hxxps://cdn[.]discordapp[.]com/attachments/975541741098774528/1044666482845569104/Warzone_2[.]70_Cracked[.]rar

Analysis

max time kernel
1083s
max time network
1089s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
07/02/2023, 17:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/975541741098774528/1044666482845569104/Warzone_2.70_Cracked.rar

Score

7^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	Warzone Cracked.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	Warzone Cracked.exe

Executes dropped EXE 13 IoCs

pid	Process
1316	Warzone Cracked.exe
4280	WARZONE RAT 2.70.exe
3756	Inject.exe
612	WARZONE RAT 2.70.exe
3852	Inject.exe
4736	WARZONE RAT 2.70.exe
4540	Inject.exe
4092	Warzone Cracked.exe
2900	WARZONE RAT 2.70.exe
320	Inject.exe
4492	WARZONE RAT 2.70.exe
3416	Inject.exe
2692	ChromeRecovery.exe

Loads dropped DLL 55 IoCs

pid	Process
4280	WARZONE RAT 2.70.exe
3756	Inject.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
612	WARZONE RAT 2.70.exe
3852	Inject.exe
612	WARZONE RAT 2.70.exe
612	WARZONE RAT 2.70.exe
612	WARZONE RAT 2.70.exe
612	WARZONE RAT 2.70.exe
612	WARZONE RAT 2.70.exe
612	WARZONE RAT 2.70.exe
612	WARZONE RAT 2.70.exe
612	WARZONE RAT 2.70.exe
612	WARZONE RAT 2.70.exe
4736	WARZONE RAT 2.70.exe
4540	Inject.exe
4736	WARZONE RAT 2.70.exe
4736	WARZONE RAT 2.70.exe
4736	WARZONE RAT 2.70.exe
4736	WARZONE RAT 2.70.exe
4736	WARZONE RAT 2.70.exe
4736	WARZONE RAT 2.70.exe
4736	WARZONE RAT 2.70.exe
4736	WARZONE RAT 2.70.exe
4736	WARZONE RAT 2.70.exe
2900	WARZONE RAT 2.70.exe
320	Inject.exe
2900	WARZONE RAT 2.70.exe
2900	WARZONE RAT 2.70.exe
2900	WARZONE RAT 2.70.exe
2900	WARZONE RAT 2.70.exe
2900	WARZONE RAT 2.70.exe
2900	WARZONE RAT 2.70.exe
2900	WARZONE RAT 2.70.exe
2900	WARZONE RAT 2.70.exe
2900	WARZONE RAT 2.70.exe
4492	WARZONE RAT 2.70.exe
3416	Inject.exe
4492	WARZONE RAT 2.70.exe
4492	WARZONE RAT 2.70.exe
4492	WARZONE RAT 2.70.exe
4492	WARZONE RAT 2.70.exe
4492	WARZONE RAT 2.70.exe
4492	WARZONE RAT 2.70.exe
4492	WARZONE RAT 2.70.exe
4492	WARZONE RAT 2.70.exe
4492	WARZONE RAT 2.70.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe

Drops file in Program Files directory 39 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\Datas\vncviewer.exe	chrome.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4892_526690615\ChromeRecoveryCRX.crx	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4892_526690615\ChromeRecovery.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\cratclientd.bin	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\Datas\rdpwrap32.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\Injector\0Harmony.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\Injector\Bootstrap.dll	chrome.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\610fd15d-5501-435f-bd79-5ed12e86a80a.tmp	setup.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\Datas\geoip\GeoIP.dat	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\Datas\options.vnc	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\WARZONE RAT 2.70.exe	chrome.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4892_526690615\manifest.json	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\Injector\0Harmony.xml	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\Injector\Inject.exe	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\Warzone Cracked.exe	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\WARZONE Password Viewer 1.0.exe	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4892_526690615\_metadata\verified_contents.json	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\cratclient.bin	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\Datas\SocksManager.exe	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\Datas\ServerManager.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\Datas\sqlite3.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\Injector\Warzone.Loader.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\Warzone Cracked.exe.config	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4892_526690615\manifest.json	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\===READ ME===.txt	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\Datas\rvncviewer.exe	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\Injector\Bootstrap.exp	chrome.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230207182156.pma	setup.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\Datas\rV.bsp1	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\Injector\Bootstrap.lib	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\PETools.dll	chrome.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4892_526690615\_metadata\verified_contents.json	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\Datas\firefox.dlls	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\Datas\rdpwrap64.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\MaterialSkin.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\WARZONE RAT 2.70.exe.config	chrome.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4892_526690615\ChromeRecovery.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\Datas\rdpwrap.ini	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Warzone 2.70 Cracked\License.dll	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 5 IoCs

pid	pid_target	Process	procid_target
5012	4280	WerFault.exe	117
992	612	WerFault.exe	124
2660	4736	WerFault.exe	132
2620	2900	WerFault.exe	163
5012	4492	WerFault.exe	170

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2084	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4720	chrome.exe
4720	chrome.exe
1632	chrome.exe
1632	chrome.exe
4748	chrome.exe
4748	chrome.exe
2040	chrome.exe
2040	chrome.exe
5032	chrome.exe
5032	chrome.exe
3852	chrome.exe
3852	chrome.exe
1136	chrome.exe
1136	chrome.exe
4412	chrome.exe
4412	chrome.exe
1316	Warzone Cracked.exe
3756	Inject.exe
3756	Inject.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe
4280	WARZONE RAT 2.70.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: SeRestorePrivilege	3512	7zG.exe
Token: 35	3512	7zG.exe
Token: SeSecurityPrivilege	3512	7zG.exe
Token: SeSecurityPrivilege	3512	7zG.exe
Token: SeDebugPrivilege	1316	Warzone Cracked.exe
Token: SeDebugPrivilege	3756	Inject.exe
Token: SeDebugPrivilege	4280	WARZONE RAT 2.70.exe
Token: SeDebugPrivilege	3852	Inject.exe
Token: SeDebugPrivilege	612	WARZONE RAT 2.70.exe
Token: SeDebugPrivilege	4540	Inject.exe
Token: SeDebugPrivilege	4736	WARZONE RAT 2.70.exe
Token: SeDebugPrivilege	4092	Warzone Cracked.exe
Token: SeDebugPrivilege	320	Inject.exe
Token: SeDebugPrivilege	2900	WARZONE RAT 2.70.exe
Token: SeDebugPrivilege	3416	Inject.exe
Token: SeDebugPrivilege	4492	WARZONE RAT 2.70.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
3512	7zG.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
4092	Warzone Cracked.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 1812	1632	chrome.exe	78
PID 1632 wrote to memory of 1812	1632	chrome.exe	78
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4824	1632	chrome.exe	81
PID 1632 wrote to memory of 4720	1632	chrome.exe	82
PID 1632 wrote to memory of 4720	1632	chrome.exe	82
PID 1632 wrote to memory of 1900	1632	chrome.exe	83
PID 1632 wrote to memory of 1900	1632	chrome.exe	83
PID 1632 wrote to memory of 1900	1632	chrome.exe	83
PID 1632 wrote to memory of 1900	1632	chrome.exe	83
PID 1632 wrote to memory of 1900	1632	chrome.exe	83
PID 1632 wrote to memory of 1900	1632	chrome.exe	83
PID 1632 wrote to memory of 1900	1632	chrome.exe	83
PID 1632 wrote to memory of 1900	1632	chrome.exe	83
PID 1632 wrote to memory of 1900	1632	chrome.exe	83
PID 1632 wrote to memory of 1900	1632	chrome.exe	83
PID 1632 wrote to memory of 1900	1632	chrome.exe	83
PID 1632 wrote to memory of 1900	1632	chrome.exe	83
PID 1632 wrote to memory of 1900	1632	chrome.exe	83
PID 1632 wrote to memory of 1900	1632	chrome.exe	83
PID 1632 wrote to memory of 1900	1632	chrome.exe	83
PID 1632 wrote to memory of 1900	1632	chrome.exe	83
PID 1632 wrote to memory of 1900	1632	chrome.exe	83
PID 1632 wrote to memory of 1900	1632	chrome.exe	83
PID 1632 wrote to memory of 1900	1632	chrome.exe	83
PID 1632 wrote to memory of 1900	1632	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://cdn.discordapp.com/attachments/975541741098774528/1044666482845569104/Warzone_2.70_Cracked.rar
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe0a334f50,0x7ffe0a334f60,0x7ffe0a334f70
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1688 /prefetch:2
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2024 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2304 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4328 /prefetch:8
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  - Drops file in Program Files directory
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2144 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2400 /prefetch:8
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3512 /prefetch:2
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5724 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=980 /prefetch:8
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2148 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=980 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17572456628148300443,8226541202880764331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=980 /prefetch:8
  2⤵
  PID:3828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4888

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4952

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Warzone_2.70_Cracked\" -spe -an -ai#7zMap23501:102:7zEvent16047
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3512

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\===READ ME===.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:2084

C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Warzone Cracked.exe
"C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Warzone Cracked.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1316
- C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\WARZONE RAT 2.70.exe
  "C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\WARZONE RAT 2.70.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4280
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 1160
    3⤵
    - Program crash
    PID:5012
- C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Injector\Inject.exe
  "Injector\Inject.exe" -m Main -i "Injector\Warzone.Loader.dll" -l Cortex.Loader -a "hello inject" -n "WARZONE RAT 2.70.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3756
- C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\WARZONE RAT 2.70.exe
  "C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\WARZONE RAT 2.70.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:612
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 1388
    3⤵
    - Program crash
    PID:992
- C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Injector\Inject.exe
  "Injector\Inject.exe" -m Main -i "Injector\Warzone.Loader.dll" -l Cortex.Loader -a "hello inject" -n "WARZONE RAT 2.70.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:3852
- C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\WARZONE RAT 2.70.exe
  "C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\WARZONE RAT 2.70.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:4736
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 1372
    3⤵
    - Program crash
    PID:2660
- C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Injector\Inject.exe
  "Injector\Inject.exe" -m Main -i "Injector\Warzone.Loader.dll" -l Cortex.Loader -a "hello inject" -n "WARZONE RAT 2.70.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cortexnet.cc/
  2⤵
  - Adds Run key to start application
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:2720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe186546f8,0x7ffe18654708,0x7ffe18654718
    3⤵
    PID:4084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10063794254380397067,17767160204345129048,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
    3⤵
    PID:4064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,10063794254380397067,17767160204345129048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
    3⤵
    PID:1904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,10063794254380397067,17767160204345129048,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
    3⤵
    PID:2216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10063794254380397067,17767160204345129048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
    3⤵
    PID:896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10063794254380397067,17767160204345129048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
    3⤵
    PID:1608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2168,10063794254380397067,17767160204345129048,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5376 /prefetch:8
    3⤵
    PID:3068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2168,10063794254380397067,17767160204345129048,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5392 /prefetch:8
    3⤵
    PID:3440
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,10063794254380397067,17767160204345129048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 /prefetch:8
    3⤵
    PID:4592
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff74feb5460,0x7ff74feb5470,0x7ff74feb5480
      4⤵
      PID:1648
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,10063794254380397067,17767160204345129048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 /prefetch:8
    3⤵
    PID:4672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10063794254380397067,17767160204345129048,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
    3⤵
    PID:4312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10063794254380397067,17767160204345129048,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
    3⤵
    PID:3156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10063794254380397067,17767160204345129048,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
    3⤵
    PID:940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10063794254380397067,17767160204345129048,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
    3⤵
    PID:4252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4280 -ip 4280
1⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 612 -ip 612
1⤵
PID:1456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4736 -ip 4736
1⤵
PID:2764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1408

C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Warzone Cracked.exe
"C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Warzone Cracked.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4092
- C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\WARZONE RAT 2.70.exe
  "C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\WARZONE RAT 2.70.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:2900
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 1300
    3⤵
    - Program crash
    PID:2620
- C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Injector\Inject.exe
  "Injector\Inject.exe" -m Main -i "Injector\Warzone.Loader.dll" -l Cortex.Loader -a "hello inject" -n "WARZONE RAT 2.70.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:320
- C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\WARZONE RAT 2.70.exe
  "C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\WARZONE RAT 2.70.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:4492
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 1384
    3⤵
    - Program crash
    PID:5012
- C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Injector\Inject.exe
  "Injector\Inject.exe" -m Main -i "Injector\Warzone.Loader.dll" -l Cortex.Loader -a "hello inject" -n "WARZONE RAT 2.70.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:3416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 2900 -ip 2900
1⤵
PID:3936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4492 -ip 4492
1⤵
PID:3988

C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"
1⤵
- Drops file in Program Files directory
PID:4892
- C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4892_526690615\ChromeRecovery.exe
  "C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4892_526690615\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={008ca8d3-69d4-4b46-92a3-683657359d25} --system
  2⤵
  - Executes dropped EXE
  PID:2692

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Downloads\Warzone_2.70_Cracked.rar

Filesize
14.2MB

MD5
cfc18164184cba8e6655988c22113671

SHA1
1d06ce873d9d03c5b004e378be9d58f1c0c0ef0e

SHA256
791711bb6b88d04500f7c597bd7126abf70285a647a12a0d64b0b6072278df32

SHA512
7d0056c4326f48a3a333fedd8b438ba255ea743dbe114eb2e686ec948dbaaadfe78ae7c35848be4697d3c5f73a272aae342a1cae701aacb51c62b67316b9fa65

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\===READ ME===.txt

Filesize
60B

MD5
43667a4915e9db66dfaccc54eda215f8

SHA1
14eab3723426b978a751f192cd3e985e4deb2851

SHA256
e3a5654cde27eb4c8047fba0366ff7a1b1760862319b318ad53f244d74b7c5cc

SHA512
de958114a184ed4bb88389f8a18de165584c09ec5e5b964e9ca2750c05e0c1d093c807109e6094b4c4f09e6fcd0fa7489265682c5d6aced192ba3a7c62d88a27

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Injector\0Harmony.dll

Filesize
751KB

MD5
49eb0f4ac96c709d82560b143f666bc8

SHA1
28021ced53fcc946368d29742f64c9b551970fbc

SHA256
28011cdbc84e33b9cd5b1d3faf5c9166ed825c4db208b44afaa2b44c5d64fac0

SHA512
689849ccf29f9154b84d9b64cc364634177d829fb4828aac8b449769f08ac70051e4172d3cd847fc0bce1ee5d224661e9ff0e988faab33202edeab35296f135d

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Injector\0Harmony.dll

Filesize
751KB

MD5
49eb0f4ac96c709d82560b143f666bc8

SHA1
28021ced53fcc946368d29742f64c9b551970fbc

SHA256
28011cdbc84e33b9cd5b1d3faf5c9166ed825c4db208b44afaa2b44c5d64fac0

SHA512
689849ccf29f9154b84d9b64cc364634177d829fb4828aac8b449769f08ac70051e4172d3cd847fc0bce1ee5d224661e9ff0e988faab33202edeab35296f135d

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Injector\0Harmony.dll

Filesize
751KB

MD5
49eb0f4ac96c709d82560b143f666bc8

SHA1
28021ced53fcc946368d29742f64c9b551970fbc

SHA256
28011cdbc84e33b9cd5b1d3faf5c9166ed825c4db208b44afaa2b44c5d64fac0

SHA512
689849ccf29f9154b84d9b64cc364634177d829fb4828aac8b449769f08ac70051e4172d3cd847fc0bce1ee5d224661e9ff0e988faab33202edeab35296f135d

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Injector\0Harmony.dll

Filesize
751KB

MD5
49eb0f4ac96c709d82560b143f666bc8

SHA1
28021ced53fcc946368d29742f64c9b551970fbc

SHA256
28011cdbc84e33b9cd5b1d3faf5c9166ed825c4db208b44afaa2b44c5d64fac0

SHA512
689849ccf29f9154b84d9b64cc364634177d829fb4828aac8b449769f08ac70051e4172d3cd847fc0bce1ee5d224661e9ff0e988faab33202edeab35296f135d

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Injector\0Harmony.dll

Filesize
751KB

MD5
49eb0f4ac96c709d82560b143f666bc8

SHA1
28021ced53fcc946368d29742f64c9b551970fbc

SHA256
28011cdbc84e33b9cd5b1d3faf5c9166ed825c4db208b44afaa2b44c5d64fac0

SHA512
689849ccf29f9154b84d9b64cc364634177d829fb4828aac8b449769f08ac70051e4172d3cd847fc0bce1ee5d224661e9ff0e988faab33202edeab35296f135d

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Injector\Bootstrap.dll

Filesize
13KB

MD5
68b1f2580254ee6b18e39b6ed9493ca6

SHA1
0fe3e10208eca621840cfb0340c8adfdfea32b6d

SHA256
8cf696b44808a84a59c94b61bfa513007466546da6c996540424b08e4bc0879a

SHA512
ef164def5742e8417d7f735adfdcaabbea306910b0c92fe36adbe1882642c6a933988fcd665ebc6aaf742ef4de4f43b09fa01ca50ad07e2147ca9e1869d609fe

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Injector\Bootstrap.dll

Filesize
13KB

MD5
68b1f2580254ee6b18e39b6ed9493ca6

SHA1
0fe3e10208eca621840cfb0340c8adfdfea32b6d

SHA256
8cf696b44808a84a59c94b61bfa513007466546da6c996540424b08e4bc0879a

SHA512
ef164def5742e8417d7f735adfdcaabbea306910b0c92fe36adbe1882642c6a933988fcd665ebc6aaf742ef4de4f43b09fa01ca50ad07e2147ca9e1869d609fe

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Injector\Bootstrap.dll

Filesize
13KB

MD5
68b1f2580254ee6b18e39b6ed9493ca6

SHA1
0fe3e10208eca621840cfb0340c8adfdfea32b6d

SHA256
8cf696b44808a84a59c94b61bfa513007466546da6c996540424b08e4bc0879a

SHA512
ef164def5742e8417d7f735adfdcaabbea306910b0c92fe36adbe1882642c6a933988fcd665ebc6aaf742ef4de4f43b09fa01ca50ad07e2147ca9e1869d609fe

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Injector\Bootstrap.dll

Filesize
13KB

MD5
68b1f2580254ee6b18e39b6ed9493ca6

SHA1
0fe3e10208eca621840cfb0340c8adfdfea32b6d

SHA256
8cf696b44808a84a59c94b61bfa513007466546da6c996540424b08e4bc0879a

SHA512
ef164def5742e8417d7f735adfdcaabbea306910b0c92fe36adbe1882642c6a933988fcd665ebc6aaf742ef4de4f43b09fa01ca50ad07e2147ca9e1869d609fe

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Injector\Bootstrap.dll

Filesize
13KB

MD5
68b1f2580254ee6b18e39b6ed9493ca6

SHA1
0fe3e10208eca621840cfb0340c8adfdfea32b6d

SHA256
8cf696b44808a84a59c94b61bfa513007466546da6c996540424b08e4bc0879a

SHA512
ef164def5742e8417d7f735adfdcaabbea306910b0c92fe36adbe1882642c6a933988fcd665ebc6aaf742ef4de4f43b09fa01ca50ad07e2147ca9e1869d609fe

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Injector\Inject.exe

Filesize
24KB

MD5
ab93dfff12df25c474a289ce17ec9403

SHA1
c10d7ff5502ec9fa5dbd44f9f873e12a9f5ff272

SHA256
cf1beeb9b1f66a363bad4a4d5257413cb8d7ec7e4827587fb9f4dff679ce558d

SHA512
5dabb308e42d75eb53d65ba1d631520b5debf8e97e8757ed19a8be06825e493a1caa7e1191544f4cf276f69511832f091cf5189b6e31e2550f14a5cff3a30b25

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Injector\Inject.exe

Filesize
24KB

MD5
ab93dfff12df25c474a289ce17ec9403

SHA1
c10d7ff5502ec9fa5dbd44f9f873e12a9f5ff272

SHA256
cf1beeb9b1f66a363bad4a4d5257413cb8d7ec7e4827587fb9f4dff679ce558d

SHA512
5dabb308e42d75eb53d65ba1d631520b5debf8e97e8757ed19a8be06825e493a1caa7e1191544f4cf276f69511832f091cf5189b6e31e2550f14a5cff3a30b25

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Injector\Inject.exe

Filesize
24KB

MD5
ab93dfff12df25c474a289ce17ec9403

SHA1
c10d7ff5502ec9fa5dbd44f9f873e12a9f5ff272

SHA256
cf1beeb9b1f66a363bad4a4d5257413cb8d7ec7e4827587fb9f4dff679ce558d

SHA512
5dabb308e42d75eb53d65ba1d631520b5debf8e97e8757ed19a8be06825e493a1caa7e1191544f4cf276f69511832f091cf5189b6e31e2550f14a5cff3a30b25

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Injector\Inject.exe

Filesize
24KB

MD5
ab93dfff12df25c474a289ce17ec9403

SHA1
c10d7ff5502ec9fa5dbd44f9f873e12a9f5ff272

SHA256
cf1beeb9b1f66a363bad4a4d5257413cb8d7ec7e4827587fb9f4dff679ce558d

SHA512
5dabb308e42d75eb53d65ba1d631520b5debf8e97e8757ed19a8be06825e493a1caa7e1191544f4cf276f69511832f091cf5189b6e31e2550f14a5cff3a30b25

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Injector\Warzone.Loader.dll

Filesize
202KB

MD5
e5d43311e900d64b971f9ff61935efd0

SHA1
dd7e038eac423bc930d43d5ab94e09a0a42ef8b3

SHA256
88ee57bf613570c9c46dc20924b699bd2264c746cbc8e2d6ae6df77b8d699f0e

SHA512
de23a3cd215453dc5f067e033ff6cb1822db667ac323fb280aea3993299a9e96dfd2551ea031bf313575767036b7d223ad458c61231f4c8541feb029116e920b

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Injector\Warzone.Loader.dll

Filesize
202KB

MD5
e5d43311e900d64b971f9ff61935efd0

SHA1
dd7e038eac423bc930d43d5ab94e09a0a42ef8b3

SHA256
88ee57bf613570c9c46dc20924b699bd2264c746cbc8e2d6ae6df77b8d699f0e

SHA512
de23a3cd215453dc5f067e033ff6cb1822db667ac323fb280aea3993299a9e96dfd2551ea031bf313575767036b7d223ad458c61231f4c8541feb029116e920b

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Injector\Warzone.Loader.dll

Filesize
202KB

MD5
e5d43311e900d64b971f9ff61935efd0

SHA1
dd7e038eac423bc930d43d5ab94e09a0a42ef8b3

SHA256
88ee57bf613570c9c46dc20924b699bd2264c746cbc8e2d6ae6df77b8d699f0e

SHA512
de23a3cd215453dc5f067e033ff6cb1822db667ac323fb280aea3993299a9e96dfd2551ea031bf313575767036b7d223ad458c61231f4c8541feb029116e920b

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Injector\Warzone.Loader.dll

Filesize
202KB

MD5
e5d43311e900d64b971f9ff61935efd0

SHA1
dd7e038eac423bc930d43d5ab94e09a0a42ef8b3

SHA256
88ee57bf613570c9c46dc20924b699bd2264c746cbc8e2d6ae6df77b8d699f0e

SHA512
de23a3cd215453dc5f067e033ff6cb1822db667ac323fb280aea3993299a9e96dfd2551ea031bf313575767036b7d223ad458c61231f4c8541feb029116e920b

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Injector\Warzone.Loader.dll

Filesize
202KB

MD5
e5d43311e900d64b971f9ff61935efd0

SHA1
dd7e038eac423bc930d43d5ab94e09a0a42ef8b3

SHA256
88ee57bf613570c9c46dc20924b699bd2264c746cbc8e2d6ae6df77b8d699f0e

SHA512
de23a3cd215453dc5f067e033ff6cb1822db667ac323fb280aea3993299a9e96dfd2551ea031bf313575767036b7d223ad458c61231f4c8541feb029116e920b

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\License.dll

Filesize
1.4MB

MD5
f23d8a327412a4f88357a70d9158886d

SHA1
abbb28c9a33523ee127d18fa00a71a56d87ae267

SHA256
b1cc3828d572a6b72d24ad71ef703daa1b9babf1582142b668f61d52bd79a230

SHA512
48fafdf32918d3bc87e92c52e41e9985e1704e46d613577d4d4f6b7e8adf6e79ae3c81af4f586f1d9d428f96905bc50b7cced14397f651234ffe88e2d3cc93f5

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\License.dll

Filesize
1.4MB

MD5
f23d8a327412a4f88357a70d9158886d

SHA1
abbb28c9a33523ee127d18fa00a71a56d87ae267

SHA256
b1cc3828d572a6b72d24ad71ef703daa1b9babf1582142b668f61d52bd79a230

SHA512
48fafdf32918d3bc87e92c52e41e9985e1704e46d613577d4d4f6b7e8adf6e79ae3c81af4f586f1d9d428f96905bc50b7cced14397f651234ffe88e2d3cc93f5

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\License.dll

Filesize
1.4MB

MD5
f23d8a327412a4f88357a70d9158886d

SHA1
abbb28c9a33523ee127d18fa00a71a56d87ae267

SHA256
b1cc3828d572a6b72d24ad71ef703daa1b9babf1582142b668f61d52bd79a230

SHA512
48fafdf32918d3bc87e92c52e41e9985e1704e46d613577d4d4f6b7e8adf6e79ae3c81af4f586f1d9d428f96905bc50b7cced14397f651234ffe88e2d3cc93f5

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\License.dll

Filesize
1.4MB

MD5
f23d8a327412a4f88357a70d9158886d

SHA1
abbb28c9a33523ee127d18fa00a71a56d87ae267

SHA256
b1cc3828d572a6b72d24ad71ef703daa1b9babf1582142b668f61d52bd79a230

SHA512
48fafdf32918d3bc87e92c52e41e9985e1704e46d613577d4d4f6b7e8adf6e79ae3c81af4f586f1d9d428f96905bc50b7cced14397f651234ffe88e2d3cc93f5

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\License.dll

Filesize
1.4MB

MD5
f23d8a327412a4f88357a70d9158886d

SHA1
abbb28c9a33523ee127d18fa00a71a56d87ae267

SHA256
b1cc3828d572a6b72d24ad71ef703daa1b9babf1582142b668f61d52bd79a230

SHA512
48fafdf32918d3bc87e92c52e41e9985e1704e46d613577d4d4f6b7e8adf6e79ae3c81af4f586f1d9d428f96905bc50b7cced14397f651234ffe88e2d3cc93f5

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\License.dll

Filesize
1.4MB

MD5
f23d8a327412a4f88357a70d9158886d

SHA1
abbb28c9a33523ee127d18fa00a71a56d87ae267

SHA256
b1cc3828d572a6b72d24ad71ef703daa1b9babf1582142b668f61d52bd79a230

SHA512
48fafdf32918d3bc87e92c52e41e9985e1704e46d613577d4d4f6b7e8adf6e79ae3c81af4f586f1d9d428f96905bc50b7cced14397f651234ffe88e2d3cc93f5

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\License.dll

Filesize
1.4MB

MD5
f23d8a327412a4f88357a70d9158886d

SHA1
abbb28c9a33523ee127d18fa00a71a56d87ae267

SHA256
b1cc3828d572a6b72d24ad71ef703daa1b9babf1582142b668f61d52bd79a230

SHA512
48fafdf32918d3bc87e92c52e41e9985e1704e46d613577d4d4f6b7e8adf6e79ae3c81af4f586f1d9d428f96905bc50b7cced14397f651234ffe88e2d3cc93f5

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\PETools.dll

Filesize
19KB

MD5
db7101a0e92cd476b587afb9c55586d0

SHA1
2439c91a6f6ce5a684e56d825155e5101c35070b

SHA256
b39bbd6d8ee84743834741aae0a39159f62db829678e5bb0d915b09edc27b41e

SHA512
c194b789346f2dc9f10d4bba787a0edb585de0a5fa4ee3c507b7df9bf2086027cff82c810c0100a09253776b0986bcf7d9eac1c488a2322fef726282f157c3ad

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\PETools.dll

Filesize
19KB

MD5
db7101a0e92cd476b587afb9c55586d0

SHA1
2439c91a6f6ce5a684e56d825155e5101c35070b

SHA256
b39bbd6d8ee84743834741aae0a39159f62db829678e5bb0d915b09edc27b41e

SHA512
c194b789346f2dc9f10d4bba787a0edb585de0a5fa4ee3c507b7df9bf2086027cff82c810c0100a09253776b0986bcf7d9eac1c488a2322fef726282f157c3ad

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\PETools.dll

Filesize
19KB

MD5
db7101a0e92cd476b587afb9c55586d0

SHA1
2439c91a6f6ce5a684e56d825155e5101c35070b

SHA256
b39bbd6d8ee84743834741aae0a39159f62db829678e5bb0d915b09edc27b41e

SHA512
c194b789346f2dc9f10d4bba787a0edb585de0a5fa4ee3c507b7df9bf2086027cff82c810c0100a09253776b0986bcf7d9eac1c488a2322fef726282f157c3ad

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\PETools.dll

Filesize
19KB

MD5
db7101a0e92cd476b587afb9c55586d0

SHA1
2439c91a6f6ce5a684e56d825155e5101c35070b

SHA256
b39bbd6d8ee84743834741aae0a39159f62db829678e5bb0d915b09edc27b41e

SHA512
c194b789346f2dc9f10d4bba787a0edb585de0a5fa4ee3c507b7df9bf2086027cff82c810c0100a09253776b0986bcf7d9eac1c488a2322fef726282f157c3ad

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\PETools.dll

Filesize
19KB

MD5
db7101a0e92cd476b587afb9c55586d0

SHA1
2439c91a6f6ce5a684e56d825155e5101c35070b

SHA256
b39bbd6d8ee84743834741aae0a39159f62db829678e5bb0d915b09edc27b41e

SHA512
c194b789346f2dc9f10d4bba787a0edb585de0a5fa4ee3c507b7df9bf2086027cff82c810c0100a09253776b0986bcf7d9eac1c488a2322fef726282f157c3ad

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\WARZONE RAT 2.70.exe

Filesize
7.9MB

MD5
394e750b67744f0905ac2af60c7e10fe

SHA1
85daf21b68b919cb87f0ad823d4016798cb367ed

SHA256
185b254282e09be9278ceb57b9072803d91ab57220b9c2718a584efb999fb806

SHA512
e1f0ab2f3945c4cdcc004ccac52300d54cb4aa52651b1564746ee302852132054b17bb3460338c5002a4e9cd9cf8357de455686d9d082552172a9e1876dcc55e

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\WARZONE RAT 2.70.exe

Filesize
7.9MB

MD5
394e750b67744f0905ac2af60c7e10fe

SHA1
85daf21b68b919cb87f0ad823d4016798cb367ed

SHA256
185b254282e09be9278ceb57b9072803d91ab57220b9c2718a584efb999fb806

SHA512
e1f0ab2f3945c4cdcc004ccac52300d54cb4aa52651b1564746ee302852132054b17bb3460338c5002a4e9cd9cf8357de455686d9d082552172a9e1876dcc55e

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\WARZONE RAT 2.70.exe

Filesize
7.9MB

MD5
394e750b67744f0905ac2af60c7e10fe

SHA1
85daf21b68b919cb87f0ad823d4016798cb367ed

SHA256
185b254282e09be9278ceb57b9072803d91ab57220b9c2718a584efb999fb806

SHA512
e1f0ab2f3945c4cdcc004ccac52300d54cb4aa52651b1564746ee302852132054b17bb3460338c5002a4e9cd9cf8357de455686d9d082552172a9e1876dcc55e

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\WARZONE RAT 2.70.exe

Filesize
7.9MB

MD5
394e750b67744f0905ac2af60c7e10fe

SHA1
85daf21b68b919cb87f0ad823d4016798cb367ed

SHA256
185b254282e09be9278ceb57b9072803d91ab57220b9c2718a584efb999fb806

SHA512
e1f0ab2f3945c4cdcc004ccac52300d54cb4aa52651b1564746ee302852132054b17bb3460338c5002a4e9cd9cf8357de455686d9d082552172a9e1876dcc55e

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\WARZONE RAT 2.70.exe.config

Filesize
1KB

MD5
d0dce5493822e1656681460b4f78f6aa

SHA1
1ed0baf36bfe1764f66e8233a1e633638d0e2b1f

SHA256
b0ff0741a189c9e18f151ccf4e17a7905a46d6688d6ec6327cae4794d1cc5b18

SHA512
1a13bb11e555f6014b08713b2871b8db4519373f62d7e4afa8736d8e73798317510b89ae7a94092c4c435ac9e676bb1642d5cd2a51c7bdeb47a80bdc171602e9

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Warzone Cracked.exe

Filesize
528KB

MD5
4b23828019724fccd69c343745a4dcbf

SHA1
6f0c8db1bd7dfebece18a2a490858863ea449fac

SHA256
4058c8d7062f833b628ac7a0a2d1ae334fdc7aea1416a3739e1d20418d008c1a

SHA512
d4e1a3ef65b648074202008fa95d6a70e44065141eadc5e52d791f4a035d8f1264bf3d54ad6f0635263c87f018bcfb4a5bcfd9146233061b28b195b24a7092e1

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Warzone Cracked.exe

Filesize
528KB

MD5
4b23828019724fccd69c343745a4dcbf

SHA1
6f0c8db1bd7dfebece18a2a490858863ea449fac

SHA256
4058c8d7062f833b628ac7a0a2d1ae334fdc7aea1416a3739e1d20418d008c1a

SHA512
d4e1a3ef65b648074202008fa95d6a70e44065141eadc5e52d791f4a035d8f1264bf3d54ad6f0635263c87f018bcfb4a5bcfd9146233061b28b195b24a7092e1

Download Submit
C:\Users\Admin\Downloads\Warzone_2.70_Cracked\Warzone 2.70 Cracked\Warzone Cracked.exe.config

Filesize
186B

MD5
159280c802bed8de261d40fcf7130bc4

SHA1
e860f82af12bfb40b85851c80935b27eff0ad45e

SHA256
65f6ff8549e1f144ab78432f69a51168a7f1b3021d23c20bf9d51393d4c92368

SHA512
a78301f8cd7ae3f44da1ef7f097afe773933676b6f30dc5da685f83830c9381abf4b229aa34fc12dfaf7772ddd0b9402c98d86671ecd392d74853f719f81d67e

Download Submit
memory/612-188-0x0000000005969000-0x000000000596F000-memory.dmp

Filesize
24KB

Download
memory/612-189-0x0000000005969000-0x000000000596F000-memory.dmp

Filesize
24KB

Download
memory/1316-139-0x0000000000E20000-0x0000000000EAA000-memory.dmp

Filesize
552KB

Download
memory/1316-140-0x0000000005EC0000-0x0000000006464000-memory.dmp

Filesize
5.6MB

Download
memory/1316-141-0x0000000005850000-0x00000000058E2000-memory.dmp

Filesize
584KB

Download
memory/1316-142-0x0000000005910000-0x000000000591A000-memory.dmp

Filesize
40KB

Download
memory/2900-223-0x0000000005AB9000-0x0000000005ABF000-memory.dmp

Filesize
24KB

Download
memory/4280-149-0x0000000000840000-0x000000000102A000-memory.dmp

Filesize
7.9MB

Download
memory/4280-172-0x0000000005359000-0x000000000535F000-memory.dmp

Filesize
24KB

Download
memory/4280-170-0x0000000008A20000-0x0000000008A86000-memory.dmp

Filesize
408KB

Download
memory/4280-157-0x0000000004F70000-0x0000000004FAA000-memory.dmp

Filesize
232KB

Download
memory/4280-165-0x0000000005310000-0x000000000531C000-memory.dmp

Filesize
48KB

Download
memory/4280-161-0x00000000053B0000-0x0000000005472000-memory.dmp

Filesize
776KB

Download
memory/4280-171-0x0000000005359000-0x000000000535F000-memory.dmp

Filesize
24KB

Download
memory/4492-226-0x0000000005459000-0x000000000545F000-memory.dmp

Filesize
24KB

Download
memory/4736-194-0x00000000058D9000-0x00000000058DF000-memory.dmp

Filesize
24KB

Download