hxxps://app[.]mediafire[.]com/nqf65u1vbguey

Analysis

max time kernel
242s
max time network
244s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
27/03/2024, 15:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://app.mediafire.com/nqf65u1vbguey

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
2080	FоrtniteHack.exe
1776	FоrtniteHack.exe
4972	FоrtniteHack.exe
3676	FоrtniteHack.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1637591879-962683004-3585269084-1000\{0035B750-AE0E-4233-BFB3-F49B076E663D}	msedge.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\FоrtniteHack.rar:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 469331.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\7-ZipPortable_23.01.paf.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
404	msedge.exe
404	msedge.exe
2008	msedge.exe
2008	msedge.exe
4968	identity_helper.exe
4968	identity_helper.exe
2252	msedge.exe
2252	msedge.exe
2928	msedge.exe
2928	msedge.exe
2932	msedge.exe
2932	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
3812	msedge.exe
3812	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: 33	1436	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1436	AUDIODG.EXE
Token: SeRestorePrivilege	4316	7zFM.exe
Token: 35	4316	7zFM.exe
Token: SeRestorePrivilege	2396	7zFM.exe
Token: 35	2396	7zFM.exe
Token: SeRestorePrivilege	452	7zG.exe
Token: 35	452	7zG.exe
Token: SeSecurityPrivilege	452	7zG.exe
Token: SeSecurityPrivilege	452	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 3432	2008	msedge.exe	78
PID 2008 wrote to memory of 3432	2008	msedge.exe	78
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 2104	2008	msedge.exe	79
PID 2008 wrote to memory of 404	2008	msedge.exe	80
PID 2008 wrote to memory of 404	2008	msedge.exe	80
PID 2008 wrote to memory of 1088	2008	msedge.exe	81
PID 2008 wrote to memory of 1088	2008	msedge.exe	81
PID 2008 wrote to memory of 1088	2008	msedge.exe	81
PID 2008 wrote to memory of 1088	2008	msedge.exe	81
PID 2008 wrote to memory of 1088	2008	msedge.exe	81
PID 2008 wrote to memory of 1088	2008	msedge.exe	81
PID 2008 wrote to memory of 1088	2008	msedge.exe	81
PID 2008 wrote to memory of 1088	2008	msedge.exe	81
PID 2008 wrote to memory of 1088	2008	msedge.exe	81
PID 2008 wrote to memory of 1088	2008	msedge.exe	81
PID 2008 wrote to memory of 1088	2008	msedge.exe	81
PID 2008 wrote to memory of 1088	2008	msedge.exe	81
PID 2008 wrote to memory of 1088	2008	msedge.exe	81
PID 2008 wrote to memory of 1088	2008	msedge.exe	81
PID 2008 wrote to memory of 1088	2008	msedge.exe	81
PID 2008 wrote to memory of 1088	2008	msedge.exe	81
PID 2008 wrote to memory of 1088	2008	msedge.exe	81
PID 2008 wrote to memory of 1088	2008	msedge.exe	81
PID 2008 wrote to memory of 1088	2008	msedge.exe	81
PID 2008 wrote to memory of 1088	2008	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.mediafire.com/nqf65u1vbguey
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdc1413cb8,0x7ffdc1413cc8,0x7ffdc1413cd8
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2572 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1712 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6616 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1172 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1800 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1772 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=216 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5200 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,18296831539857686316,1387211669727618140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6312 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3812
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\FоrtniteHack.rar"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4316
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\FоrtniteHack.rar"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1348

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004D0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1436

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1680

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\FоrtniteHack\" -spe -an -ai#7zMap22205:86:7zEvent20322
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:452

C:\Users\Admin\Downloads\FоrtniteHack\FоrtniteHack.exe
"C:\Users\Admin\Downloads\FоrtniteHack\FоrtniteHack.exe"
1⤵
- Executes dropped EXE
PID:2080

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\FоrtniteHack\options.txt
1⤵
PID:3812

C:\Users\Admin\Downloads\FоrtniteHack\FоrtniteHack.exe
"C:\Users\Admin\Downloads\FоrtniteHack\FоrtniteHack.exe"
1⤵
- Executes dropped EXE
PID:1776

C:\Users\Admin\Downloads\FоrtniteHack\FоrtniteHack.exe
"C:\Users\Admin\Downloads\FоrtniteHack\FоrtniteHack.exe"
1⤵
- Executes dropped EXE
PID:4972

C:\Users\Admin\Downloads\FоrtniteHack\FоrtniteHack.exe
"C:\Users\Admin\Downloads\FоrtniteHack\FоrtniteHack.exe"
1⤵
- Executes dropped EXE
PID:3676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d459a8c16562fb3f4b1d7cadaca620aa

SHA1
7810bf83e8c362e0c69298e8c16964ed48a90d3a

SHA256
fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a

SHA512
35cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
656bb397c72d15efa159441f116440a6

SHA1
5b57747d6fdd99160af6d3e580114dbbd351921f

SHA256
770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab

SHA512
5923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
34KB

MD5
99bdba41e98b7a6772fa02fe89777024

SHA1
79699157e09687ad8260bf061ece64d7369190f5

SHA256
753d4dd421f83c37ad80d34cc33027dd5231bf37978ff36585abcf37da2b823c

SHA512
da5e4e588421c71742a1decf4237332703f8976c7b85d82ac14a0be65f25acb754d125ce73162d49c28fb3f7845069c535380099b51151f70a873b9f062bbb08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
1.1MB

MD5
93feab00f76536d681c1b77eca2c7caf

SHA1
c48cbe893b3178a56357c132cae2fa63918d790f

SHA256
5da61564d6ae3fa4506522460d177f8b642b20bae63f81cee14b9ca71fd49226

SHA512
6276f945f1008c70bdc559a8d6a14c609a033af2fae6bd80c129da546e7df6cfb3fcdcc452508df8ee5be7a0a87a6f9930664b8b9726c4e52877802a9ceca5ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
36KB

MD5
2dee8ddb7b2c611ce96bc15de4c9db3f

SHA1
dfde296347868917a0ed236720aad06dec3ec51c

SHA256
8025c78b8b70bd719edffc23ed3fbf45e47196c3d882df626d640cb37d861e7b

SHA512
1f956e9852380c2b31bb784308f8865c14374cd8de322fca2fa9b32bee05e1b73ab681f43eafd3898b65b0ccad0db321e4f25a1c997233905f242eded7cb045f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
57KB

MD5
582342b7f32ed6e5bd3103cebf2d251d

SHA1
1269f027e9caaf94975881e47f704d7d19b735fd

SHA256
a362d138e1dab9c7381b1db35d0787e37c314973f3cfbc73f4f6955fbca79b2e

SHA512
936702cc06be2f06bd61e006d56b181effd591c25475a12fd5797471f61a921a868f9acd0f82ed494542276c9c4088abd9889de51fb19f52a5abde735e5930b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
2.9MB

MD5
1e94c8e63836281072193bb0aa087a8f

SHA1
45f064c0f4091196409c703efc8c759fef7772b0

SHA256
b93f034b47efdc05b869a6da928e5515511c0d05ca46bea7af18fe3d4acb0a2e

SHA512
4a9d094f9e4ff5dde349d84dea2d2740f08d7d21f99b8cff1f948964c0161a8540169ae230ee1d5d4345db8b3ce9cc4524acf8bc058577df84790cbf12a10810

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
46646e62b63a40aa68af939bc3325615

SHA1
956b2b560fa89a92137b40a9e98e8ccfce665d69

SHA256
21f459e87be2e0cb5dead21d39f895e60abad98192bf1d2d54f850ae6a2570db

SHA512
61e7d9122406990187db86dfcebb29b856b8818c0e20376bc8eeefc9b048e4e589316e7ce4a91dc7b5592967400d72489aa684ebde78c4d9fe5b80d61eb7cfb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9fcb7d9a02e91e680fa7b2d92fdebfac

SHA1
debca389cec3ac25075728a7abb0c77ba718baaf

SHA256
f5dd84bb5779b8cc5f7400822d40f8ea4b1ea74b9ab9eb88076b0abcf293c87f

SHA512
9d678d6fd994ebb8efb65bd203dc3de631aa2c95e66106b77dbd8464410e1625d5662eb21e908c525f9432f681368c10a36add3723421357790ff10a8e421064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
91e817bc55b2198e5b4c8b8fde1791bc

SHA1
659deba712b9d657824173dffe6b70cc1ebce114

SHA256
8962196906ea7547efe12325eead0da6b96e2e7da1ff961555954c65b51dec02

SHA512
84953307ffc9b1e94fa035ce8f5749ffe1995885289c229e4e0be795affcd1aa54c9b8f36d57070ee3e23425a6d4e956b870104a931c80bbdca26b512724589e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
0fe6c5afd1464ea038faf195ba88b5fd

SHA1
21cacbf33bda02c88e74108b1592d31693601988

SHA256
370a5fa4152c5cbddad20ce86b95de90914490d77cf9388054b029ad7972ff2a

SHA512
c26a93ef8131f1812ee70e6d2bec7995e268f1039a433fbba94b6c3f84c1d074d5f96af705b1a2b3fbcec1022c8feb75bf96f726724728cd701c19da6b519158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
da026ce7fd89abc8a16a1f66d2db1c5b

SHA1
554905bae407bba5faca85473b391de8d17da76b

SHA256
8130c9e0f46b2be8a83fa9bce5da8726a65773f1b70d4664143fb0b68da2509d

SHA512
74a81125a9e4fad46e65bcddb0a3d686f6bd993157c89ca8a2ef66371bc7504cd002aff9e6968106bd40f34297b6958628463a59a6029b0e6ed56151a822f757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
87135c5be0d2de1f20ba57148fa7abe5

SHA1
5c6d7519cbad6ae1f858bf5e04d30d8962ee33e6

SHA256
ae07a6348f9668553c072ee13fe3275fd6f632f0857497b59b871e62a40c4635

SHA512
0e2480b2bd66ba7d4dc711b67040a871c20d0f17bb588269ec7dbe72550c03a1568bc7f6613f2bed1305379ec42c5d80ba162f231588aec0f8907bb7c2ea0446

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4f7fa078e3367b663fddad44f58c45d6

SHA1
9883cd4d0ba2f76ffacfa53b07230a4aa02b082d

SHA256
d990f9619432ba8507f09b61f5b116f20545a49fd7a3ffa1eaf28de21d3400ff

SHA512
c18f87ee8429773bd476f1d49e3909cda22f050fe51aa278fb6cfb5ac68137d6b8c3601a4bbbf3fbe4963a69bf8751895956c45cbb4eda7d7d2a74bb5762e72e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
39584d58132087dbd7717e71af17336c

SHA1
ba78460cae6a384a742a2aaac5637a3d845dc2f6

SHA256
ff67925762ee95b8d1ea4ecec9ab33517d3c84ae70d1ef3624517579ea0ce87a

SHA512
f34d566784f44ffc18540a8d7678923e82cb39002471ae38026796815ea2a69c93ecd70ecf2be186c1df541ab6a019ea3efab8bdfe23fe20c4f9b12f456d5d66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a4d523df5007fd6b31dc424ad101669d

SHA1
c79f222e3acf3b9550d21b723d5b52f22b675cbd

SHA256
d64bb6ad70745e4c2af07f355d8067557c24660dcd063cc662bbcc5444e90ca8

SHA512
b6111051eeb6b6c705df56e1e68d3ecb908b70d4b16a23b8b4a3feae85281cd331c6c5eb036d6f6fccbfb08218a337b8c795327b12911dfe2afb7e6c7ff20d30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d306976d19af898ee6f0b8c811551bed

SHA1
a72c4ea53162eac4a3a0a903aff59601fb9fbcd9

SHA256
8514ff0f9d97bced19958a38b030a3d21ab326ff4ff4c78b99f301a2095e77b5

SHA512
b9f1679ecb6f9291bf3a47867515461e57b0620701f9e551de0311add77fc0312ebb2045cff0e5fcbf7b2cbd4eb988b8d7abb06b5afb1d82a16f94f553d1ce3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a654712b53af14c4fee735d0c1049bd3

SHA1
0ff799f219f13710e4d32d06834688d4df807a46

SHA256
6665ce39c9c787e807f69b46dee351efa4027ca19249c846c0184fff2182ea5f

SHA512
b597703aa11a7d99d0f36dbea228de99f4429ff2e968fe98008e069880a66c707e6005cf47c09cc5ab767bda32fca6dd7567c7851f5fd36b7e65d6d7e4d5582f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
cf0eb2f297c0ee7b818aa1b9a7f7c71b

SHA1
da489f2acc4969d8ba9a94ffdcc857f7d651e7b2

SHA256
612b767f33d449a6ab457eb06f553234f98c3e4056a35c849a5b74184ccaac3f

SHA512
2cf44087c2a8fc639a4b8bba30907bc35b3738cc15f9b4855f5006ac3bb94c662bd1c3314fc7ca747642c359c555d1c9684e50b9417a6156a4710dcb294209d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5ca6166b9cf8c3aa853d293337215969

SHA1
ed5adbe96179425982b94cc98a2fd006c9296831

SHA256
433675732093d51e4f83232eddbe87c6f7d9a071c6e2324cbe994de8346658f4

SHA512
0d4517ac61967cb5500ce54847f95b69386b86f0d8a364c3f65984f1228b0e9c43f27baa0de66dcecf23cbe9cc2b106a956675da4c4ca68e1dfd4641b5a6617c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0eabe5079bb77952dadde6c563b7126e

SHA1
f27835fdf7c80bd3f0140efdb97280dc99af69e2

SHA256
81d8d42f97b0ebb1222eebd871665cd940dd6617610f4a0e5fa188f34ae88c6e

SHA512
688ea8952b6dfd557da2554b9f7265de6cb1429c1fd625d29d92c1e399a90dda49db47a467548a516f618af46af9a4071aa30decc582390c3aab91bb8ed6c61c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
220da3a60b4ff540e83aba63a8ddb2e3

SHA1
053d40c35ff2dd9433b505de0a271c314792c762

SHA256
f9cd3ccf416a13647f855b75ed33e7b9b4bf8fbb1d89cc0e1ab539254868c509

SHA512
d0a0b34aa7fcb3289cf2263c7bc977e3dc561ee1fc9a291c3f7fdf26c0c3b133d8926df8a1ff992d00118b77c17a319754b85f41eb1bdbdc295652f957aaf73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c6da.TMP

Filesize
706B

MD5
f749baa9e0aba780ad9a54bcc2df3856

SHA1
6cf00e99f2d0f9700424b62164efe4711674821c

SHA256
f4e2738a3384097ad5bf75d9fbe1b0e26e34b18c8feffe8d76221b7d2e150242

SHA512
984350d497ba4643f53ed1c4ba851b49473b501f6e0667d2613a362ee9556299872c20c04926a2eef9e30d1c1be49163a165c4ed32bb734a2f2c8b82b9073699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
31d8a1e47483f128d5dd59e1fe21303e

SHA1
7c6f6a8ae238deb1261e31327c1ac8af1456b093

SHA256
d7aa7137888a0f840633c5334bf21fce5ea6b275825f1e479f4971ba62fae958

SHA512
87160fd48fd57a25bcfb725d56dccc733f2823f56d90758d5ba60026545f6585bc717e79c101b9d09a5fb8c07b2873703cea479d161901485f28d26d0a492a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bcc59689d0d8033d811c107711162160

SHA1
1bf8ebe97dfdabe0e21457bf8ce2abc5302c6c03

SHA256
7bddfac5eee00201f4455e5d54ecb89eef2006db6b9b1de5b51291ca456adeba

SHA512
0e225666c6c4fd092e100b4713f14ac6a36b78bba65bbf0513f5e0c37cc8bbc18b39659e8d31dad3c049e1e87540b9dffde012680f6261843776b30f347aa552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f6b8af8e40e7d231fb474cd53335f925

SHA1
fd05f859044a32f1646e6967379a9af47904bcde

SHA256
52fd796dd426fae441797eb2cd921200314957839bc8bd4e1c5de52eaefe2a4e

SHA512
de3c1bcff4b10b8b7f9316b8f95230bab600b835e9392dbb6e07a243bbb60b74568d82a5e1b51447b91d28db4e6ba87938739cb646946cbbe4f1e1461c41a742

Download Submit
C:\Users\Admin\Downloads\7-ZipPortable_23.01.paf.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\FоrtniteHack.rar

Filesize
492KB

MD5
583e6771aa8684968def511059011172

SHA1
64452e30545854cd6a679ce6fdf7aec8bab28cd1

SHA256
8fba185f76c8c3f2337ca4c47fa2b09f6c988e6216d72174352325f165b30802

SHA512
1704e9d2bdfad967a6b350427c13108bd01fccaafd17423e38a012535c1044306dc36041b3ef1647b89664c21bdae2f5bdfd12af0a3eab37953d860838cc2779

Download Submit
C:\Users\Admin\Downloads\FоrtniteHack.rar:Zone.Identifier

Filesize
320B

MD5
5163d2ce6f9d065493418f6401bec23a

SHA1
c1820100e6e7fc6872686cac7d2a32b16ffbad76

SHA256
24d56c339fa4e2cf59e8528bcc61e600d11af96cbbf4faa09a2fbb8e57b47a55

SHA512
e2e180e9bfce47db8c88edf82d7c12ac4e4707934ae4fd87842fa203cbb800ebbd957b8e816b7fd6fe0c9f1039298726df3f38017665592ecc4b644d19de7538

Download Submit
C:\Users\Admin\Downloads\FоrtniteHack\FоrtniteHack.exe

Filesize
491KB

MD5
2790d1557b35573bf07ff47cb0bd163a

SHA1
5e74739fb474e8c62ea861fa70b71ca863fdbc76

SHA256
0407b563bc2ce0622252b9d6aebd5247ccd00e08d277c8cf68f521150f3189f6

SHA512
7ef4ca39be0a2788a3e79cff35af0c47e40f4e89f7595a9d292b0514092f2e0d1b5cf909dcf658eab50877e504e6ba89a1314f022fa001dd24cc29a9ab41119e

Download Submit
C:\Users\Admin\Downloads\FоrtniteHack\options.txt

Filesize
4KB

MD5
65fb590f1386c03a055d6dec92694a11

SHA1
1150a89ec66cba8f5f1c4298dbba3ead338e9824

SHA256
844b5770d897dce925425aa264669840a2c726c11a7dedffa5f079f67dfea52c

SHA512
be46912c945282bdd38d464b9e3dbd866857f87530a87b26ccdc1a0424d2187424c9af0ec9c5f7488cddef905fcb0a5c5df46af49a98351aa2862c6cca8089be

Download Submit
memory/1776-941-0x0000000000740000-0x000000000078B000-memory.dmp

Filesize
300KB

Download
memory/1776-929-0x0000000000740000-0x000000000078B000-memory.dmp

Filesize
300KB

Download
memory/2080-904-0x0000000001480000-0x0000000001481000-memory.dmp

Filesize
4KB

Download
memory/2080-907-0x0000000001480000-0x0000000001481000-memory.dmp

Filesize
4KB

Download
memory/2080-918-0x0000000001580000-0x00000000015CB000-memory.dmp

Filesize
300KB

Download
memory/2080-906-0x0000000001480000-0x0000000001481000-memory.dmp

Filesize
4KB

Download
memory/2080-905-0x0000000001480000-0x0000000001481000-memory.dmp

Filesize
4KB

Download
memory/2080-899-0x0000000001580000-0x00000000015CB000-memory.dmp

Filesize
300KB

Download
memory/3676-943-0x0000000000A40000-0x0000000000A8B000-memory.dmp

Filesize
300KB

Download
memory/3676-948-0x0000000000C10000-0x0000000000C20000-memory.dmp

Filesize
64KB

Download
memory/3676-949-0x0000000000C10000-0x0000000000C20000-memory.dmp

Filesize
64KB

Download
memory/3676-951-0x0000000000A40000-0x0000000000A8B000-memory.dmp

Filesize
300KB

Download
memory/4972-935-0x0000000000770000-0x00000000007BB000-memory.dmp

Filesize
300KB

Download
memory/4972-940-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/4972-950-0x0000000000770000-0x00000000007BB000-memory.dmp

Filesize
300KB

Download