hxxps://fusionhacks[.]pro/cheat/fivem[.]html

Resubmissions

24/08/2024, 20:08

240824-yw2tesyejm 5

24/08/2024, 20:06

240824-yvemhaydmq 3

Analysis

max time kernel
371s
max time network
375s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
24/08/2024, 20:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://fusionhacks.pro/cheat/fivem.html

Score

5^/10

discovery

Malware Config

Signatures

Suspicious use of SetThreadContext 8 IoCs

description	pid	Process	procid_target
PID 2004 set thread context of 3172	2004	FusionLoader v2.1.exe	133
PID 6080 set thread context of 5436	6080	FusionLoader v2.1.exe	136
PID 2192 set thread context of 4388	2192	FusionLoader v2.1.exe	141
PID 3224 set thread context of 3940	3224	FusionLoader v2.1.exe	144
PID 2892 set thread context of 2736	2892	FusionLoader v2.1.exe	147
PID 3656 set thread context of 5964	3656	FusionLoader v2.1.exe	150
PID 4568 set thread context of 5148	4568	FusionLoader v2.1.exe	153
PID 1804 set thread context of 1740	1804	FusionLoader v2.1.exe	156

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\FusionHacks.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3068	msedge.exe
3068	msedge.exe
3392	msedge.exe
3392	msedge.exe
2548	identity_helper.exe
2548	identity_helper.exe
2072	msedge.exe
2072	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
2864	msedge.exe
2864	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3392 wrote to memory of 2704	3392	msedge.exe	79
PID 3392 wrote to memory of 2704	3392	msedge.exe	79
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 4688	3392	msedge.exe	82
PID 3392 wrote to memory of 3068	3392	msedge.exe	83
PID 3392 wrote to memory of 3068	3392	msedge.exe	83
PID 3392 wrote to memory of 424	3392	msedge.exe	84
PID 3392 wrote to memory of 424	3392	msedge.exe	84
PID 3392 wrote to memory of 424	3392	msedge.exe	84
PID 3392 wrote to memory of 424	3392	msedge.exe	84
PID 3392 wrote to memory of 424	3392	msedge.exe	84
PID 3392 wrote to memory of 424	3392	msedge.exe	84
PID 3392 wrote to memory of 424	3392	msedge.exe	84
PID 3392 wrote to memory of 424	3392	msedge.exe	84
PID 3392 wrote to memory of 424	3392	msedge.exe	84
PID 3392 wrote to memory of 424	3392	msedge.exe	84
PID 3392 wrote to memory of 424	3392	msedge.exe	84
PID 3392 wrote to memory of 424	3392	msedge.exe	84
PID 3392 wrote to memory of 424	3392	msedge.exe	84
PID 3392 wrote to memory of 424	3392	msedge.exe	84
PID 3392 wrote to memory of 424	3392	msedge.exe	84
PID 3392 wrote to memory of 424	3392	msedge.exe	84
PID 3392 wrote to memory of 424	3392	msedge.exe	84
PID 3392 wrote to memory of 424	3392	msedge.exe	84
PID 3392 wrote to memory of 424	3392	msedge.exe	84
PID 3392 wrote to memory of 424	3392	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://fusionhacks.pro/cheat/fivem.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xdc,0x110,0x7fff5cf63cb8,0x7fff5cf63cc8,0x7fff5cf63cd8
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7784 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8700 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8084 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8056 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8628 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4972004755669916701,16812147229347520306,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:2456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2492

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2368

C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe
"C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2004
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3172

C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe
"C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:6080
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5436

C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe
"C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2192
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:6096
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:3704
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4388

C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe
"C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3224
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3940

C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe
"C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2892
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2736

C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe
"C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3656
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5964

C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe
"C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4568
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5148

C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe
"C:\Users\Admin\Downloads\FusionHacks\FusionHacks\FusionLoader v2.1.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1804
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FusionLoader v2.1.exe.log

Filesize
42B

MD5
84cfdb4b995b1dbf543b26b86c863adc

SHA1
d2f47764908bf30036cf8248b9ff5541e2711fa2

SHA256
d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b

SHA512
485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9828ffacf3deee7f4c1300366ec22fab

SHA1
9aff54b57502b0fc2be1b0b4b3380256fb785602

SHA256
a3d21f0fb6563a5c9d0f7a6e9c125ec3faaa86ff43f37cb85a8778abc87950f7

SHA512
2e73ea4d2fcd7c8d52487816110f5f4a808ed636ae87dd119702d1cd1ae315cbb25c8094a9dddf18f07472b4deaed3e7e26c9b499334b26bdb70d4fa7f84168d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6fdbe80e9fe20761b59e8f32398f4b14

SHA1
049b1f0c6fc4e93a4ba6b3c992f1d6cecf3ada1f

SHA256
b7f0d9ece2307bdc4f05a2d814c947451b007067ff8af977f77f06c3d5706942

SHA512
cf25c7fd0d6eccc46e7b58949c16d17ebeefb7edd6c76aa62f7ab5da52d1c6fc88bde620be40396d336789bd0d62b2162209a947d7ab69389e8c03682e880234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a2d0a16fcf0c2cd_0

Filesize
160KB

MD5
f5670684fef356cf106d540da792915d

SHA1
9ddc9a739058d31d61e53bb38cecc8fd41251fc8

SHA256
8d9a9e91a286e80c1ba53cdba7fb7d8317ffc4d48fb4d6edcb2fe9c233082c37

SHA512
dbc2793f7c28595387d955011291a1369b3eeecb7f9b99301538b2b465011642e8a5b406c5b6905ddc41db02815aedd71b7ec44657aad108a8b8b566baad594c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\481963cd074f1a48_0

Filesize
268B

MD5
0ccbe4440cffd6428995dfcedeb99389

SHA1
79ef5a5f2314ee11f946aa3ec8f017d1b4015bb9

SHA256
badaf2c558524990ff66a7a77fe9f59665d6b0f936090a21983b60e43c6b342e

SHA512
1cb72906c674469b2b8b4f558add66a04646b028a890385e81200945ca7ab0049bc41ec89719e17a71047e07a99ec3107a5828050acbe9587cdea6177bf53ba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56d6f409590db490_0

Filesize
55KB

MD5
5ba9bfc3000e94db3e99ad0981bc08a2

SHA1
67241904c9b88cc76768c2d84277ef582dbb1bf8

SHA256
00c43c587fc998fb93ccd1d0818d7ca5b1f71691640988a1fdaf1e812210ee96

SHA512
b0aebf7344d22c50741c21c242ac32a2dc44e2d9e8595cdeb0c57253b294f4ea6e08b09e6afbde09301ee185a55a5decc436bab104b9112275ca475a210368fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a8694aaa036738a_0

Filesize
23KB

MD5
61f67be3867ed82abb574cdd84720f65

SHA1
aa1af4f9672535d277d73c3c9a937a8dfb0f058d

SHA256
bb66eff8aba17621e1498642bf05fbf2385e1fa51751260e23a50308c0b763c9

SHA512
34b7ac255752d9921589ec61958c9b6c369091663298af070d1ce222be3ef852722697f9672600a1e285781463343e99d2499c14eefb21d5e7b933bc54f55b5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af0c1783c7ba99e0_0

Filesize
282KB

MD5
337b48bd6db54b8889c64eaf2cdf8546

SHA1
d1350daa68c67e215e6f2db977b383214387ae8e

SHA256
978929f9ea447c13ca983d7c67f09da6fa3ae2d443d8dd502c4c973e1fc6586e

SHA512
6b8a34a9bbec8544483f6363c316f4e513c8244ae85901f488ebda22a19dec790231266b7d6eb12635c311de30833ab8d2994e7ae0de0e4594a165aa94e0eaae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b13d9848aa9ac2f2_0

Filesize
278B

MD5
65212b752242b7afc410230f55b8869b

SHA1
f66608601b8a925ed18552e729aaa87e1781d7fa

SHA256
c6f7b8c2129c91a971a6b65f88573b51349016b316c9b256bc4dbfb4d6dfda2f

SHA512
8cd0fb522f9803da20290b4d441493cb747e43abc11a628cc3dbd361670826ec1c6ac797d3b2811c0082783f1d7515a3f27fc65beb0f30a63ba0b5a0cbcc8c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c472784dec098560_0

Filesize
14KB

MD5
19a6341e0afbde25e59e7a807de69426

SHA1
ebe8fdd089864e081019be9d9e890d90075645bd

SHA256
d444788115b426220033b6e19ff7b55177be92e9b12b522359a3a0572e689e29

SHA512
54c98ade9dee0f0455b91848039e45da26487da64202e6159fab57ffe8873c4fda37acc8db21716d57ad1ceba3fecdea92414445c333a1f00f8f32177c0a2ab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d92271eebbed83e80a55e964a7fc2e3f

SHA1
7a17e05ec8fcdc274865751561c71c5093c54a54

SHA256
39e1c826f7e24de0e86f1ab9dfcee69d903715d7aec668554efe0579d18d38e0

SHA512
6bd10676c15d0bf33e7379633100e429b713df547bdd089fb93724f533e9961d7802577be13daa0c4023d7abb76d01eb0716b2ad59946c001b753313c033d260

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2842048a13babb2ee1048887cbc7fbe3

SHA1
c96b6bf4ed3671294418dd7bf6d08dcbdb7e86a6

SHA256
9e650c61a1434518dccd3945897aa4f412469f79e702ee7d8c762389879bfaec

SHA512
f65a88eaef140f426c734e76303fd0ec7b2467ff547515c37e2315338db5e1d6b856b86395f3214d67fe6a7ec11cb86b4cb61ebd3d14ddf37d571766a5cdad45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
918b6781155226f2ee6b2b69ba7f06c1

SHA1
44fd6bd8a2f769229e6c45b17e6bb7d2092b8adc

SHA256
6879ab4928e58b5dba7074e7ee0442d9e889b2a778c1e1b2be97fd8f261b8341

SHA512
52fa0d44d543eed78a903fb4564f9acf93b738af4611206325d07d18a009f58f9a0ac5342b5f4e9c23557c5534eaed9b7e1f2de7a8eb65129275299a11a2c3dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
53de826880ace2b75dc7c6a1db1db85d

SHA1
f93f9c8ceb418a30692613d5e75135329082ce93

SHA256
aa8b28b44531fb3519c99a145438e3ac240ddd1a85a6eadd91dfde1006618e49

SHA512
d13c6d03cfeb121eb9e449be00a7ab6b723b804492d6a53d0162ac34a9e454c35278c246a47465bd980cc6362c303d4b615d3b1357829c85da2a0dd647b83811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
848003b66e7dd13a434efbdb199a235d

SHA1
0fb0ba3ef54413a4c65f26e2608d4b996d371172

SHA256
aa5edc2724c0429bd1ebd490bcf8ff60114e6704fe99196963c216ee8c3700fa

SHA512
00da073eab114a0595a1a8fc9a50ba2e603493908dc5bb4e9d22f8cab109735387eadf2cf0e4a6396680470f15bc1b922f59131250689036d73e3bfa6ca63ef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ea3276d02e25daed74ed3a7c20aeccae

SHA1
ee0067f373acfc84d90c7ff27331feac822cd251

SHA256
ee62f7869228d43dfbb47a7269f5682fdb7b77bd2b4c657ca972591e5c3819b7

SHA512
bb3ace936db17080d123c8d69030115dfd62859ee3501b9070740b919e3e4e081cd1bb081693a3379563a2541704fea6b6d1cbbe6a328e2108490e5c50761bce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c4bcd7713e0f29a9e9ca4bad9660d726

SHA1
4f44d2d79bd66de6c743a58c010ece97c6c547dd

SHA256
d4e0ac79dc9ed7542e798a48a0d485dda4432d0047828f27ccc297134115aa33

SHA512
3001ddb67cc62cb35ac20bc3401605e9c69012e71401ff19c55a01410c0683ea242ff44848d4cee1842a69eb89a4050dadafc86b50aa3633cbd76ccb826c0b2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
4537c9a2be5dfa1f4ca97b23d701baea

SHA1
806d5d0c3b51d0c9a11de77d2036a7047314977d

SHA256
d9058cce666e7ce4bb2e5d78260e41e80fca99e236db9b00051a90d32111610a

SHA512
46b482f1c86bdde106f1c76108128d2d8ab71b37ac34ff1c74224665788c81f7769533c3529b73f043cacb51f0ac56248105c441a00e678ecda0233d2de1804e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
48a199bce0c6649f9785a63d084cb76a

SHA1
9ad674f0b69a82526d70440c0044f96e16dfa00f

SHA256
1cf7db0a914c521f26858f099e1175fe8fcce1d0056f4cb06d6c909b2ddc9921

SHA512
45dc4e0e8fba58d0cd895e9f90cb367deb365ac784e1426b51ccfdc00d080bc755ca94e380d95e1f2245f3ca6c6830b7b5f0157bad69592b6eab65de260463b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
f4c67e9494e755e026beae6b947609d5

SHA1
10e28c6137840ebdf34c2cfbf900ecd43239d9c8

SHA256
98bb7872682bae9110b52520183c1d630d742b83d07cac54f33e89c0facbfd05

SHA512
c1e4a2ecf633851a7a69003767274a8ed1eb392f4945d2d5449a7237503163fb008de2c5a7d4d3e0c4ec9cd0acbe90d1ab627d01d1ecb0d89209c88ae479dd63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a6baee3b93354e8e7e1e2a31056154f2

SHA1
b5efff9b06b558fb8d5724d161f1324e10cff159

SHA256
05ae4eea17ae3cf7390846a8a52c59e296d1c18e1769a411a30ceecfa4731330

SHA512
1d56514168747b44916d096ed03cdb4a79d7e2c25789bb4d78686ca04821e058830cfd28a67ed03786952ee771e3928abe9d59e49c95ad4f420d74757af74bf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
4051364cf25d6b2650f1f47ffb544723

SHA1
47c8232b8ecddf7c11f5a6633b97aceecc2484ad

SHA256
6461ab070d87c0988c33b85ad6bbafbf592264b262a4146724385e84146f5714

SHA512
233d344c630e90acc40c98fd582d802284ab1ce446cfb99636f0a379eb3939586b87d38cd6121e8aaa95b317d58f34f3497842c1da5928f3ef3d58ae4d41855b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8e3dc8c6c46250acbcde6e55a056fa15

SHA1
56bc6aa27fd7aa694af46c159e347b5c450a1bff

SHA256
53001dd2637d4a199597341048d8f1449170ea37027af8371dad44f216eb4524

SHA512
23be1ecc967c0b0bfa1055125cd877b8fc933dc34d45f47bb410367e7bbb26b0308714775d9d0ceec332585dbbbed49c189284bf90caf6ec846e1068396707be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fcd02e81efe46608e06aaee3f2fde07b

SHA1
69b4ac6e2ece2327f9ec4f1b623f6aeb692cfbc7

SHA256
7c3a973abb882f144b29612b02bbf989cf3decf58f418527c58e06fa19e4354c

SHA512
2b73fb6bd23166ede8d63e1e07a655d768afa3cfaad7abb3e6e2f67fce7a473234f13b9a1a7b7e8b23cd440ed7f862bf3de168e38c86264f9911aa67a74c2f6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8b95f34f415d800771cb550a2eb9f4a2

SHA1
a2ee9930a5cdfa4c0bbcf004628bfe542958e7aa

SHA256
5506f7ec43c76f1770fb48186a0ac648951889740966f5ea82c5cca1add9cf9b

SHA512
e21e15b742eadc50306ee7ef896fb6ff8108b41c176d9a9e98bc46ac0eff52e97fc7465b00bb04c3b3d8a77c1437e81ea00d453c3f247881b7c026f1be9c9f55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4bafee278e3560936eb3296e5f3a49c5

SHA1
63c82849a1bb4b44361a1c4ec85304e5a7f3a230

SHA256
afbbf6442ff855eff75653eac13a38f423ae5e2352a4476f0191555d4ba7cf1f

SHA512
d99f5a9872cb3fcdf5ffa6a1fdd046e001058bb9b709777ad434fde799d42adb69abe31f52fb63f8808cec239afb833afa72f0f6aecda1026670f15138ab267c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
62070552f3a35e10e5412111f97f66ff

SHA1
ca4a18f9d6c5991050bb36c770130fc3a6df3003

SHA256
d9ae85cd33df30a942c380b23e6b9be8c30fc54d592d18c39337bb3f2a2a2aaa

SHA512
e648f9e6901aac49d4031640967af0b9d33bcf585f527e3daa6f1bd9b6a7d1f1feccbc754d08f77ae6ae90f5d918a6b491e7d0c2befad5959e7a17ba2c3bdb4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
399e67aefaa2712532100f6304b450ae

SHA1
1f35bc55688651dcfcca9b9a6efe2dd80d7ab68c

SHA256
995d26764181342aeee01f8af41e93961433665e7393d0b61999a8803b3406bd

SHA512
aade58c9ee28080f571b31f70d4657d87ee7e9a36aef35aff88455601a6b1ae35077115a91d31e3e78635c7156e4e269a151bc49d1ae7ed43128a1fcb4d581f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
799c16ee769c2837721bedc39e9586c0

SHA1
255744f40009aee44b06c2530f0d5337c9a4b56b

SHA256
cb72c14790c9de5b9c270d1e088fa861b6bd3ca95f7326a10b84b4d7a1ad08c2

SHA512
5b9019e72cbb51024894bdfac029692cd857470130e358784260d2ae64ecb35fbdfb24f410c63bc21a37d1cc2fb77c75194be9f027f06b1db94c2a37496044f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
14b8ea8f0ab99860e14f9f0b71c23f42

SHA1
19980681a6e8d7f8b56270c6871114a48e6be49a

SHA256
6c47d159b3eca8bdeb8ee075a0315aab7364b66713d3f505ebfc9c0ba6cdb3ad

SHA512
582b413c119fdb83eecfaf819e85c2448846ba6be45636222b935dafb1714dd1789b2e61aa382ea7dbc97631c2a1e0d0d7a4193b3ccc1e2b73722bf047f4e9ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
497971e8fed04c3365934420fe52049a

SHA1
747e91ec124e9a3d0a09546a5325ba7cab9e4146

SHA256
ccbb6def2ed1fa24da0245d77d7f7aa7f93cd11de0eba682726d64f035addc59

SHA512
6cf151ae3a10b9a64d7f6fbe752f26e36d059d89efc63495f8b6845787da8443bc06fb2f613e0f88702d500a0e860593893b1a3cd45f802b8647d45c3a85f659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7075499e41f4191d0e4be9636de39ffc

SHA1
0c55b6c8e292dd34543dbc9fb118ed13c10c1f5a

SHA256
c6a81601382fd25fdfa04565f69f44beae5bc656a3e99aa375c2cfbcb8ed41f0

SHA512
abd03c9a7bc993bd2cf715a8873aa4db2e38eefe112ec228827bb45ad64417e6cd38b863fadf2249bdcd947c7558927954927d2acf0b1ea49cd4ad6614702f46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58626e.TMP

Filesize
2KB

MD5
851f78c454c82c98808e1b40063de8d1

SHA1
ca2a378b94a1097f5808be73dad83b6bba8d2700

SHA256
7d4c69599d635db217dc36f762fa58a5b479079492e5eef5b5ebe97e6b7e4e2a

SHA512
36eab18074d7844cddd9a36d32f2aa19236aa15ef0bac83a128b7757f2c0fc1e330a57f22ada39117e9bbd1ab09b8a511396e86269f73ce24b3bae6614906a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1c3695dd2e17e8dbbeac52a082dda0f9

SHA1
c57fc47ef8bb93b4a1e1ae28ff45c94895a4c397

SHA256
e90b73f53f6c87816ec691ed5d68d5496aca9320f74966c2cb7d1ba5cbe52ffa

SHA512
35e3fe576890d433460dc64681d5208216644d715655c8e7d9d081a1bf7d37b3de2a07870eae639961a78c1f76ffa28a9034b453babc7122a7b724562ca4e53c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2ceb08e00ed531dd3e4b28704a0be524

SHA1
71645b34c6632010f713a73c06e2171711cc0af7

SHA256
33880c4e580695e5893942e54c420ba8bd9a80d5c005266437c46e1e6cecfb11

SHA512
2119655cf45ed483e18320653062d4a0eb450f776c9593fdbff34d3b6f782cc4ae2923d6ab6144c8343ffc74787e281f768033c7dd6d9b44cbcdb9ea81aee7e9

Download Submit
C:\Users\Admin\Downloads\FusionHacks.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/2004-638-0x0000000000730000-0x000000000077C000-memory.dmp

Filesize
304KB

Download
memory/3172-644-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3172-642-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3172-640-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download