Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://fusionhacks....

windows10-2004-x64

10

Analysis

  • max time kernel
    216s
  • max time network
    215s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-01-2025 21:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://fusionhacks.org/cheat/val-176.php

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://toppyneedus.biz/api

https://suggestyuoz.biz/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Executes dropped EXE 4 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 23 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 58 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://fusionhacks.org/cheat/val-176.php
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5068
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbcc2046f8,0x7ffbcc204708,0x7ffbcc204718
      2⤵
        PID:4596
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
        2⤵
          PID:3996
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4112
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
          2⤵
            PID:2828
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
            2⤵
              PID:2452
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
              2⤵
                PID:5044
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
                2⤵
                  PID:3576
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1528
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
                  2⤵
                    PID:4768
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
                    2⤵
                      PID:4208
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
                      2⤵
                        PID:768
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
                        2⤵
                          PID:3084
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
                          2⤵
                            PID:4956
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
                            2⤵
                              PID:4436
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
                              2⤵
                                PID:3576
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
                                2⤵
                                  PID:2944
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3412 /prefetch:8
                                  2⤵
                                    PID:2624
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 /prefetch:8
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:3456
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6632 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:1568
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
                                    2⤵
                                      PID:1316
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
                                      2⤵
                                        PID:2856
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
                                        2⤵
                                          PID:2604
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
                                          2⤵
                                            PID:3400
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
                                            2⤵
                                              PID:4296
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
                                              2⤵
                                                PID:4208
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
                                                2⤵
                                                  PID:1280
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
                                                  2⤵
                                                    PID:1952
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
                                                    2⤵
                                                      PID:4412
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2108,5566108890281441330,13735483466898079158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6672 /prefetch:8
                                                      2⤵
                                                      • Modifies registry class
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4232
                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                    1⤵
                                                      PID:4800
                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                      1⤵
                                                        PID:1740
                                                      • C:\Windows\System32\rundll32.exe
                                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                        1⤵
                                                          PID:1280
                                                        • C:\Program Files\7-Zip\7zG.exe
                                                          "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\FusionHacks\" -spe -an -ai#7zMap30218:84:7zEvent12602
                                                          1⤵
                                                          • Suspicious use of AdjustPrivilegeToken
                                                          PID:4256
                                                        • C:\Program Files\7-Zip\7zG.exe
                                                          "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\FusionHacks\" -spe -an -ai#7zMap10756:84:7zEvent11563
                                                          1⤵
                                                          • Suspicious use of AdjustPrivilegeToken
                                                          PID:1768
                                                        • C:\Users\Admin\Downloads\FusionHacks\FusionLoader v2.1.exe
                                                          "C:\Users\Admin\Downloads\FusionHacks\FusionLoader v2.1.exe"
                                                          1⤵
                                                          • Executes dropped EXE
                                                          • Suspicious use of SetThreadContext
                                                          • System Location Discovery: System Language Discovery
                                                          PID:180
                                                          • C:\Users\Admin\Downloads\FusionHacks\FusionLoader v2.1.exe
                                                            "C:\Users\Admin\Downloads\FusionHacks\FusionLoader v2.1.exe"
                                                            2⤵
                                                            • Executes dropped EXE
                                                            PID:944
                                                          • C:\Users\Admin\Downloads\FusionHacks\FusionLoader v2.1.exe
                                                            "C:\Users\Admin\Downloads\FusionHacks\FusionLoader v2.1.exe"
                                                            2⤵
                                                            • Executes dropped EXE
                                                            PID:1464
                                                          • C:\Users\Admin\Downloads\FusionHacks\FusionLoader v2.1.exe
                                                            "C:\Users\Admin\Downloads\FusionHacks\FusionLoader v2.1.exe"
                                                            2⤵
                                                            • Executes dropped EXE
                                                            • System Location Discovery: System Language Discovery
                                                            PID:2660
                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                            C:\Windows\SysWOW64\WerFault.exe -u -p 180 -s 840
                                                            2⤵
                                                            • Program crash
                                                            PID:3320
                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 180 -ip 180
                                                          1⤵
                                                            PID:4396
                                                          • C:\Windows\system32\taskmgr.exe
                                                            "C:\Windows\system32\taskmgr.exe" /7
                                                            1⤵
                                                            • Checks SCSI registry key(s)
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            • Suspicious use of SendNotifyMessage
                                                            PID:1620

                                                          Network

                                                          MITRE ATT&CK Enterprise v15

                                                          Replay Monitor

                                                          Loading Replay Monitor...

                                                          Downloads

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                            Filesize

                                                            152B

                                                            MD5

                                                            99afa4934d1e3c56bbce114b356e8a99

                                                            SHA1

                                                            3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

                                                            SHA256

                                                            08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

                                                            SHA512

                                                            76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                            Filesize

                                                            152B

                                                            MD5

                                                            443a627d539ca4eab732bad0cbe7332b

                                                            SHA1

                                                            86b18b906a1acd2a22f4b2c78ac3564c394a9569

                                                            SHA256

                                                            1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

                                                            SHA512

                                                            923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3eb7a29b-7250-4547-a164-41389b33bf41.tmp
                                                            Filesize

                                                            2KB

                                                            MD5

                                                            e4b5705367dd62757fb2d11ff9332d91

                                                            SHA1

                                                            5d91625472cd56bc1276e8eb360f8cf83e966bd2

                                                            SHA256

                                                            c1b6454cffbb9ddd851e8cf4f0ccae7282070eb9376a30f6b39c33bdbd111b23

                                                            SHA512

                                                            964e0a5772fd87b2c69356b33fc0609d32a2dbeaf26a79d3bc2d8816efe4f90a3d1f0bd17a14589e78091a5203f8932b155cd8305a812843b33cdb7e5ccada33

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                            Filesize

                                                            384B

                                                            MD5

                                                            e3d8e273827dda9d6ecef32f85a84ebf

                                                            SHA1

                                                            71a7c5adddc35098c708f06c4bcc2cb868b31d2e

                                                            SHA256

                                                            561637316d3e2b10528c1e4bb8a7cc4d32dda406173283fa2dcfc733b4dfadaa

                                                            SHA512

                                                            60c618eb855e707588da9e2b159708eea71a2945d78314daaa885949d6b0876a02e72962ce8c9d96bd979f93f00c6850743db8d64be7f197b2b8e8fab14ff298

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                            Filesize

                                                            840B

                                                            MD5

                                                            9604f5367a241078f3824fbb44f57522

                                                            SHA1

                                                            23ca1b8f3ca792be7d992de44bb4596d1fc626e7

                                                            SHA256

                                                            1b70811f503e86d0c5de42472cde694ea521e3742f0b1c6d1c5a3d616cec550e

                                                            SHA512

                                                            706bcd372e40b6e27e9b9034ecd219c76c13cc517fa006404ddb126674c8dffb5e09bcee7d27e8cc3d27176ef285a207c239eca6a39f4d3048438661fc43dc70

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                            Filesize

                                                            3KB

                                                            MD5

                                                            4fafbc1aecdb90fdfc1d22adae2f7db9

                                                            SHA1

                                                            9132da0e9bc2aef21c30f857bfbebd2537b2a6e1

                                                            SHA256

                                                            f9404338b8fb1c76314bf18092668fe01efb3383eb447419027b11a557d7c779

                                                            SHA512

                                                            5b5dfbeee1077ab9573a8acdeaf109b8787f43f5a18fd080286b75d4d92a7e4261c9f34c595233e31e7b37c3bdb25e5bfae4d3ccdd180ddb85ea17cf7db30022

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                            Filesize

                                                            8KB

                                                            MD5

                                                            e36a9c5bde11969f42e26ab93ef6520a

                                                            SHA1

                                                            d1699a38a42c521127589466e4b2c8fad07a0747

                                                            SHA256

                                                            83a33a57032171d83476c5d25624f58ddd9bc02a2ce98cd4389e3ed188b94c4c

                                                            SHA512

                                                            1f6c485acac94b8fe64933c2097aabaa86e95945c6674963f8b163200d9eaf34dc0190c420a7435d66c4407f6e779ba6fee69d36454386937b432463c7adca24

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                            Filesize

                                                            5KB

                                                            MD5

                                                            73f5b476a515e8c1f5cf14c8784d3bc9

                                                            SHA1

                                                            e880ff8984c4d8a377d49554b505233e3b3a4ed9

                                                            SHA256

                                                            f6cfb7aeca1ee5d8913c24562d0f5b50a8e467c9309e7b0c90a6fe51f2f87f13

                                                            SHA512

                                                            9eb45ece0d8f7a0e400cf095cd5b82efce5d5335719f0c28e0318d45e2bb11884d727978acc35f448a3c31eee7297af951859166e18faedd64672586e771cff9

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                            Filesize

                                                            8KB

                                                            MD5

                                                            a03a9f64a0e7b8ec9da4a4b5902e30d8

                                                            SHA1

                                                            4e4970bb23158df2b90347f5efbbf48f1f0cf446

                                                            SHA256

                                                            76a68cd1d67817e5ab13d266b7e735e631cb6ae47b6ca5e1c240b9602821af82

                                                            SHA512

                                                            8c4f4be4a16510db4de1d9f715df1b44014a218fe074b3945dc6d1ec468bfa3a4db9c3e73ed62e6189ced975818cf71251e8abc10aa4d79105660cb7622dd2de

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                            Filesize

                                                            6KB

                                                            MD5

                                                            3ee358ffa5a92e78f1692d379f8d674f

                                                            SHA1

                                                            18937714d115283db9d28e0eec748f700b7580e8

                                                            SHA256

                                                            fd20d87bde8f3102b7e15542ec376eefb2438593c4b67b65c2d53d197b50a8c2

                                                            SHA512

                                                            4df71eff896d21278f51fa908fe126656a8d7087596e77822ff7a1603dd69256bd7d04b06cd471beab2d73d17d56eb1cd790627d4212849557cbab488dc42bc2

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                            Filesize

                                                            8KB

                                                            MD5

                                                            2de2f4bfffc28a07d93c42de8dba8dee

                                                            SHA1

                                                            0bbc4ef3b74b8ea28b124c322d0c2e631abf16e3

                                                            SHA256

                                                            8d7917a88fdba31aa59ab02893fead130c9a2968be150e64c6507ea9bf8ec47c

                                                            SHA512

                                                            4e7303cd4c751b3f86bcd6447526a90b8bb87162ec499df76f32375eaae10a463cdf36a0080089d19da49ada22e3009e3fc1f98af7f7c92e2636de7807b44fb5

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                            Filesize

                                                            538B

                                                            MD5

                                                            f8bcc14ff5621cf9507fbc578192c3c5

                                                            SHA1

                                                            f75bb18a5f421f507b034795bf7e5e132ae41935

                                                            SHA256

                                                            033d08b846d7e11da5c67105b909a8c92187b27ddc488b9151bd04c3f8fcd6d7

                                                            SHA512

                                                            9d5c00a1c90695f73568b64f2d98e2bd4a062fa77f67293b0fb626e4174ad85f0d0c8c6d110e07e2499b64b36b8072741decdff1503b50f6b54b5a951b7a6d92

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a48c2.TMP
                                                            Filesize

                                                            538B

                                                            MD5

                                                            17baaf7a39794e16b30cc159b8c9bab6

                                                            SHA1

                                                            5c0e47d487f00c2e97554f9cfeb33cd1771e3d43

                                                            SHA256

                                                            7195ea7561361fad737b34a2708e66855b927ca0b1a522ac04c7d7dfd545c286

                                                            SHA512

                                                            31de1393dd70bfdc36e248b277fa3bd995208f9258a5ea9a514c4dd087e1c0b40116624e5133d0cb29b6e91278c40e57ce204db1352eaccfbf4d83f2863d1669

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                            Filesize

                                                            16B

                                                            MD5

                                                            46295cac801e5d4857d09837238a6394

                                                            SHA1

                                                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                            SHA256

                                                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                            SHA512

                                                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                            Filesize

                                                            16B

                                                            MD5

                                                            206702161f94c5cd39fadd03f4014d98

                                                            SHA1

                                                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                            SHA256

                                                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                            SHA512

                                                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                            Filesize

                                                            11KB

                                                            MD5

                                                            c50bf175de2e4708c8dc15d357b59853

                                                            SHA1

                                                            79e1bbd633badc8613b01510da015d77f40c69bf

                                                            SHA256

                                                            f26b5db3d19b432c9d94767068957db6251021db23b7052b4962375b6500aafc

                                                            SHA512

                                                            4f0413164ba29469af78fa636f3b1f9c1b3039ff05cd34bbc4176da3aab038012b629d906fb38a863021b0f59d44cf1b6258718dc852cc7629fa35ee6cef6103

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                            Filesize

                                                            10KB

                                                            MD5

                                                            7ff3b73b0c7d2832c969d9e51a02ad0d

                                                            SHA1

                                                            a412bf7f0875c75a65822cd64ad8b6ee7910b0a8

                                                            SHA256

                                                            7b56a931391a02ea2945aeaeb19eca54579ecf0dac9621393bb32f38913d79d3

                                                            SHA512

                                                            88dc46ce51ed84cd607a9a206ea98b474f8dbcea499163a00d8a2a835b7a67dbd6b4fa01e8a555d0cf12214c2ec70b9c14dcc6fb5cd51c6ef5cd322f3e942988

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                            Filesize

                                                            11KB

                                                            MD5

                                                            8add8ad7a05d23ac67cf66b0ebf7dfda

                                                            SHA1

                                                            428574bf155fe4a94632bf91bf4df73ba8c6c673

                                                            SHA256

                                                            37b143814bb751e972371d31d004175b5ac1e570944e584de86f7f99ea39a355

                                                            SHA512

                                                            9e3044b4b0fa315967b2421b4495b3a810c67a1c7ba06359c84337a43920c94656a80ca4c66b451325ee4f3b7476fc2e18ee768b41eaa119b70913708793d04d

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                            Filesize

                                                            11KB

                                                            MD5

                                                            982d8780dc1e491092bbacbfb4b1374d

                                                            SHA1

                                                            599b46c18b1a834fb7ab3128380e5be2f49e9ac9

                                                            SHA256

                                                            52bc24e8613ac35a3c1641a5b39e7eb3120b9f94b79d3a7add41697a2341d7d7

                                                            SHA512

                                                            bb3b2a18a765561ec376544b4dd4e5a10a7ffcb52c3fb4824383d6747191cc82b20d2f7301ab2ec2580c7f44b7a0570ea210bc6fad3bb11ba4bcbb96eb256a96

                                                            Download Submit

                                                          • C:\Users\Admin\Downloads\FusionHacks.zip
                                                            Filesize

                                                            47.6MB

                                                            MD5

                                                            be91ee24e9239c09f192f185e11205e6

                                                            SHA1

                                                            bc09be46470b1e42142547b3afb1a7c79237896b

                                                            SHA256

                                                            be0f45f27ad2ef66485ba9b01a464aa72c3408b7db594d54d9c8413fe6cb3e50

                                                            SHA512

                                                            0604867cc6fff8abbfce86eb51b8ebf07c5f3bbac9d97e69a0d6d6d95d97b38a633daa51e4c32a081f57ec4094120fb385140fc2090aa5b34518fd6b77f48ab6

                                                            Download Submit

                                                          • C:\Users\Admin\Downloads\FusionHacks\FusionLoader v2.1.exe
                                                            Filesize

                                                            389KB

                                                            MD5

                                                            0aadf8d1c960d00681ee65384611ca68

                                                            SHA1

                                                            4b6a3afa31525d709ffa33e25984f97eaab47c2a

                                                            SHA256

                                                            45cb914435402fb1dc81d67a08bd2788ae80eb98cd6ac18439385eb399ef2e15

                                                            SHA512

                                                            6e430f1a22431e6c0b43e37ac0ac5335498c052a4b1a0da09003cbdd72dd12c90a7d76d09c3725759bb5e0c1a79c30d037c49e1e2a25fcf0d55bfc4b2cf1ef7b

                                                            Download Submit

                                                          • C:\Users\Admin\Downloads\FusionHacks\jre\Packaged\AccessibleHandler — копия.dll
                                                            Filesize

                                                            3.4MB

                                                            MD5

                                                            96b95a995d325fe15201f32db9fe6116

                                                            SHA1

                                                            cad60d85dd5810ad23199f756c89d78f71567799

                                                            SHA256

                                                            3f0f0e67e96f7720c3acedc9a822593b0751a9a96cc6444aece0372716ca4bed

                                                            SHA512

                                                            24b541b7e02780b06bd236dac19c30b55e589c1984d0ab226f14d66ad323f7429ed98f3c18d2875b1c8f682d8f16621d2bfe64b6e60e3a089f9616ca2d42936e

                                                            Download Submit

                                                          • C:\Users\Admin\Downloads\FusionHacks\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif
                                                            Filesize

                                                            153B

                                                            MD5

                                                            1e9d8f133a442da6b0c74d49bc84a341

                                                            SHA1

                                                            259edc45b4569427e8319895a444f4295d54348f

                                                            SHA256

                                                            1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

                                                            SHA512

                                                            63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

                                                            Download Submit

                                                          • memory/180-642-0x00000000000A0000-0x0000000000108000-memory.dmp

                                                            Filesize

                                                            416KB

                                                            Download

                                                          • memory/180-643-0x0000000004E80000-0x0000000005424000-memory.dmp

                                                            Filesize

                                                            5.6MB

                                                            Download

                                                          • memory/1620-685-0x00000202C5920000-0x00000202C5921000-memory.dmp

                                                            Filesize

                                                            4KB

                                                            Download

                                                          • memory/1620-677-0x00000202C5920000-0x00000202C5921000-memory.dmp

                                                            Filesize

                                                            4KB

                                                            Download

                                                          • memory/1620-678-0x00000202C5920000-0x00000202C5921000-memory.dmp

                                                            Filesize

                                                            4KB

                                                            Download

                                                          • memory/1620-679-0x00000202C5920000-0x00000202C5921000-memory.dmp

                                                            Filesize

                                                            4KB

                                                            Download

                                                          • memory/1620-689-0x00000202C5920000-0x00000202C5921000-memory.dmp

                                                            Filesize

                                                            4KB

                                                            Download

                                                          • memory/1620-688-0x00000202C5920000-0x00000202C5921000-memory.dmp

                                                            Filesize

                                                            4KB

                                                            Download

                                                          • memory/1620-687-0x00000202C5920000-0x00000202C5921000-memory.dmp

                                                            Filesize

                                                            4KB

                                                            Download

                                                          • memory/1620-686-0x00000202C5920000-0x00000202C5921000-memory.dmp

                                                            Filesize

                                                            4KB

                                                            Download

                                                          • memory/1620-684-0x00000202C5920000-0x00000202C5921000-memory.dmp

                                                            Filesize

                                                            4KB

                                                            Download

                                                          • memory/1620-683-0x00000202C5920000-0x00000202C5921000-memory.dmp

                                                            Filesize

                                                            4KB

                                                            Download

                                                          • memory/2660-649-0x0000000000400000-0x000000000045E000-memory.dmp

                                                            Filesize

                                                            376KB

                                                            Download

                                                          • memory/2660-647-0x0000000000400000-0x000000000045E000-memory.dmp

                                                            Filesize

                                                            376KB

                                                            Download