff46f2129724dd2f1bfdebd99c2606e0b9608cd07841776faeca15d04ec6241020c232d4c07809d718f40cf4ad9231d6a8996d55973486629

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\nl.pak

Filesize
484KB

MD5
52722c8524b75c7cdbae69152eca71a3

SHA1
9a78e2e684d0682be2e78683a8d6dec945eb73e7

SHA256
71f94806e0e6e2bc9367da415db9484d1933b6713a6b8b7558b162b03e411023

SHA512
505ea50ab426c6779b0c8f804c8b6c44d84b307fcd82346d4d1c1f26f216e313e1ac883d67cd9faa9f1ab51054dcccb10980500602def339381ff37d0b9e88cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\pl.pak

Filesize
543KB

MD5
7d822c9fdacb73d39ea98102dec09fee

SHA1
1e3117cc8f465d0724bcd36df117f65354d8ecc0

SHA256
055510218bdc502f8f4b9c9cb71460e75af6860dd6fdd4ea8dc7662d39fa21c4

SHA512
1a2ef9746341c1f411de15942e43d297ac0c762b2cc8cbdffd9cdfcc510027b7e7a439c28abd582359f1565c6adc8a4f304d934d392f023bc6a73896068fc3b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\pt-BR.pak

Filesize
510KB

MD5
5ba65ef5d3afb467dc5387f9ab0bfa96

SHA1
006e0aa5e7e5f69bffc3bb8ca5371a97db2feed8

SHA256
fca071050c9a032d2fcc4457c6b6ecf38406ffaa18e4f86aeb59359749051e35

SHA512
63d5df218da9ec91cc69b84c7a1a0b96a8863a8f3a32a97e29cad8130dfac9612e827170e5fc01940e674bd413f270425130d09247657166b80404264cdab06a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\pt-PT.pak

Filesize
512KB

MD5
4816d83e54beaa2f94c671d56361c04e

SHA1
5cae66c0b7079d778ac87ad48777afd85b172d2f

SHA256
a903ca2a8e52f987e23d040de7403b58d925a6c39668d3bc0822fb2aadd34cb1

SHA512
0d3a39e1205ce9366818cb51d38db035b80448dc1e2d2d6bbd7d5df693641582043b45b4a78bbf2334159616187dc85a51e623bb6878b1498d9bc7acd2a6ffab

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\ro.pak

Filesize
42KB

MD5
76a36f5b7d2bbb636701d6e0e03a3c25

SHA1
d1a9d6f1a3a317aa3d8cfdadfabeeda5ed393aeb

SHA256
f94f49214410f02e7e817b9d148b55b79f9a8cfa8cd5dfd76cda131b587e619d

SHA512
b56abdd3787777dc5d3bd574bd5074056c87e7ede0d62e574187836bc1fed35db4f4635add470c5d4655be908250b274a77eaadc944ca2c1f4ca76e2eddf6aef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\ru.pak

Filesize
42KB

MD5
75a784839b4abd7c04eb223105a8e060

SHA1
54a60863efd3feaf00af16de9597e06f191984be

SHA256
e574927e880b2514fd0091db4b31f9ebeec2b2431f38855f7ab48d71017f9844

SHA512
2217025d87742b2cb1f94277ee8c37229eb94cd39961ab4bde4c3327514286e0ded6863a26989e52217d26a56b4094ad926559076702ccc0efa9f54054c1f917

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\sk.pak

Filesize
448KB

MD5
70176762234780c6f0396a50bad64f23

SHA1
84ccc274c42ba941369fb015f88359b9e1cc1cdc

SHA256
b64aa51a4fcbc400ff5b5847463cac3b92556e9a5f1fb455f6fba49825757e1d

SHA512
cf53773daae9bda9b0a04fcf8d352e73b34104c580727bec0efa165bbff94cb6f950a82bf2e3c15297369dfe4d540b58a258b9111dd8ee172e0f387b3d63b760

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\sl.pak

Filesize
448KB

MD5
5f9ee5798ac501150569e3ec8ab529cc

SHA1
31c5fc8532949d63db870cef87cfee570c4e277d

SHA256
0e0ecef0db1251daf1b0d9e16684bd5d9039eadf29e7a5c69d23e081508c1409

SHA512
87c45a6111648850251cf159b4c6593326e4a9fc2b853406c191a22695c845e3c199f24c6ab52b89de14252dc92dd16731ce5928db56f7e7fffadb38d14eba1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\sr.pak

Filesize
448KB

MD5
d0694cc5eb880553095f16a8938a8cf9

SHA1
f7ae3d6ee27339ec24b9559ed2cfab3c25ece27a

SHA256
e27f33687b5be3e32be5b02ec0ba91cc67050e26351d3fc55b4e3cbac201c15a

SHA512
d2e3d5879acf1892302f52a3e56ae2052cf463ab0f90599268d05c87b7de14dbfb64f03a6d0a34c72cdb5ae2c52409cefd6d85ce96c1efb04a6ac43d3449de12

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\sv.pak

Filesize
448KB

MD5
2359bc7e6d7b2d92ebbf5381c620a4d6

SHA1
2ca205d7feb749e57fa95f86cd1037ea5f197e38

SHA256
18bc49113c72a3a319743a759ea838960d081dade763ef2bcc9c3fd0e15ceb95

SHA512
2718e6bc3d7b6886f7d1c2cdfcce7c37508f08ce88acb395ed96769d6d74fd5d70c696d062e1e20cf1a7c214d2b270fee5abbd84ae9b96563725d2b7c58284db

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\sw.pak

Filesize
448KB

MD5
1dcfd52fd7a0123736757f05d6fb662d

SHA1
0562907d974b16801ff0f51ca1c2fcd1b1ebfde8

SHA256
275a93a1f5f3db0c5be464bbe22cf01a9dea0258a2f9d937f3c8692249169faf

SHA512
f32f698869902c0e006eeba47714ea652eb74f766e6c5441df085033be57c42609953cf13d22487f929da5e722d3eaf1bf6394b7bfc0d355dbe51e1bc1f14a1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\ta.pak

Filesize
448KB

MD5
485c0b6afe3dacd7cb981121f1166186

SHA1
e5eaff57f680b164eb2670ffbe9a6b5c5a196291

SHA256
78d4e3bcc9cfb6d274b57253af9026ca0eb79b0b102f529996ba2856a29faa6a

SHA512
cae9772cc253f4925cfccb65f45c4fee395e8a372980ffd1f75eb57c190d09f11813099a21892e2943f8457b7d1b644c40ee4363f47bb5f6fb4c2ed0500b8b41

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\te.pak

Filesize
448KB

MD5
f47960a7fb6f95d1c382e8a41ea1ad78

SHA1
e5716ab211565eaf2c80864a3dde592410d83931

SHA256
beb5a53f52f497598542b5d0d3070c493ddb1320af814f77fc7780dc9ebe8b59

SHA512
dfaca134c27278a9732ffe97654c1aefebae280900775e9940499d5d32e665d1ddf35769c34de9bebaf46db8fad0164d7bf59f2093256a475f9f235a1cfca73b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\th.pak

Filesize
448KB

MD5
6d60dd9263a89856f4547fb13a8f078b

SHA1
1add9696c5f506ff9d5e8cd037ee40f7414040b8

SHA256
7adae2eb1124a0cbbafe80726805f3d0a94fe5061b63a2dfe29ff363de8f2760

SHA512
c64dfcc6a445f53b3e4d73eb8f5315b63d79e3284ff8aba82e229ed3d71ddcff66ea3ec753df5effbe13640c9cd223634b5f9b59acdd97d074b060304ad4bfdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\tr.pak

Filesize
509KB

MD5
eef8a7a7d0bbeb6f92f7ddd0aa762921

SHA1
480ed148352df1785963a928e0fc2b06aca05fab

SHA256
de0a5ddb2126d8c7a2a7810cad447226805794eb74cc8ee7df40078cb0a66c96

SHA512
f6e8c848221193eba2dad7b37101ac656356382f6933271292348f78f734289206bd1883b0500106ba15c9d1bb044568bc18738ff2d0e8797d30c373fe2fa85a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\uk.pak

Filesize
870KB

MD5
83e5f0092b6d72403b60fe0e1e228331

SHA1
989ed480b7ef55dfc9ccfbef1a5b9b0e104693d8

SHA256
29d68d90512ee9952635c7e074d5ab210531d93ae24c11a8f91bca20b685e9a2

SHA512
9895928ee516db7d4395b2788135a814031b9ba45e3a837e633bc253b08d6f380e4078d4d3fd51ae37502a39ff45a0166969fb62365e890f4960a51040b20941

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\ur.pak

Filesize
761KB

MD5
29403f3d5c8f6ae2a768de2fbe8b368e

SHA1
da83015565980ea1a24f5493be6311f06427269e

SHA256
2520ba8471c840aa075075524c4ad2bde10f43fa7a1b623aa14555180ecd30ef

SHA512
a0709280adec39633ca19daf9f8bac6c17a999101246778a63cd9e172dbea2f281b20ce197290c4af6c7601ee7956da42f17e31461a1bd8b8a4bce3c36dc87b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\vi.pak

Filesize
602KB

MD5
357b0c8d9ec9d4f1ddb9a2c217a1bffa

SHA1
dd1d9dddbea33fa8a997d746b7fc262b00cfbaf5

SHA256
6acee04c81562bb9672a5df2dc020ea32cea7efb359f490f7afb61ef534a4b9f

SHA512
dbcbb2a6aff36f416aaa5eca8561ab93424e808751c92d4e672e1639299d40cd536c9f50810888802a18f1ec7bd6699c0b3195e4d9f12df0aa629f3bd257c257

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\zh-CN.pak

Filesize
435KB

MD5
8673be2762103647592e9d733cbbc4c9

SHA1
e7fc6328a3e9a5e06e1c5e99f588846ee189fe73

SHA256
5d4ae2b8ad94e22b8c7a0c0448259486dc371ce7182a432394d7b6fd3cd532ee

SHA512
7cf0a7fcdcd15b6e5aa8f20bab3adc6488e92a634cfc6ea13e1c9b4aa26c8b0d0b6d9f8a33ae7041a510da0d1598e955f9166d7dfb2c3d5ac5c71f1f074afe7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\locales\zh-TW.pak

Filesize
430KB

MD5
be0519f12d13115aeb7eea78ba7da9fa

SHA1
0fd7aff5e2f55864b1472c55e7720d5bfefba382

SHA256
14becb8ecc6633a83d28ac362ba4b76bcd46147ca92297216ffd15e1e6455a44

SHA512
fe35f87de8bf1c40d5cee2dabd7485d7db723199387ae1585da1d46804729ff9f8eae48e71ef22f5747433631971a5ab48466f3c0829585e46d136a46a41a31f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\resources.pak

Filesize
5.1MB

MD5
000a0742eaac3ef14b6e776717066a1a

SHA1
6b3aee0727433363e80ee7fc5c5b0e36adafce7d

SHA256
5cd3afcdb2d15273f0369ee526edeba811e9e97d8969642ef05e6ea59d1ed6ca

SHA512
e651ee5cb446453d3ac4b042984d14283f1317654cbf20d5c7ffef9d41688280142ec825843f2346b94b6c13d9cfaf510f557a99adbddf8dacff94bce0e316ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\resources\app.asar

Filesize
1.9MB

MD5
71db7c0dda89b9d280495af8d0eabc61

SHA1
ae6f03e7258773595552b8d8fe3739afee2a21aa

SHA256
4b2bc853c9eabcaaff385d103edcc896845e44adb68cff1d7834928df576ddcc

SHA512
78bdbc9f8de1b24341f10511d178734df7c95cdbc509e57d406566e2a755b3bd6da1f03793863aedde2ef75f67434def9acde6d15e1b9ce1b46d3fafae13c23d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest

Filesize
350B

MD5
8951565428aa6644f1505edb592ab38f

SHA1
9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2

SHA256
8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83

SHA512
7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

Filesize
3KB

MD5
d226502c9bf2ae0a7f029bd7930be88e

SHA1
6be773fb30c7693b338f7c911b253e4f430c2f9b

SHA256
77a3965315946a325ddcf0709d927ba72aa47f889976cbccf567c76cc545159f

SHA512
93f3d885dad1540b1f721894209cb7f164f0f6f92857d713438e0ce685fc5ee1fc94eb27296462cdeede49b30af8bf089a1fc2a34f8577479645d556aaac2f8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat

Filesize
13KB

MD5
da0f40d84d72ae3e9324ad9a040a2e58

SHA1
4ca7f6f90fb67dce8470b67010aa19aa0fd6253f

SHA256
818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b

SHA512
30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\snapshot_blob.bin

Filesize
270KB

MD5
d20922aefcad14dc658a3c6fd5ff6529

SHA1
75ce20814bdbe71cfa6fab03556c1711e78ca706

SHA256
b6bea91727efb8c88e7c059856553d3a47abd883e60dd60efc01b04dc6eec621

SHA512
dbd63a9f01feb3c389c11b55d720b5d689558626041fb1dd27ded2be602e5e2a8d210f785fde025d7b9959f81de3df7fef06981269b58be564df05aec190dd1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\v8_context_snapshot.bin

Filesize
627KB

MD5
1e4da0bc6404552f9a80ccde89fdef2b

SHA1
838481b9e4f1d694c948c0082e9697a5ed443ee2

SHA256
2db4a98abe705ef9bc18e69d17f91bc3f4c0f5703f9f57b41acb877100718918

SHA512
054917652829af01977e278cd0201c715b3a1280d7e43035507e4fa61c1c00c4cd7ed521c762aebd2ea2388d33c3d4d4b16cee5072d41e960021b6f38745a417

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\vk_swiftshader.dll

Filesize
1.6MB

MD5
bab165243b802402f815e74a0e7555ad

SHA1
681b6c1620ba268a3343c89323788bd2df49f09d

SHA256
62ad92b29ca34f5787cff7c007147cc1c5b135c84bafdab1908f0adb969620ac

SHA512
68fed62653c1354fc5ac22143b2b9e225c6c86fc2640b318fbe2429c9c8757536f91e2a8022d3ec45afefe94db30d5745bd2e0a3fa0f854c96bd23bf9137afc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\7z-out\vulkan-1.dll

Filesize
192KB

MD5
887f8ebea1584717b91fc3100af2d154

SHA1
b9fe0a40804db9c7bf302481750b5b1c72ac7fb6

SHA256
d4596bcd0f66dfbfc5b66bc5653c65bab01e5af9b16f9ceea1e3b0ba6f34c747

SHA512
7be85dc25d804c8145a858cbafedfadc897d1b9ded9df65b8a637084e614bc72641831c66036563ec3f82aa2b7884c72fed36a5ec0c159f0427393f045069f45

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu778D.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\GunManiaSetup\GPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\AlternateServices.txt

Filesize
206B

MD5
c56ec5c7484b0b64a4e0860c4bac9537

SHA1
a27a972c351de10b744ec7bb4482701b576ca179

SHA256
3810408be735492e447fdeec53c9469da87cbd68f051ec5b2d631a53e5abad86

SHA512
fe31a8e736da036a53b624b3ba5d65bfdeab3394f4ccb4bb962772cd7a48c2844553a6426ee78c438123dbae1d96fb06f4daff18c74b1d235e1587e742b1e7c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\SiteSecurityServiceState.txt

Filesize
391B

MD5
2bd16f97fc45b5170602a33509e60393

SHA1
4e734ead67095b3a40443d6c5f6a084b6affabdf

SHA256
7d99ecf5b4bd8264fde4721aa864356bd1d19c01c50308ac6077e2f688b675f3

SHA512
3aa772263c957f985b6e333aceef6612fceec92a985d48de1d1b9ee5807c87e808894c20a784bb32d91f236fce2a3537c1db56494d67de57eef455a70c7bfe7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\cert9.db

Filesize
224KB

MD5
5d8fba59466d81df419f10a5a35f19cb

SHA1
8d5f725769ed1a28e783f2dc8bdbd7cd0e0a8b7e

SHA256
6de264cb06bd3eebeaff42f075662dab8f6ab9c711922c0735e619ef4ef3c08b

SHA512
4c96d827dda3af9faeb79214744ebd823e23d0a69941c2018893e726ee4acbf252102e76d693d10c3d3d82e8456603555fc6d7a73cb4b9b38324a22e3110ba05

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\cookies.sqlite

Filesize
512KB

MD5
65e4f5c969c45757b49e4f68e13faf30

SHA1
9175e4025c648dc1d931ac71f2396b2c772590da

SHA256
e5ebac17a2b8f74e7bae0eff96cce6337652b38b8d2cf5cdfe4c4bc00b4aeb89

SHA512
1db729cac1f26c7c4cc6267af37cb3f90cc1f539bdadc668dc7fcaeaa8fe95317dff51f309ff2958fc458899c60edb86363bfa6019039d158b439bd69966234a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\datareporting\glean\db\data.safe.bin

Filesize
16KB

MD5
56010a48299597d5603501db74865b61

SHA1
003968d13335c8d96039a2185a066375f4384bd4

SHA256
a4a6ef36cf4ccd9b189a2cc5171dafb918e9d4eb180b5134989a45f6d419c10f

SHA512
a2ba013c4ebdffde2afb3fc7b6fb1193fe48a32afc05de3e6f6e401b08e836521de3ee79c42d31bef1beb69250790c82317c33609337435ef7d1154e7faed799

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
6f591379fd52792957821e77bae8f368

SHA1
cbd7b4d406c3e8ba7d3419a9963e4bf3449a68ab

SHA256
67b736a9ad741ae81d0866588bd512db8298f2e9930d0022ea472f393e65af98

SHA512
93d64bf16f8697c9f5c7981fd740773dc3ffab95d2c316987d08cd82903c9858c62e2caafcbb4c2756750ff1847258b236fd97bd9bb7dba686b5992be4d9190b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\datareporting\glean\events\events

Filesize
326B

MD5
4e171e7077f57c5a669cae29db312626

SHA1
a55a7d97dabcc248f8be8244f02282fc5175bad9

SHA256
4bd87650ece050d9b4278062a98f7ebe56c3d07deee274a53d33f433b17fc456

SHA512
d57bad7b0650196af12e1322437f41c71d968bd50e4f968544b9c73bae84c39bf8e8520063615ade286065397cf46eb538337fa9dea2222cd7b250adc41f6f6f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\datareporting\glean\pending_pings\346f94a6-0c3f-4bae-81c1-8ed848f0275f

Filesize
11KB

MD5
95728b2ac1557305a4983b73b4f8bf03

SHA1
e749288e7ea8045c8e53ce0642b3a32de415a317

SHA256
f6e8d279a19f7569250ce536a24b3fcce9481a93bd6216707c71dcf3c2632ed1

SHA512
e3845474e73d2030dd9c5244f3b9c9e5be3f3f78a4c8392ce233f8621ed8a47d0c4f95c8f7499d6d190d83997084291f14aec19f352e07399f10063139b7d8f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\datareporting\glean\pending_pings\3b9a2162-05e5-4f73-a60b-5b472ca57e2b

Filesize
746B

MD5
0bd85fff76c3f90dabbc9744fc30c8d7

SHA1
842411e541bde498594cc6b25adc1cefa2e23160

SHA256
92b9b8e7005a11687423dce18e4977cf11e29aee4383afa1c15fef65b496d542

SHA512
cf91600600aca2d0cefdc61eb164bffdb55055ade5a30e226857a7804e4d0cd25eed01d5dc331ddd6f180a44a45326e24a531264d4964a41986f85f10a8a4e52

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\datareporting\glean\pending_pings\40575f63-8f63-4fe3-99b9-4b40aeff3cf6

Filesize
790B

MD5
2a1a3a87dcdb12a1cefb8c89a4e5dcb8

SHA1
391c9237d44e86d6a6dd731c8a9f347c2f8e4ac8

SHA256
14196307fa506a1bfcc831e4de6e05311c637bf8d50382b698d6131edc91fc83

SHA512
a5c02394596b51ab8f8d83cd3e9a603674b4e1b0893f36ce4c498b0bb7626c8ef929433400c32e877b513f580bbc768b1633db4a5e0b1e81694061812511e8b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\datareporting\glean\pending_pings\f101904c-7a41-4ac9-85c4-7cd4abeec161

Filesize
931B

MD5
18010b11c552c790bfbde2fc353b76c4

SHA1
052bf784c62fd7ca95541048092108a8fa9a00fe

SHA256
7b1ed0daa73b260ad183ebdb534e1302d5b5bc398b19f16f39d4861aac640a16

SHA512
5e1c30b44fd9e7cae6d72631469633b8b6d7952f37535e20e0b285943e62e1d9a5ecc884aa0a2508e1df519dabb91637f5a175c4d7bcae8b8b4c027fed2e1fb4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\favicons.sqlite

Filesize
4.8MB

MD5
e0f98d77013157e89543db124ced9cd0

SHA1
e82c14b2c4b46aec76d46fd85c3753d95695cebc

SHA256
13cda87f64187248a7f5f0ba93d0584eb5cfc7aa0646755701b5ac487c139ccd

SHA512
308c41ab3e614eb7f9242a6f1c1c14e75d067dd2e34a303d3b42689265a2d1341e1b3550ace006c9b0702e9f43f3c04652be8f7b56e78338eb45aab0a68e0740

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\permissions.sqlite

Filesize
96KB

MD5
be907d498d8e417618d86afc5dc1b942

SHA1
deffe522560c44639ec702123bda229fc6932148

SHA256
f46f6e98f0ecbeef2c46557da242c89c408df5afe8c7291a3eff8d8d2e20b071

SHA512
ebd1e7c94096f69ce115972f246cc402cdeae616e57a05b9b7fba49d1dfd2a622602c7aca442a7c9b6d7d0171641acba066025bbf6b013fc73893b4a5ec2f088

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\places.sqlite

Filesize
5.0MB

MD5
af79e04729fcd1256c9c9c9cdb7d4c21

SHA1
be26bd2339232b2c3f6f211e44394e2a0109a4c8

SHA256
78f4152496d35c97c82db8f0a4c7284e0acb84433e0d61d6aa429e3f716f322d

SHA512
2e578d4e10192e5e8a262d836e1710a2afc1ed864abbba5bed1c4aad99df8db9d8c97d95e4bc322e80c728ebba4a195d61fcb60bc5de5f859c196fda6761db11

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\places.sqlite

Filesize
5.0MB

MD5
35abfcb9c88a4fcfbc61ff795cac0752

SHA1
d455e5386ebfc5d79412c050692675852e9e37d6

SHA256
8588ece53345ade0a8635311afcb8c7ce01348501691fd5d405f023b2aada4a4

SHA512
f2e421e23b6073e2ea2d1c3077a920880c1257d7944ff6de86e537a7aa4e8d4d117e4e5040f9683e6fd8906f509eb4a73a65732edefd02542670057e50e4a3cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\prefs-1.js

Filesize
6KB

MD5
74994de8c0676201c0d0f792ecd2dd01

SHA1
763d243838ff4957e48a9a60a40182bb8da81db9

SHA256
b980370a741439e0d9c4de48e561196e59a16f5cbfba39ac37f90550b7f7d8ea

SHA512
ba915f598a5de69956f83aa668c0b388b9600ba5c5b3f49d6783225a31f82cdb2f98d12b4802d7ef85b7beb81ae783d3f9b727383fdf6d018e0fac62e02ad013

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\prefs-1.js

Filesize
6KB

MD5
dafac14d57c96fd3be522e7d74dc42e3

SHA1
368399428d604b8e4c2f946a1677ba49ff98a99b

SHA256
4a19daec1b5e1ca8745cca5658f4e88fa80f33ae56892940c9d5dda859cfabf9

SHA512
d0c3f8359f967227a8c19275a050455543161604eec2e9f29c1d3eba59de1a455aa0bae5c81d3bc06962577c9eee4a33b5872e23ceb2961d6433c9967e26ba87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\prefs-1.js

Filesize
6KB

MD5
bf60573a3e4828daeff83bcaded04a65

SHA1
1a12abe820db1b02f6444d88ae31255ce6753d8c

SHA256
2fe2d6e15789f9bd03c23c58bb9b468db183d757d95d4dc3b4d0a87a7dc04abb

SHA512
7ace201e14e8e2c94212f949fff8763e61dc404b76ff146d5385533694b2ccf1792bf09210724e46db8f42f8a4661653dc9279ead41f75d0b4b0fc93f41dd2aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\prefs.js

Filesize
6KB

MD5
fe0cde73a55fdaf2509349db0b650f72

SHA1
265289d8131c29fc216815be332021ba73549731

SHA256
30de84e3cdc562c76f069dd8c0b7c6f2685c810662bd84ba3516752179a2cb0f

SHA512
098e4bf21dba7cfa076a577346a28d9ec9a88775837f75c71d38bdbdbaf94d826251b9b7f4eb024a4432c7ac0b77fab420a889e128bc51e58943b3c95afe5f3b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\prefs.js

Filesize
6KB

MD5
6f363bb894a940a40566a683be19f39c

SHA1
398bb7bda8f76177edeea285caed4ae43b00f97d

SHA256
b5b492c79e8d4747b0c32298634361768f9a55a6191d2746bc0af3338d15394a

SHA512
20de7c1286b59a473546398db68aefd0cb9a1124d3efcaf5f9486325211c145b59f6bc90e46798ffeccc5b14e5f98c34e7e9d712f8f36a40cd2441c86648734a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\prefs.js

Filesize
6KB

MD5
a51557edc457048928b5b2a0c2934547

SHA1
f213c7948e59f74eb999923fd71d0636be08e5c8

SHA256
c71b5005f82dca87e77de6a9b5c2cf18e0b2a7fb144c8bead5aca7d0b33f7e47

SHA512
2c5ffd70583dc75cd6c2e76bc9070085883bc59923fd82be2d06e6e365b4e94f23af6a56138c17a96d7f7dc7bf63adcabb249bd28e19e63d66422dd7bf4146b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\protections.sqlite

Filesize
64KB

MD5
49397db0486dc59d607907a086f40c9b

SHA1
08742ce9db9569062def08e99eea8470702feb7d

SHA256
890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4

SHA512
fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionCheckpoints.json.tmp

Filesize
193B

MD5
2ad4fe43dc84c6adbdfd90aaba12703f

SHA1
28a6c7eff625a2da72b932aa00a63c31234f0e7f

SHA256
ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933

SHA512
2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionCheckpoints.json.tmp

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
37a2c8263efec4058bda3d53c00e5c36

SHA1
793173152c9300277921f8cb38f29606c6cbc060

SHA256
d827c0ced515cc142f5da324c56cc9e5c33c24df1c36bea063740673e3391479

SHA512
37b236805e16a877cfc3f9645a08fc75d47c25a69e2afbf43462809d11709483211a2df5e67bbec24650326e3dd6ee8e9fb1bf766d0ae7dcc1253926eb1d9658

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
7e0fcb47f09f84b0f0d8bd00d099c290

SHA1
336fe4baa2aa746466444eae37728f615c0c3fa8

SHA256
be21eb3618e2f7d8e6a6abfb1a0c2ca83eb89889cbc2fff3cd98d92969c3cd82

SHA512
a6810c5bfd7509ddb54e8dde94ab5b6f75bf8aa827374fa4df050f606cd8d50ae17870531da1554692e2f459013f4980118a4a30bc12d206429ec3cd27ddd9b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
3ad1be3dd6b9214077b85e05cead867b

SHA1
e2586f7217dddb13af1a6309988f850967b1577f

SHA256
8bcfca714854a755e8959bc40e3a29b8b4cebb7ddebb78592606a8a58a8d1fb1

SHA512
f595870f4e8f5a5167f03943ce94213522175f2a116fc84050dc597f74e1b0c94ebbbf54a33b8b0954d789a2e3b95b233764f267f1d4feaeab6db906e398028f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
e98b7c9ac76f3b7848dd37970f40ea8c

SHA1
55448bf39aa5fed032f78b11d6522183533d59e0

SHA256
2d123aaa8794c4520e8ed9d9ec6af892bd054c199203d4a794faa839b784196c

SHA512
fb7deec51a0400b434892a4c13d8d6d832f7ae1e5e35b8a8b4f0f3799986de3bf10132e27f7a190393cec6c35aa3ecad3e99421c4e029f77460858ff59d5a6cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
7b8504d895ef93c5705256ea3f30ad85

SHA1
7eb84a79f0b25d4563afb7bf8dc8cb8205adac65

SHA256
ae1d5f34a740a403a5aa9824fd60d54bf080ed23eaa67d77287619211632b217

SHA512
fa6389715b0d93f2da629f0e945c9e416113481d2527893f54b6d7ff134fc6e11f68fc20cbe6a5c25c9d1f53171e04084de1cbea5e0e88f1ac3d56e0440cd2d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
fd60ba291df4d91ac08dc95f9e22835b

SHA1
82608b2d321107ff01a7dde405e81c50ac1f2cb5

SHA256
b701c9d00b1530a40ff0e339f8da73d3c6d9582585ffdfaf7e6970b2a83de7ee

SHA512
e35870c56a092a0aa0ca150bf336f8294f72f25e007ce1c505ec6d0acfe465269211d8d529f1a8cea94dcb2d0427cfcdbaf3449a8b773a13631b0d5c1fc33dab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
76e98f5b98917d46d72f092f14bfa1bd

SHA1
c6900d95f2431aea5338c1c87ec0636b70e9d2f0

SHA256
ae89fba377d613b8f6fc1cc406385c84b5e9ca352ca3945b8aa6e6557b83096d

SHA512
2b06bc3d3ae1541df286aa4166c5ae25f9ac4da9f4dd362d7a54fe25133bab2f7f2a39ea392c8fce72055da7c3c2ffb7c030750cdab26b14d52124b1eaf297d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
c965be8d992bba00bd97ccf8556e7f64

SHA1
f14ba8ec6faac7dee00e4b9016ee919d6e39b4ca

SHA256
47246b7a551f325e6a6f91bbe634a6a38d608667aa319cf71d4cf48ee74bac44

SHA512
b99e7dfe4be4b3027d58f4fc01c67ef257dbe75bf011eb53bd4f4a6c81df7f788408856852230db05352944cb4ff69e63ed07578b34b34bfa4b7383203c80b77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
8de6952448515152e384150401ef0f75

SHA1
51df2e73066b9c80d1f63d4323b05daef287ff69

SHA256
0db403f57c4a702477dcf5d4d96dafbeb2118d7367a11536798cb2ce9a9f4891

SHA512
edfc4033de54cdce0b80803982ad8214142364267086e26a3e4ecd02d1320c5f2c91813ea45716925760c505bfc619916dc425473dec9f4377d6dbc9218b9969

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionstore.jsonlz4

Filesize
3KB

MD5
6c4e70f53e253246794fa8a38d8f1998

SHA1
5c0a77925e3f92249c7b898562641067bf7b99fd

SHA256
625420c34f77408c1f4e7d47bd67ae2dfb9f34ab44fb98c93fff408d4f3dd2ec

SHA512
65f9132e7573609dc3be2c121a8e3aaa473c4ed5f22c0934a70a491aa7b94233005cf94ac055db1c163c088608b55069a55dfb20f91258c842896204a4c4f920

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
39f32b545c1a74fbd4cc1a1f2f0b6ff7

SHA1
9a8e90b5246a1f8f79e33b45b02bd0635edecbc8

SHA256
dab909626a3845b2cfec816141ffa52ead0d31a67f987dae738be5143ce0e4ff

SHA512
152220ed1da04937882dd1767d303f7dad48cc0644e075e4a08954cdd68b95c81c6427bb74f5e4a87ff053bcd29b8a4299614453520d8dcd6cda9419f2c58834

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\storage.sqlite

Filesize
4KB

MD5
211bfb719c89ce3c50462d94b41df70a

SHA1
8e6977982358d7835141bd159035dc418457a7bd

SHA256
4b1bf413d3ccd5063ef460424a9a84f7e7cf01d624be5e2c29496330e556d1ab

SHA512
7b99d60f7b38bdf8bcb6b2a98541e0fcf0d2e45e1aa0941244cf2e8ef7106a392fee3b7ba01eb0c26303c85d3f21d75bafb09234d59cafe80b8ee73a95694cb4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\storage\default\https+++www.virustotal.com\cache\morgue\144\{267e14c8-610c-43b2-89a6-613e5cf02c90}.final

Filesize
45KB

MD5
e1f4b96552a27e71ab783ab2700d70fb

SHA1
1c42ef501ccab6a5f2b7383b40f409425b64bc15

SHA256
b8244d2674019b9d385f85cb210ee9379c4803a5e843c375a036b4df73af620c

SHA512
481c9d960a0de502ff65445abc1c8eed58639f205697429cab02162e00f0ea8b3be6e2d8da37aa72f7f854d9ee04ed6d1625b44fc02aa1b45e0f107f638f3d69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
af6b25ea30baf0045373e2676503f702

SHA1
321b5527ca078ceb3ce5d9692d206b6109e09802

SHA256
1a4e581898a8e43daadf07618e2aa25952b58fc1032c956716aca11b4be6668b

SHA512
66cf30c4f1058ad5361844eaa4027943cebc09bd2b717d0d84f0ae95052a2d3cbcde9a767e688ea39ae96a402e802beb2f158ec89042bb94e43cddd3fab79441

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
d02f76563a62967fe940f760ce82573e

SHA1
cd89a8c866f68c60554b56addf3cb40c1ceb8f0f

SHA256
952ecba466e737ad54208c8a3effe76255483fea3ffb4a6a736fdbbc8711b9b9

SHA512
18ef8081a884319d8c00342fc13f3351e4edd929483b6634b32d64f32b4bbcdca46a100aea183458d6ffd2135df83a388e15185fdeaa4ee4894b4ebe006a62cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\xulstore.json

Filesize
120B

MD5
05e1ddb4298be4c948c3ae839859c3e9

SHA1
ea9195602eeed8d06644026809e07b3ad29335e5

SHA256
1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be

SHA512
3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e

Download Submit
C:\Users\Admin\Downloads\Gun_Mania_Setup.rar

Filesize
33.9MB

MD5
0cdf5aea3d14541d8b95df0e89ee0ef1

SHA1
520c3b7dd41cd8d313b51a186549489d7d87665c

SHA256
f951ab1222dd8f7b01fa4d8ac6cdb08f8881aa5d04e393dc77f773d0fefca0c4

SHA512
ef5d5c122ff72e00fc200e08b645e9b8c9ea5507bad81b5b982267f1ca15018347b6284fd6428a1caae821a8ec7e2ef2dc323376382e6c213bbe197b183fdb09

Download Submit
C:\Users\Admin\Downloads\Gun_Mania_Setup.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\c:\users\admin\appdata\local\temp\2de7z4lyubsnthselw5fwvw67fq\gunmaniasetup.exe

Filesize
192KB

MD5
97cac3633a0d66e98c364f108cb54df4

SHA1
ac3af860c1bfac4add71e2c086b09102ad2a5995

SHA256
0228a1ea1354e01becfdb0d59de55c77d9d16af79d77fec5b26cae1891818105

SHA512
b5f1b6bfa8ecb86ecf898c8d32f1d819deb28dc4b81befb46ba4a0553225c735607363f60c351a2c45846cdcebf16a383263b9288e672d134787406285323916

Download Submit
memory/132-349-0x000001B336060000-0x000001B336061000-memory.dmp

Filesize
4KB

Download
memory/132-359-0x000001B336060000-0x000001B336061000-memory.dmp

Filesize
4KB

Download
memory/132-358-0x000001B336060000-0x000001B336061000-memory.dmp

Filesize
4KB

Download
memory/132-357-0x000001B336060000-0x000001B336061000-memory.dmp

Filesize
4KB

Download
memory/132-355-0x000001B336060000-0x000001B336061000-memory.dmp

Filesize
4KB

Download
memory/132-354-0x000001B336060000-0x000001B336061000-memory.dmp

Filesize
4KB

Download
memory/132-356-0x000001B336060000-0x000001B336061000-memory.dmp

Filesize
4KB

Download
memory/132-353-0x000001B336060000-0x000001B336061000-memory.dmp

Filesize
4KB

Download
memory/132-347-0x000001B336060000-0x000001B336061000-memory.dmp

Filesize
4KB

Download
memory/132-348-0x000001B336060000-0x000001B336061000-memory.dmp

Filesize
4KB

Download