hxxps://gamejolt[.]com/games/FNaZ/915909

Analysis

max time kernel
62s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-08-2024 19:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gamejolt.com/games/FNaZ/915909

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
2564	fnaz-demo.exe
5744	fnaz-demo.exe

Loads dropped DLL 64 IoCs

pid	Process
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe
2564	fnaz-demo.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fnaz-demo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fnaz-demo.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 7 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 397971.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
344	msedge.exe
344	msedge.exe
396	msedge.exe
396	msedge.exe
3596	identity_helper.exe
3596	identity_helper.exe
3576	msedge.exe
2212	msedge.exe
2212	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4424	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4424	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2564	fnaz-demo.exe
5744	fnaz-demo.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 396 wrote to memory of 4852	396	msedge.exe	84
PID 396 wrote to memory of 4852	396	msedge.exe	84
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 1452	396	msedge.exe	86
PID 396 wrote to memory of 344	396	msedge.exe	87
PID 396 wrote to memory of 344	396	msedge.exe	87
PID 396 wrote to memory of 5040	396	msedge.exe	88
PID 396 wrote to memory of 5040	396	msedge.exe	88
PID 396 wrote to memory of 5040	396	msedge.exe	88
PID 396 wrote to memory of 5040	396	msedge.exe	88
PID 396 wrote to memory of 5040	396	msedge.exe	88
PID 396 wrote to memory of 5040	396	msedge.exe	88
PID 396 wrote to memory of 5040	396	msedge.exe	88
PID 396 wrote to memory of 5040	396	msedge.exe	88
PID 396 wrote to memory of 5040	396	msedge.exe	88
PID 396 wrote to memory of 5040	396	msedge.exe	88
PID 396 wrote to memory of 5040	396	msedge.exe	88
PID 396 wrote to memory of 5040	396	msedge.exe	88
PID 396 wrote to memory of 5040	396	msedge.exe	88
PID 396 wrote to memory of 5040	396	msedge.exe	88
PID 396 wrote to memory of 5040	396	msedge.exe	88
PID 396 wrote to memory of 5040	396	msedge.exe	88
PID 396 wrote to memory of 5040	396	msedge.exe	88
PID 396 wrote to memory of 5040	396	msedge.exe	88
PID 396 wrote to memory of 5040	396	msedge.exe	88
PID 396 wrote to memory of 5040	396	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gamejolt.com/games/FNaZ/915909
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd037346f8,0x7ffd03734708,0x7ffd03734718
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,9545134827592913848,6756430119468059722,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,9545134827592913848,6756430119468059722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,9545134827592913848,6756430119468059722,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9545134827592913848,6756430119468059722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9545134827592913848,6756430119468059722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,9545134827592913848,6756430119468059722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,9545134827592913848,6756430119468059722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2040,9545134827592913848,6756430119468059722,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2040,9545134827592913848,6756430119468059722,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9545134827592913848,6756430119468059722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9545134827592913848,6756430119468059722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9545134827592913848,6756430119468059722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9545134827592913848,6756430119468059722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9545134827592913848,6756430119468059722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9545134827592913848,6756430119468059722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9545134827592913848,6756430119468059722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,9545134827592913848,6756430119468059722,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6888 /prefetch:8
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9545134827592913848,6756430119468059722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9545134827592913848,6756430119468059722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2040,9545134827592913848,6756430119468059722,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6724 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,9545134827592913848,6756430119468059722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9545134827592913848,6756430119468059722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9545134827592913848,6756430119468059722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3312
- C:\Users\Admin\Downloads\fnaz-demo.exe
  "C:\Users\Admin\Downloads\fnaz-demo.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9545134827592913848,6756430119468059722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9545134827592913848,6756430119468059722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
  2⤵
  PID:5312
- C:\Users\Admin\Downloads\fnaz-demo.exe
  "C:\Users\Admin\Downloads\fnaz-demo.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2860

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x2c8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5fa1b0ca71316d90d9189248e8b3817a

SHA1
e79979ac4bcbc2bc4b75c362d5c53da384123707

SHA256
5cc4623fd79ffa3dfcef13816e711abaf75b92771b80071d5840d31b9a513f93

SHA512
01941497073b058ed31b8cb20733f27005fc6ce3ef417d3d939c397fdbb87f31ef13df07580a348c65fe07198c11e7c6baa74417d51ca9e39e0c3764700ad5db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b7c888d2fff2409c50073972f9888d84

SHA1
eb211164d20bab24e3a3765b596becdf59c411fe

SHA256
b81747a517819091aaf5484f5462fa6f8ef240fc56bbcee85a63c2fbcaa9bb9a

SHA512
5e734d499c7aee6c8bce40611aef7953e75548942929271aa278fe36e2c1665431012d7c762f56b69963699189262bff0bfdde4f3d4ecb79a0f39e578416f49f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
26784582aadb0f0a70df1a81b465b224

SHA1
4a5df5c66b95fb765bff6e9c542f6f913d61fb2a

SHA256
e9e46d4499978e856c257603cb293fc2c6907c1cc43bd9696bc219ea5836f6d8

SHA512
2f63af5914427c6cc8798ad9fb991d3e8e4d3a37ae5cbf2d389b05819e781e080e768b6719cc59e35336a047c3b47764ff6125e43ac058113450ffc08afa47df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
76772d0553524e18f36989ac70a0c280

SHA1
abee17dfe404aa53c2e6c30397ac6d11debb6f64

SHA256
f9683f6da89075246915c8df0f433bdc049df66fbdf8f935e9104e0d87a44113

SHA512
3e3f7a487277d7ca716f967a03cc446dab679b27c3b975b4b377c5df44ec3a2691fac9615a8e5c34e3005a793806e6dbfaa5d147c15f393de2bdfc1006c9d4d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
bc931439436fdf4330a62a90ddeea1fc

SHA1
b2d4abdb95d17d99ace87ece0ae61fc6a0b822dd

SHA256
9dc148502d95c3f97a47ee3a14328e73d743f56b9e4de200abfc7f2c3053ba19

SHA512
8461c56b33294cbdffe7435fc38c5e6417aaf41d584c5cc9bdb1181f10d96b5f84fd6f0a0628c2e37fc9a9f04c5df5750dc4a1f15a2c3e084d6e58cc162467a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
99c4c9c3222c401fb092fb3579d0fa85

SHA1
5e45ec5b64ec31ef4834ac2bb69e76b5bbdb85a5

SHA256
80db997d5cccc64bd15600fc1c2e8b0815c2dbad75dd6f18f12824d4b12cb31b

SHA512
956f39f4ad2397dd25c5e655c9bddb2d7ee76b1d4feac5ac918dc154e942bec47e6aca27a0e46e2fcd17d1961e1d5bd986ecf55d116714ca87c91db61c8bf05b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
8eb3d36bcbc953ec35d6eecfd294b548

SHA1
ca218fca6afbf7f859dc269333580fd5053620ca

SHA256
830e1fef644b6bd88578da1f270d85c508f4f7bbdb74f9a2b99e4c19d4b23cf4

SHA512
eec7dbe90374bd4dbe2013e97f957886304c3b9e5a3e62f89621c85a3d6d20f6a1bb0bfff094ac2fe4f1785105d3f22e52329da993dceac6ac919baef097fd45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9db88c03bffc58042edb6536b50141b1

SHA1
ab398e79d9373f2c26434a2680c8d6aa083d851b

SHA256
2315bc79f8bb732e832a2c938d9fed62309ebef2a7d748c107ab94634e2fe22a

SHA512
9ae17c35111a1dba7b142e9fabd13d796f0ef49b361a7982e810f1c1fd3bbc79066d5fa8ae304b968b95f1eb9d82d635f5f9fb92ab817ae20421d55058f6bffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e7b8b2ed69709732f32ebbbd2c778652

SHA1
bd4753a56bc106804cf5a854ae20fe14ab981876

SHA256
cdb434134d5879cb6707dd0f257abe76ffd5d43d5698e53eeb1c04b3da4f2b9e

SHA512
b0b2b80625d671f6775a8844c38a35393deb2b8880c83447d35ed5a05bfd18923cbbf4541874a81b1da9506da3ae4df4651e8f2e37fe3d43d56caa5f14a98bc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cfce45ca3b03537af7206b0ed613458e

SHA1
eab08d324fbfbcefb65c47a02e80a46556636a5f

SHA256
daed0b988aab431c663bd86ca61fb9e41312646597ae3e18d10a714f7b0635d7

SHA512
b9b53cd265e3dad081d4e2c1c3d5d10a0581b8b252923ef5321fa54a493be5f1ea9cd6b510227191cc55e7d00b51aef3482cc03cf10ccde8f692c4b55ff0e4bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580ff9.TMP

Filesize
537B

MD5
80f7902d41dafe109a6e717800c30fcb

SHA1
c8001f5cc0918607bcbc436bab91977420dfb9a2

SHA256
f7749b4b8f6c34880ddd5c9475cc577a5020a3ce1ce9b3fa3072e996516e9463

SHA512
b06efefe53da27069c3fcc8ab02c9387cd3ce3dfc2d6b045b8a76aa3058792dfd286ed61c382e933e2c810f9c63fba7360be623d1824f9c1a9021f03ead2d04a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
72124723e6d911fd4463e4610acbbb4c

SHA1
c14fde1e6bf7c167a4489a4a72bb625491f101c4

SHA256
45e98abf625c8080192a2472949e3b25909461c69997e205873123f41bbeaf8f

SHA512
5ae71fa25c75d3117daabfb7c6e377bfe17c40c79243da3b2510f1d43304403f891777bbf67760e428c9d5187b991c6678e33778316fa8b1cfcf28cf30a7b97f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
44bd5f2de405c3015d85a98d5c28ca2a

SHA1
3a47a911033f0652dfc1748b63db76729e4a4e09

SHA256
63c153fadcd034a18b8e0f08a4f6e4f4a562e7e252d6196f916d1964d5373510

SHA512
e12e2f31eae836b634d489290b2788ed44913522d0aa8c8eb7373602e4f14c11bb4df554f0e2c67751a74d007ddf5915a53a5c10eb01c048deb8a943f42e2d7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
100e7fa55ba0fd5ce7374affbcd117ad

SHA1
f022894159e4e742361f3af291919c696c649f55

SHA256
660703eaafcce5476f69484d8e35defa66bd0b1bde94d5f6669c321318540476

SHA512
2b546afd6a686c0d3cf9c113b6a5a4437d0616f437bb8b6e8ba4e40fa1e17c033fa8a0e041ba6e87102a6f2c348f0c5d29ce44c6d1b6e6b0476422133fbf8980

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.00.FusionApp\Bluewing Client.mfx

Filesize
857KB

MD5
f4e70a38709696e9bb9905dd55c0cdc0

SHA1
17296cd1e6fdfd4d777f7bfde2079cc0e7c1244a

SHA256
4b21a3b9a3a05bca6f4bf10f289ce5e21101dab764b740f2abc0e568c0ada4f1

SHA512
f8b3ec84b3a352b182083ae5dd6830770593caa3d3bd5918e7d58e8bf67cf0f2eddb26cdd3b4aeef1f7f939180e5ae0b815dea7535dfe8a2e1d6c6b21df98983

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.00.FusionApp\Perspective.mfx

Filesize
15KB

MD5
9f064bdcb066daa428db0ed9e33e785d

SHA1
3c0df73cf247ce49d1010fe0e2f722424fe43f4f

SHA256
090925a4cd961f22b1ecd2fba4ce04ab063e26507a1dc09b1d6a40c4860a8777

SHA512
4a510ce13c379e8cb5ccb9f9c69e28e9440f48156c8c4c1fef6987495cace7c028d45530ac961f47786e8f503f90c54310cb1ccf43d7fd584506461c1bd616d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.00.FusionApp\StringTokenizer.mfx

Filesize
76KB

MD5
7e4c1a0c410de0f23f591e338a6bf243

SHA1
95da8e10b784374c030b591574d51fce970e7716

SHA256
d1a0edb43969a1c4621527dfaaf6bbe97e63e9cbb495e615c3292aeb2a5e9ce8

SHA512
08c40b71b97be88c8e9fb37265503cf6f36bc7248dfd603bb69833c0f104af2fa90f22d2a3026c3a850c4949e8669f8b2008698bd18039e59131af6cb143bcbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.00.FusionApp\aiffflt.sft

Filesize
6KB

MD5
0bc2cc0ecdd4c4de5de9decb6a19f7f7

SHA1
3eb4101ba36b631aaed433f698c8260477d6faf1

SHA256
edcd28bc69e9538d90f4ab40ad86a67e3964b8a4575152c0b4c9c1c6833c00f0

SHA512
9d357afd70fdd2b5216816a12bd2dac8f3b9112e9425cee9b066993bb5a3732dfd7ff73a9ca7b72e927dec3950f17b87b3e00b3cacc2096571abbaf80ae6467f

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.00.FusionApp\aviflt.ift

Filesize
24KB

MD5
97b3b613ed1f994389b1a963b6e781c9

SHA1
13b38afdfd6ea283a2012bb8e5c652e13175440c

SHA256
cb5f43c24df39973b983b7fda4abcef60f425061d880c7dd9514b501b84790f8

SHA512
97cb23d76d926fe03573c127862b738217f91b0cb61517df7514597fdc50844ccb3d4f799b9a8b23b8da37a2b802ee2bd1e56b5e9fdb699bc3d511868ffd417c

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.00.FusionApp\bmpflt.ift

Filesize
24KB

MD5
a73a9c8e91ef95cf4eabadf8f7334abf

SHA1
763195d19f5467c593ab638dbdd0a0277a3048f3

SHA256
02d03c4847e34c9029cca452e37ada5ef40167406d4474a9393e11aace024c3d

SHA512
cb5f451d8e637d466fec2dde865d5daac5a15ea44b6e2ce0506070c123ffad506f5f9739a9ea440f01c8f331cc9d42802cc14f82e1252ac667fa7318bcdf3acb

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.00.FusionApp\fliflt.ift

Filesize
28KB

MD5
91b37f29180a7bcca82dd4682d677b3d

SHA1
bca27cb7ddb271e6649f264777e04970f5ad1276

SHA256
4b651eaa60da09038984a9b7027826941f61f6da58d3f57d11349c8c1896a6d4

SHA512
2fb10952f2671e6a42a9748279aa94e9ce9b307d57d562f9ebbaaa88e27ca96eda36a5fa209df0f791adab7e8d896916b30330ba759b9278cac4bff43600d6e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.00.FusionApp\gifflt.ift

Filesize
28KB

MD5
9a1a0b8e7045c06c47abeb52d861c377

SHA1
6a1c36eb8354f62d5eab6d7c62316fd7d0e1aa92

SHA256
8fadc250c2afc00b0430c5df576cfd2d444367ad928027334c5d03829241cf92

SHA512
918a672f82be50a42c237eeb361b971c724a1d7b11cab183dfd5125bdb7663cae588fa92b142dc99a88407a133bbe58bd7bc0c5c60d93287c470375fc094f079

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.00.FusionApp\jpgflt.ift

Filesize
96KB

MD5
ba4a1f5006fc3fc33f30e82a964cd7b3

SHA1
8099283e645b6ef523757afdf552da3dc9b72924

SHA256
5bcaaff4c698581603d4165308260412b38ac6cf708486b53bda3bc76241098d

SHA512
8eaa1bae465a0ddd498372fcc9bd9c2b3bd9ba861abcc9158a0e3b8cf14f2a6fc8aae8fb129f96ea090c023247dec56524b2f42fa25239c08145dbe7c664a11e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.00.FusionApp\kcedit.mfx

Filesize
32KB

MD5
62f67209e7995da3f14f4b697235a99b

SHA1
158248b41de5449ef647a2caeda431dc544aa59d

SHA256
1fb56c1a5fb313c8c51fead10472566328c9260aacc72aa8dde8d345acf53203

SHA512
3857939c51b5045030df233393597b9b56a0534a2ea570d748a002b19b0b20de16b0d5181cf9eb6180d24b4de0a159e21275d12bdc7673a3f891ce155db42325

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.00.FusionApp\kcini.mfx

Filesize
114KB

MD5
7c0cb7fdc0d3519520cd4b8137edbd80

SHA1
bd4eddd8316a51baf4a3ae68b56acfbba734f46c

SHA256
d1471b2685d45956c323baa2cab11dfe479eb1021f04e2949f03557527c5fc84

SHA512
601c16892bef77d5842e0778f27d4f82e19ae66333b2b75c9a34b3ba6441169946e1167ceb21ed270bddba305abfe50f2e8f8ab2e9dc410c96a31944e597034a

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.00.FusionApp\mmf2d3d9.dll

Filesize
1.1MB

MD5
72bb9180f8905c0da95566b778cdac5e

SHA1
e96145e8120514092b35f67f1f120b958997f921

SHA256
3cde7a9181ab63a42cd3535d279d0ab1397b7b78fa3ddddef832757ab2024101

SHA512
c2c8d8c74c53a78545e69f27a7fe1a6d1291888158962e93e16e6ec9950f86e74c68bd2eb50d04db0bff58e8dc93455aa384245991c5afe34abee36fef53710f

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.00.FusionApp\modflt.sft

Filesize
139KB

MD5
70498f33876a06f47b33e52195031b20

SHA1
6fd8f61459a0defe2680617fd98a4055f294756d

SHA256
103a430a1d385a8f98543f156c57960c92ed68e3c462d8ce1bff23fbc68c04e2

SHA512
e12ef9b5cecd9903bbe96c0cd67b624e5796265e6e995f371b23b707d315225a47248e45fb54c7b76edad9a0af62eccf1dadf850f0352ad8bf4d31f38c9e768b

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.00.FusionApp\mp3flt.sft

Filesize
24KB

MD5
dadc138be9d36e6e4b8e4bf9ef2de4bc

SHA1
2758db786c544ec7889f26edf9bc4634c9240af0

SHA256
ddeafda7b28bf7545e3ba164aa4a74219eb961c36bb974e0f5085a07daf18f44

SHA512
63a21c5eda225c7fb8a67595c3180d4fdc1bc37d3b45f839e1b562ef946bf5b2237a9ff17c3f6f5de489779bbb9652ac2a1a74b83f153883bd436756acf249e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.00.FusionApp\oggflt.sft

Filesize
130KB

MD5
0c8c1ee3ba92189f4ce21d1b396a2765

SHA1
b7daa4a6e16416151dccbb0a89f304961b6cb627

SHA256
9e589f86317d840df9bb74f6ee20c24ca65afe58f4009740382f63a0f5531941

SHA512
0a4339092ac55bac3b1bdfaaa3401020f8f49918bd2fdb14524f3d558eb840b876aedfdeb54a1da163fa36393abf3fe8ab7e112a34ea9d891e82a22e96c85ddc

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.00.FusionApp\parser.mfx

Filesize
30KB

MD5
5903e2efe098dae179c07d670ff836b7

SHA1
93a2ce92a28c646735790d2cc9ff8959cc6e0c11

SHA256
9813631f63f79fbaa741094786d4b13c34515ec4a33c0d4e88b75a20973c887c

SHA512
e39bb67dc8765558274f93953de141e17de18550912bf79a94a2cc998918d07631a0251551abc080363ea52444c1511f15458232d0c656d8f62550d33756e740

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.00.FusionApp\pcxflt.ift

Filesize
24KB

MD5
56f80b514fa7cc1dd7fb24ef195c30eb

SHA1
e61d7dcbbb623219c625bc67ed0f382f26308600

SHA256
c9e1db8689c11a87f9ab30ebc705eeccc0fbd909ca493a6f589d6a9a5c2a1b15

SHA512
f391e04bd3e67317b3bb1f9541c94782d14e8b8287f5fd3e2f753688d85cc38bf5164c8faa5dc85b8c44a480f81462a4ddc16aafe64313601d21a608b546e721

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.00.FusionApp\pngflt.ift

Filesize
288KB

MD5
d57365ca275388910be7b09d95ee65b9

SHA1
477e9afa81c0ba97323be56d15ade8fb17c45d78

SHA256
df948630fdb53ddad68d66994f5d2b18a67df32478b6b8b3720c28f40bde7b1f

SHA512
b6a7266c47245cdd5ccc1e4c1b490a22996cac3db53500405354d1a5892896f66aba255ff725808770489a199626a844a86cb80e081a47ed27671bd82ca1cfbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.00.FusionApp\tgaflt.ift

Filesize
24KB

MD5
00a5f50c4a0f8a2c8704fb0640dfcfb6

SHA1
960ff3909de1395de49bd9f36600b989851591ea

SHA256
756725f247592504d42c67257c3957e972ee490af06f12b00467b389e0ee6bbc

SHA512
2be74193a33f1b70f39be9a5565326d425ce02b6eb98b783f8749a209b95fdcbe8724c38c9dbd33e4a12b40756c5ad9177e557f62748b52be2cd7c4bc344b577

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.00.FusionApp\txtblt.mfx

Filesize
36KB

MD5
8740745e7af7926a0e7d3b194fb51fdf

SHA1
d7688925efd0287334d444a9e4bd584177ed0fbc

SHA256
09a214d9738946b14c4470ea95b45de41641e5d69b7559dbf336f7b4624859b0

SHA512
dc52c25b588f386cceb0eef912e0ac38ffb07443011c957ca3d0fda8c2c6d41e8fbcb33dfc1b7c5ff469216cd8c233d5025b88575bd10684827c18fb5ef52bb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.00.FusionApp\waveflt.sft

Filesize
8KB

MD5
57ea61dd14314ef155e80c6a0be8a664

SHA1
963b0ef2fe976ff77044a821fe1e29be4a8cf8a7

SHA256
92a5053cf5973a6aa228c738d55387f12f1dfa8a837d7b938c60f05b6b56b3ad

SHA512
cc23cb30d76d22500c3ed7ce9ee0388588309d0779441b95559fce25a42f1eff52ca285c347655f8b33c15b75f9d2067738a151f81f605d3b563799a3a06c9a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\Archive.mfx

Filesize
97KB

MD5
0d1416e079cc907971a7eebe49189eb1

SHA1
4e0ccfc37e738df826b526f3e7016b2c45e415cf

SHA256
c75918d99dd8983fff3dc51ea3f28ad7a9da8c84f273e5a20736f227626fb50b

SHA512
7f7cc470a74a5063f3a922d182a0e394016ac7ad97daca766ab38c63d837534df46cc4dffd88b0e5e9106e80db551568ee75dd35bb5fe22581bc2ed41a5f5d0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\Binary.mfx

Filesize
101KB

MD5
00104ea1a194f464ce9f3a07f8e8ef60

SHA1
847136560e78305dda19e84e62545c6ffe17ad9f

SHA256
7477898aee492bef0a8a57c9ebf236e1fc8beb48a5ea8e97009ce08f8ea20c29

SHA512
c5ee2890977b6561c4a1e39ffd4310f0c426b7adb9ced696a6f0b5ad3b1afc2b842e1c345f8d6f81346ead6d5966f3585dee34e3b1e9238d17c39fa435b5e4e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\CalcRect.mfx

Filesize
10KB

MD5
49654e589a72c00bfbfbf353d90ae0ce

SHA1
39624c026ce3d497a8c4d11d7fe73561b0ebdd1d

SHA256
5100136fb7f025af193daaf39189c746299bdba640867465faf52ba2125df066

SHA512
a855df3660e6ccc833e565cf7a06415941d8dffcdb193a46c4fac5b608c4371e3c3b678611011821c3c3fcb22ba38aa56341d380cd87a55a01af12cee51ec025

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\DebugObject.mfx

Filesize
327KB

MD5
c04f84e81173d326d73922d8b4b6fe11

SHA1
de49f894b1dde1e66eee79581c973d46eeb672cf

SHA256
2628aa956f956a20abb06db6b7e68937988271634722e5e354ade91dec6a6f3f

SHA512
6f9290d44540c1194fc5b9846f516feabfeca37e8a787aa150ec59dcc24416c1793c9f06bab0a2014e835091af9d08b64acf73f39c9d8f8f0a9f14abd502c2f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\FileReadWrite.mfx

Filesize
295KB

MD5
18ef42923c3ff3563dd3eaa1b9b1e7e7

SHA1
7d9460ef017a9d3a0fd9e50ce8de29fc4ced6d3d

SHA256
22dad1a35a73468156565c97f05658f1342ec85c0b6faacbbb85ae706788c939

SHA512
bcb448643b7ae6a189883b0e5a1789526739b77095ded5c12f63b40a6ceadda5266c3b0a572961eff9eb8202d65b8fbf183f61b26b79227dcfc3cd01f8fcdc13

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\FormattedText.dll

Filesize
62KB

MD5
a03920b4d31410398b7865c0504b7e7e

SHA1
b956e4ab1bc56484ed3e86197e68aadc6291f842

SHA256
c32833509d7230f4b9ede6141a663622edbbbfe8856e8ed8b96b200bce8c837e

SHA512
337bc2951cf21678b396bbb37bf0d6e099c6d9467660742bb54db7912b1ab9b56bd168b4afec9fc58ced12e3ec205b84ff524f62b7d3ea1382d4a2ba7fc48865

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\Get.mfx

Filesize
340KB

MD5
c61fd0d847df328fd6f0a98e4f030f41

SHA1
c3d8c3493818c44723e1466b411a3b5e188d823f

SHA256
791e717345991c4bf183c6450667498a89b59c4e8a5abb52e2751fde63d3ad43

SHA512
72cb1345af5834cbc89c9244c935cd62ea7a9d19d34a39eb6d69c32bd10302c1c0a9c0573278e6424bee1f0a771ea46e7fb907c630742dcfc6bbb572b393970e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\INI++15.mfx

Filesize
439KB

MD5
760454c677adda4b319272641680e331

SHA1
348f18fb00889c3058451c2f034b51d6965522af

SHA256
4f7e3cc575de56d815589db22a1d96760e2f309e58b9bde1a57e108bda069393

SHA512
62f4d9c151adf2ce2430028185241f890849b3b0c2a11b5cc8c0e74bb3c02f3246e3abdc4031b75d2aaba9f24c26e60b165c410c2bf7c4e0569b34882b8477a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\InternalList.mfx

Filesize
43KB

MD5
4aa45f130bf4122116051cfccd82e154

SHA1
a5ec3f0b25701eb81291d82c747fb31f83e34d68

SHA256
969dc2c8d04d1249dee62d415c7a143d4da716eec54bec11a1e6d140821985cc

SHA512
7b72304b0cf08df58cd56eb4fff090ad7acf9bfde4f8d9f08d4956ae7c7266d3cfe61c82f189a6efff945915315251442df1276378522140134aa3cb613e928c

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\JSON_Object.mfx

Filesize
233KB

MD5
764d0d42df08bed432d4dc1099606007

SHA1
d9484873687693a0c33c485664a4c3f053875683

SHA256
c6eaa6e7469900990aa0a0d7cb93583110c09fe4c74703a21e9a3805389d27b8

SHA512
6f434aab2422dea7a947e65bd8b1b037752f54d9c3995430daf9876aa18570bfeebacdb601869d40e6b66a67ce98fd809c5bc23231e06e1832b2a14f6b0a90d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\KcBoxA.mfx

Filesize
44KB

MD5
08ac00f4d05e68d8b5ab6870bf1f076e

SHA1
b8eb503bf860df5938df5cd59cea47392d129217

SHA256
1cae93696ec030be6317a338c3c8bc4274a53632c03ca60aab0bee59d361a380

SHA512
1da050749fb1e8f2917e550a86933b9f69cf4e972f1a166d0c24a2c9e1307fbad88aad36e7f1082d481c116f36e8e2b3327d630c136f02f6f465835fbd76db2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\KcButton.mfx

Filesize
40KB

MD5
b848bbf535366b6053f7bc8ab87fc5e0

SHA1
19d8a51062201531ff58c898925e53490c22213e

SHA256
94cea0df9febe19fc2e1a905bd7df0bdab63797a42a7006f14bc8838003e5a45

SHA512
cc6df5fb9ef537a255faefb890ffd07556bffec5abd6a914afeb004b77dede2db21dce1179a36b8641e7150e8c466345a58288835722639c1fbb7e5665122543

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\KcCursor.mfx

Filesize
36KB

MD5
7f13cd709928cf74d10925042a674e1e

SHA1
3e831d6b162a606368ed173807fe75029052e0ed

SHA256
947a3320e1d7d5d48dd4e86c76238c37f9e67388ceb24732023c47802733f873

SHA512
9a4c3b6420f70f5bbd994091fa6634bbb05f7b8e891bab71556a703c768870ef8271b27b88749d9eddbd006dfeaed0fb86950543f347ef71c27dfa4920040001

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\Keyboard.mfx

Filesize
14KB

MD5
379147b017adf10a89d052e0c4725100

SHA1
7da4f2d7a0f13aeece1c6b8b15deb78f7f01dbed

SHA256
b8ade45f900099033261e192da10d1a0c09d2d0679f34768d4e7afa00a84dc72

SHA512
c26d3b29366fd764b4f751f5a5c153d88cb161b1e29705941bbc14e615b5a5c7e1146f9a07cce09cc723479fe24b0a799f62537417f06c7f4f4abec0d2477649

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\Layer.mfx

Filesize
140KB

MD5
ef12eb1b8b4a804bca741734787fdfd2

SHA1
43b8f7571067bfd2d7762f6d5c69fb6978894f37

SHA256
b8612eb76d8967e49e9ba74a2cbd557096bacfbdb2c6e84d69d381b76d42052e

SHA512
55c2aa823ff69bea48948b04912e1d31465d9a9817ef53fda2957d44451d58fdb2efcf3c40c8431d26d8663f70729e57bbddaeca848ab4d6658f0d5b211d2f2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\ObjResize.mfx

Filesize
85KB

MD5
db5d30d3debd697a931b048aeea0b154

SHA1
ec17d9dff81e9a64ca78625fcd5236cefc8ef5a7

SHA256
7fd5c322d91978c517fd056f95a2bb6a3a55db174360ab85af26b2448aaebd89

SHA512
f00259421c6b52e62d775cd4617f6b21676f06e05fc3fc916e9a039cf0ef12ce2fc296a9ebbfe491b61b42b8b255f18fb02596130cbcbd92b298bf7c81d82378

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\Surface.mfx

Filesize
301KB

MD5
9abb781bbb65b1c9649d5cfc124a2ed4

SHA1
d49c6e43cfbd6f360013b907d09b6eb7a43b9d2d

SHA256
e6bd038aaf37b486d326d9e1dd1a1c2ebf8eff51809a564245006bf3b25ba976

SHA512
f396a57d441d657ee613be1f7fdccb27be5df9c34ca930dfe6aea7d95acca5dc25988212697b89e46ad73273f90d4c07f17c888892a8f74ecc9c22a72399a821

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\Yaso.mfx

Filesize
58KB

MD5
b4507e6a8030e670b5c3b1d774826584

SHA1
f252cc0f0c4f8b80073306fa3deb222fc25b7b73

SHA256
4d0b438258cc4ef0043e5ef78142db6fcf8bb34197116d4440d3988d13562b4a

SHA512
8eb6b82fc09d7dbbf5367ef1cf4e128854b3c225aa4acc5955f155680eb59d246c6d325c9f329c5d1d8e450c65741fd38c471c77fd8645da2f978cc514c7148b

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\bigbox.mfx

Filesize
84KB

MD5
ad6530e01a4827fba383291847e33036

SHA1
6ec72ed182478c050807c0e3270974bf34304aaa

SHA256
a427377e56a804f82a5bcf07b7d5afae920f8bbda2dc5f52ce6a7f84448a8bb1

SHA512
33cccc49302f3c257a3ed3b9d3bf0b2dbb347ccba3b6196a01ac317f83c2bd47c5cb9bf47fb677374b95590d62f5626aaf246a318999a4b07c5ee60c4c4ac863

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\binqload.mfx

Filesize
13KB

MD5
13d9156ac9e79feb01122c1f0aa8b7f3

SHA1
f7d458f8cb4eb26cfdfdfc2e2dcd57de224e6618

SHA256
e4f3b776b0d9502ec3328029648a0bf69f1293a96e0cb4815f77a4618eae0c10

SHA512
3829c93ed7ded88129db53024fc58f75add824d0959b902872179ab2472977a4f5b149a65928b559eb5efb376bf7fc15c04973cbb4e29c6d8e81f1d67e88aaca

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\fcFolder.mfx

Filesize
120KB

MD5
5c99af6a8984dd284ffe212cbf938dba

SHA1
92d5ba06e6841fd8b52f3b38ed75675510cfd4b8

SHA256
b69d14b730f9d527139719138a336a570127d62a4e27fbb0b9c6bdcde6504a57

SHA512
321ad87c61d190e2645e45446dfe910271428d7ccc7b396ee1453710bb99031b04604aaff7afb9b58cc3318caedf7cc797a1f6ed7c362288321b7a4a063067b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\fontembed.mfx

Filesize
15KB

MD5
f38352c344bd71eb21a78a1b69dcade8

SHA1
eca1053fa4ce77f96752f400d4ffac8f2f158d15

SHA256
38b5dba1524e47ff474d29bb0fb3d7b0476e554cdb82f2de09c4a761ab5645b1

SHA512
70134d7e2d4c589fc3ca5c52e005852d07e6b3cce91db00d32bf121611480601d007ead98c3e2febfdd1ca03a0c723fa46e9b73c0f497b315a6cdcb9f15afd56

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\kcfile.mfx

Filesize
116KB

MD5
fe2b4c6a45ce244f1c40f730008465c9

SHA1
9dfd41a915c19a4520a3024e9133e9a24e61779f

SHA256
7daa995fbf72b941859177b08b2785dc107f1a3deb99f6ab4c675d2b0f03a06b

SHA512
caf9e1bba2a5560b73c47d116f0f0f016a88f54e5397499fcd5b8a648bf676b93eb255a32fe7f71f0462b481737eba2d01cb9e790b75897c44ea741d73867b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\kclist.mfx

Filesize
32KB

MD5
de7d289ea419cc82784cefc87e652c70

SHA1
9035cf539cd9d3c14fdda73eb2c23452750cfade

SHA256
c83bcec56f1666d6871e077cc54d0ee7f6462773c03afbb301b9180a4ad0a31a

SHA512
f02d5aa3822218517d3c6f9114f0fb90c37ed7281ab09f3a868f251e2975d6da10bd1616a9e13eab0e1f138f2bd2e7953686d3cf7e18e2a67b1bba9fbd762ea0

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\kcmouse.mfx

Filesize
7KB

MD5
a3b924e8747962ba4d6f81bf31da0d2a

SHA1
2c4fcabbb62cb08c6931fefdffc9d3549fc65df0

SHA256
8d4440a3b4d2fddd45f90007e08a23c5ada0e1c715d0c59f4532305008e4366c

SHA512
11134d818446607c52edfed5b29c1a922fe90b594b15e36f3df9fda04b4fb8a713c3120e6f643d327a3f29b211a6b15a8d40389b69fb6302db3defcfe5328be8

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\kcpica.mfx

Filesize
32KB

MD5
3b25566c7b6af3dfd861bf18e52284b3

SHA1
27f6b8678153680500d1a9e1f6a746e98e3eec30

SHA256
2208c9a3f3d5b78bb1f630dec0670aab89d9edb3026c93fa9020a1a12efbb515

SHA512
1026c99db8231dd57225da614389fad4c61b2eb60b52b91aa5ce34cbfdece34e1ace62c880a378b7e088fbdd0dfd872abaab71aaef586f3b57a8b9c6281665cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\kcpop.mfx

Filesize
10KB

MD5
44557bf7ff780cfa6019c0c4119fb54a

SHA1
e02f00a1f9b9eae1855ca0168c362bd389fd6b8d

SHA256
28726ae556cbe1e2b4995ab135da1bfc72d0bc4e4f56d821e95dab738eed61a6

SHA512
071c11c89f59397b873d540561bc26f96651b6647f991b34ccdbb22809a16241c5e0167e892d3b660038d3fed5089c20a19eea1ca2a8607acdb6984d84cdf62e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\kcwctrl.mfx

Filesize
79KB

MD5
2c34e977f898ab60eddb72075c4be223

SHA1
adf883dd06e5ae340a03e6c22a56a4c0caf909ea

SHA256
a0ada42e3a4760097c1c2f98905f12b19de47159543aa21e1c604dbcac7337f2

SHA512
73402857d09e5a0e8049bb7adf3bbfdfc9ac65966217751cbf6db2bf532aa3f92ffc3a1a5dcda638e83d6ede29ebe6e760cbad74d27aa6fa006c9296607d3c37

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\mmfs2.dll

Filesize
510KB

MD5
1e0e5acec2f2d3567c40491e39aa8f50

SHA1
101ec3bbd32c005b12b38c0f7988faa9329a019f

SHA256
6c9ff6036404e71b0bc2c12bc739eeef0d9200925f5796487af2aa4ef5c5ef97

SHA512
80bbdd2dcc44494a53b14098b7e99db7c20b40650938454105b423e70906ad7371274ed73d3fccd114b9396112a695aebf37f6916976a972154cd562d10e01de

Download Submit
C:\Users\Admin\AppData\Local\Temp\3d67dfa2-184e-49ac-a86b-2f96cf64c6da.FusionApp\xlua.mfx

Filesize
789KB

MD5
7ebf30a8f141d2e3147df95183cf61aa

SHA1
0f6f19a0aa6ea7a7be4ce4debffa9be5b3b5e201

SHA256
6fc403434aef71199df48b329f2f05d19858bd0caa4f480fd6d60fbc31324dc5

SHA512
1b76e01678dff90b9b2f33ac57ed2cf71a34bcffcc601bd193ab87362818176c80bdc2cb11727b8741de95dd50c10d4f6ec94ebf9583f84eab316782271f5ebf

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 397971.crdownload

Filesize
25.7MB

MD5
741a1d4a41fdfee583e12a9f8430e537

SHA1
d44bbdd4aa8bb24f478e169edb6904841074c96c

SHA256
282db9ccda5e54135bd3e5d2ae32ecf4c0c2e93501eab1a223039963db5700bb

SHA512
fe1eaefb2c0b8078bc2c674afab836c2d015a9b7d0bd2c63ba8b1077962c1249d09ba2ce7b37cc033553067141a3c3c4a0036b295c523e76cca3f652c6729ecc

Download Submit
memory/2564-598-0x0000000003CD0000-0x0000000003CE8000-memory.dmp

Filesize
96KB

Download
memory/2564-470-0x0000000002A80000-0x0000000002AD5000-memory.dmp

Filesize
340KB

Download
memory/2564-551-0x0000000002E60000-0x0000000002EB9000-memory.dmp

Filesize
356KB

Download
memory/2564-568-0x0000000002EC0000-0x0000000002ECE000-memory.dmp

Filesize
56KB

Download
memory/2564-540-0x0000000002DF0000-0x0000000002E06000-memory.dmp

Filesize
88KB

Download
memory/2564-455-0x0000000002A00000-0x0000000002A1D000-memory.dmp

Filesize
116KB

Download
memory/2564-521-0x0000000002C70000-0x0000000002C8A000-memory.dmp

Filesize
104KB

Download
memory/2564-444-0x0000000002990000-0x00000000029AF000-memory.dmp

Filesize
124KB

Download
memory/2564-621-0x0000000003EA0000-0x0000000003EC4000-memory.dmp

Filesize
144KB

Download
memory/2564-579-0x0000000002F00000-0x0000000002F14000-memory.dmp

Filesize
80KB

Download
memory/2564-511-0x0000000002BE0000-0x0000000002C2F000-memory.dmp

Filesize
316KB

Download
memory/2564-504-0x0000000002B80000-0x0000000002BBF000-memory.dmp

Filesize
252KB

Download
memory/2564-498-0x0000000002B60000-0x0000000002B71000-memory.dmp

Filesize
68KB

Download
memory/2564-557-0x0000000002E30000-0x0000000002E3B000-memory.dmp

Filesize
44KB

Download
memory/2564-614-0x0000000003D30000-0x0000000003D83000-memory.dmp

Filesize
332KB

Download
memory/5744-750-0x00000000033B0000-0x00000000033CA000-memory.dmp

Filesize
104KB

Download
memory/5744-785-0x00000000036B0000-0x00000000036C4000-memory.dmp

Filesize
80KB

Download
memory/5744-745-0x00000000033E0000-0x000000000342F000-memory.dmp

Filesize
316KB

Download
memory/5744-770-0x0000000003640000-0x000000000364B000-memory.dmp

Filesize
44KB

Download
memory/5744-742-0x0000000003310000-0x000000000334F000-memory.dmp

Filesize
252KB

Download
memory/5744-777-0x0000000003660000-0x000000000366E000-memory.dmp

Filesize
56KB

Download
memory/5744-759-0x00000000035B0000-0x00000000035C6000-memory.dmp

Filesize
88KB

Download
memory/5744-765-0x00000000035D0000-0x0000000003629000-memory.dmp

Filesize
356KB

Download
memory/5744-798-0x0000000003860000-0x0000000003878000-memory.dmp

Filesize
96KB

Download
memory/5744-809-0x0000000004490000-0x00000000044E3000-memory.dmp

Filesize
332KB

Download
memory/5744-814-0x0000000004600000-0x0000000004624000-memory.dmp

Filesize
144KB

Download
memory/5744-738-0x00000000032F0000-0x0000000003301000-memory.dmp

Filesize
68KB

Download
memory/5744-725-0x0000000003200000-0x0000000003255000-memory.dmp

Filesize
340KB

Download
memory/5744-717-0x00000000019F0000-0x0000000001A0D000-memory.dmp

Filesize
116KB

Download
memory/5744-712-0x0000000001990000-0x00000000019AF000-memory.dmp

Filesize
124KB

Download