Malware Analysis Report

2024-11-15 06:25

Sample ID 240706-cw82vatakj
Target FortniteHack.rar
SHA256 40e72b30c0ae514e773b17acfa9d770dd43425e4f5cc181eb1e9041fb2f9efb6
Tags
lumma discovery spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

40e72b30c0ae514e773b17acfa9d770dd43425e4f5cc181eb1e9041fb2f9efb6

Threat Level: Known bad

The file FortniteHack.rar was found to be: Known bad.

Malicious Activity Summary

lumma discovery spyware stealer

Lumma Stealer

Downloads MZ/PE file

Reads user/profile data of web browsers

Loads dropped DLL

Executes dropped EXE

Enumerates connected drives

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of SetThreadContext

Drops file in Program Files directory

Program crash

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious behavior: LoadsDriver

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-06 02:26

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-06 02:26

Reported

2024-07-06 02:33

Platform

win10v2004-20240704-en

Max time kernel

364s

Max time network

359s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\FortniteHack.rar

Signatures

Lumma Stealer

stealer lumma

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\Documents\Everything.exe N/A
N/A N/A C:\Program Files (x86)\7-Zip\7zFM.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Users\Admin\Documents\Everything.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\Documents\Everything.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Documents\Everything.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\Documents\Everything.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Documents\Everything.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Documents\Everything.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\Documents\Everything.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\Documents\Everything.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\Documents\Everything.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Documents\Everything.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Documents\Everything.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Documents\Everything.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Documents\Everything.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Documents\Everything.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Documents\Everything.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Documents\Everything.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Documents\Everything.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Documents\Everything.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Documents\Everything.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\Documents\Everything.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Documents\Everything.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Documents\Everything.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Documents\Everything.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\7-Zip\Lang\fy.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\nb.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\lt.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\da.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\id.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\lv.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\sa.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\el.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\io.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ku.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\nl.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\tr.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\sk.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\de.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\et.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\kaa.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\fi.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\mn.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\uz.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\readme.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\bn.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\sk.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\tt.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\es.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\hu.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\si.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\7zFM.exe C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\fy.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\si.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\az.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\ku.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\lv.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\pa-in.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\sv.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\7z.dll C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\mng2.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\ms.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\bg.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\bn.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\el.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\ka.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ka.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\kab.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\pt-br.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\uk.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\7-zip.chm C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\sa.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\uz.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\vi.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\zh-cn.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\zh-tw.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\an.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ko.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\br.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ga.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\readme.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\ar.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\mr.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\sr-spc.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\tr.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\7zCon.sfx C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\co.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ug.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\7-zip.chm C:\Users\Admin\Downloads\7z2407.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2407.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings C:\Users\Admin\Documents\Everything.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2407.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files (x86)\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files (x86)\7-Zip\7zFM.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2407.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2407.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2407.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2407.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files (x86)\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2407.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2407.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2407.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2407.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\7z2407.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\Everything-1.4.1.1024.x86.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files (x86)\7-Zip\7zFM.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2407.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2407.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2407.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2407.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2407.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files (x86)\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files (x86)\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\7-Zip\7zFM.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\7z2407.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Documents\Everything.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5108 wrote to memory of 4456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 4456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 4456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 4456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 4456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 4456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 4456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 4456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 4456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 4456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 4456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1516 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4456 wrote to memory of 1504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\FortniteHack.rar

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.0.656030495\183668225" -parentBuildID 20230214051806 -prefsHandle 1808 -prefMapHandle 1800 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e70fab5f-5a04-430e-a028-435c04c30a1c} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 1760 2059f910e58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.1.1837589115\1235153529" -parentBuildID 20230214051806 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f97e5cab-e254-4d29-984e-a105a6619ddb} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 2452 20592b89358 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.2.480479868\6959015" -childID 1 -isForBrowser -prefsHandle 2956 -prefMapHandle 2952 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cff07d55-7471-4286-b893-85fa17af6fac} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 2968 205a2606c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.3.1148803259\1875761382" -childID 2 -isForBrowser -prefsHandle 3976 -prefMapHandle 3972 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fad4f88-0e39-4590-aa11-f23bbe8da131} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 3952 20592b3f158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.4.1354451155\386351120" -childID 3 -isForBrowser -prefsHandle 5028 -prefMapHandle 4328 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d69be86-ed6e-4844-bf0c-22ccc7ff79d0} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 5040 205a6d7ce58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.5.436476907\201304772" -childID 4 -isForBrowser -prefsHandle 5164 -prefMapHandle 5168 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {901b615f-14e9-44cd-8b0f-35db15d69918} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 5152 205a6d7da58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.6.49923801\1422009400" -childID 5 -isForBrowser -prefsHandle 5356 -prefMapHandle 5360 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bebc3d0-2b06-4a2e-816f-db7dfa6fa0c8} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 5344 205a6d7d458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.7.1250063579\70010907" -childID 6 -isForBrowser -prefsHandle 5756 -prefMapHandle 5752 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56a47fd8-2b21-4b4c-90b8-038cacd6bacd} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 4960 205a6332158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.8.834234853\1683334092" -childID 7 -isForBrowser -prefsHandle 5064 -prefMapHandle 5052 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56229e66-27dc-4a4a-abfa-b98ff1fcec7f} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 5136 205a488b958 tab

C:\Users\Admin\Downloads\7z2407.exe

"C:\Users\Admin\Downloads\7z2407.exe"

C:\Program Files (x86)\7-Zip\7zFM.exe

"C:\Program Files (x86)\7-Zip\7zFM.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.9.1478745053\1372039991" -childID 8 -isForBrowser -prefsHandle 1640 -prefMapHandle 3580 -prefsLen 28282 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6900748-9fbd-4454-b2d6-c57b6dc812f8} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 3616 205a60f7858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.10.150242129\936506403" -childID 9 -isForBrowser -prefsHandle 5040 -prefMapHandle 5336 -prefsLen 28282 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af4acb35-9265-4017-a590-42e97b4dadce} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 6076 205a4581758 tab

C:\Users\Admin\Documents\Everything.exe

"C:\Users\Admin\Documents\Everything.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\7-Zip\7zFM.exe

"C:\Program Files (x86)\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\FortniteHack.rar"

C:\Users\Admin\Documents\FortniteHack\FortniteHack.exe

"C:\Users\Admin\Documents\FortniteHack\FortniteHack.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1096 -ip 1096

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 324

C:\Users\Admin\Documents\FortniteHack\FortniteHack.exe

"C:\Users\Admin\Documents\FortniteHack\FortniteHack.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5236 -ip 5236

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 248

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:60739 tcp
US 44.238.192.228:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 228.192.238.44.in-addr.arpa udp
N/A 127.0.0.1:60745 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.7-zip.org udp
DE 49.12.202.237:443 www.7-zip.org tcp
US 8.8.8.8:53 www.7-zip.org udp
US 8.8.8.8:53 www.7-zip.org udp
DE 49.12.202.237:443 www.7-zip.org tcp
US 8.8.8.8:53 237.202.12.49.in-addr.arpa udp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 www.voidtools.com udp
US 162.211.80.236:443 www.voidtools.com tcp
US 8.8.8.8:53 voidtools.com udp
US 8.8.8.8:53 voidtools.com udp
US 162.211.80.236:443 voidtools.com tcp
US 162.211.80.236:443 voidtools.com udp
US 8.8.8.8:53 236.80.211.162.in-addr.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 bitchsafettyudjwu.shop udp
US 172.67.168.236:443 bitchsafettyudjwu.shop tcp
US 8.8.8.8:53 236.168.67.172.in-addr.arpa udp
US 172.67.168.236:443 bitchsafettyudjwu.shop tcp
US 172.67.168.236:443 bitchsafettyudjwu.shop tcp
US 172.67.168.236:443 bitchsafettyudjwu.shop tcp
US 172.67.168.236:443 bitchsafettyudjwu.shop tcp
US 172.67.168.236:443 bitchsafettyudjwu.shop tcp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 172.67.168.236:443 bitchsafettyudjwu.shop tcp
US 172.67.168.236:443 bitchsafettyudjwu.shop tcp
US 172.67.168.236:443 bitchsafettyudjwu.shop tcp
US 172.67.168.236:443 bitchsafettyudjwu.shop tcp
US 172.67.168.236:443 bitchsafettyudjwu.shop tcp
US 172.67.168.236:443 bitchsafettyudjwu.shop tcp

Files

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\activity-stream.discovery_stream.json.tmp

MD5 e0f7f894c569a5fb2e7156c130da2a75
SHA1 3e7e19b2ebbe5637dae19c1b53fbd62b27db0a81
SHA256 86e627c261b47a5495241e37e1449fe8e8c7ac86ff45e8afa6303cef4f683293
SHA512 c81a02cc3c1c977da29db70ec8108aef28ae6dad1167ad14842a99cb35bfa73319c7ed321a24106c0a05d6b17fa41e4aecf4b291e73d8a588e8c54bd4cd06663

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\activity-stream.discovery_stream.json.tmp

MD5 f1033207bebb325b9ee316f6a0cad0f3
SHA1 02a5e8aa5c3e6d42bec1d2b38c5abccc134b22d4
SHA256 c5231fca54ff9828f04030d579ab37d5e31f6061e4f081ea3746d49bd0a66da4
SHA512 1829057812a99672f399a179511233fbfa735f72d1c3f8007b1d742e3e636623cea86918ad40712b39fa5838523a2f5bf0f1252d034c1dd27cfa39d9d2b633d1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js

MD5 679f9bede63005740867f0185911cab6
SHA1 403efd7d735fdc117e624221e30d2367f934a84d
SHA256 c2479ff5903585b6b7da64ba0652fb64b854a3af104d79b435777a88705d0e60
SHA512 1032686212beb1f518c100939c468cd663b5b17690c36dfff722083b10a9d3205909f54776d9e9ffbb9d8e4cf3036245c86ed7ea9f1150eb50a6d8f6cdbf4416

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b2f5776fb3bd5959f2cecad4a41d340e
SHA1 dbf9e7cbeb18900a2bc3aa18f6e3d7e77117256c
SHA256 50ee3ba6b6db54c346d58fe62b4b678a6ca15a73bd69a0607b1eaccd62506f2e
SHA512 f8fb300a3e1a46b2fb3053aacb27a8a313be476b5e3c79f03907047fce0202a3fbc434f9a568b5b5e53e353a32a1f207fda46a548e3b9456372e16007026cafa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\cache2\entries\2547F4F8D6358638CDE0B31A1322D63360CA032C

MD5 75173feb6855550f62eacb89d81eda90
SHA1 0c1ebafed471babc65bed1530b1095f98b711abd
SHA256 527011d2e27f3507c8d91b2eee041a3defd70f84e9aae0d3e3e8d037bb5ecc18
SHA512 648aba572af39a84b7b8832a41d98ac28c666761ad790b21a3f7a30e69b3ebebebb8bec284ad8542152f57772fafee7da42603ec9a6aaeda9681f9ff88a0811c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 cf925e5d5348b62eb3d18b1f231d88d8
SHA1 11c370eafa473b57f6d7d5df2607745c6fd1c11b
SHA256 edb4557db81c6099f3c80987c137595bb0a01a23aaa94131aff6232d61652045
SHA512 e407a96ec909729c7732309d3ae1a7702f27e6e40bbf1bc2d360873b2417a5e4fb6efd9e5d5728c3ff31d4e9af9ebf059e3f0a72afeebc55c5f7bb2a78e59489

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js

MD5 8cbd05c160134356517349f9ce3f3f10
SHA1 df7b57ec032633eb82c7d9c2d467faddc2dccce8
SHA256 a8999edacd1c071e5c32bf8ef0cc2372da7f7851c6469761b7bc10bb5ffa4a2a
SHA512 3968ff320d5e7183f60386589320c5a2c3f84541918df33c3b1565960ab41d16a0a82f16ade5937f510e24f17d1b4c19194031e75a318b317112e3c5ebb40ad5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 188343cd0d3ad6edcb88addaff388b39
SHA1 25a58abba7011d81f6363b01a288c94252d2d5be
SHA256 c6560a487379ea1dc1b4c364cdb88b27ef2b203a20cd1903f5b5bd5f3d07d21d
SHA512 5fce02ca0df3d2728dcf56beaebac8cada28127dfea1d3a19f5b1447466f6c8943c87d8ac0a1e4900e2e3d95759a7747e46b668eed8c0f93b92092694f877a0b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\cache2\entries\2803F2FBAAE4ABCB08334CAF353BF333FBB61A02

MD5 89ad266ee1015431f605bf095e29f1fd
SHA1 e85815bb5f9d4c5a5bd623874f15f3a4cdbd50dd
SHA256 5e0c159e419193e444da96fee3157c389a15540cf5641219209d9fce5c901592
SHA512 a0fc5a2ea1233a2038aa753d0e7bf80beebba4ea021983b4bbcd0e0ff453dbed5bb76c8ac36511b7602dd0e45af2adb6650c4abd0a357ca079880a9e2b6a961d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 fc470bc672cdecb84bd76795da891c1c
SHA1 baa5303ee2f497158d0da1accc3cef5734ccc9fa
SHA256 55e4d7bfa5744f16a975ee9e7fcc5307625a5134181d4fb1e69b639b0574f5a9
SHA512 e366313a1b16e4bb92ed20d50bb1083d6df4e165769654ec6dc49c3c4af3d88438b2860294635ec0073b1d2efed803ff1d79152b4727b29cd8245f22b4c88291

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\cache2\doomed\1026

MD5 c2348bb6250fef9cb312e5bf7bafc17f
SHA1 820aba5b69c92cd88f58e082fa049a849ef6a704
SHA256 03d9386c165d84e44960349c5f17dfe198d3d7ad03b605db9d4978acc7964c55
SHA512 64daf355148f50db1c030994376629a05ab695d8f0be5d9a9522a6cce871d224e00eed3538c86605562ff7535748ce4752a7a79f35c2e6b93d55a6a79225816e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2c2814d127da92b5a0b42f8723d18a6f
SHA1 e57737798ba63751cee7b6a1975e4ad25c6b1c2f
SHA256 30e2e5a40a9d5d59d593a46dd870918abc05f01344d196db62d0ef9ecb092bd8
SHA512 83c21cbfb00c7af712eeb98944759d84f03f53e6e9fd54fff68bd4d6e959be1fee74fee1a57c7272a7520bb416518bd13f7b57a749b07d4ff1ba485cc25e189c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 25bcce0ca9faea4f70f7cacc6cb23cc9
SHA1 35067c808e2e6bb14e9928c4f1061203617f9e28
SHA256 346aea292cff44ced7b28658b2a260f3b3e066222be7bf0919d39f17215aadf4
SHA512 0ddcb328443a8a179288a26a24026d7c3550a9edfd604a65c0a93aab14359c754e27f5f5add7053e791e2d3a933cb71f441828ed0792864f3575a6807d380a50

C:\Users\Admin\Downloads\7z2407.1Jt8NmK9.exe.part

MD5 3f6d2cef65fe49a38190781a0cb46707
SHA1 6132b1cbb8b81a587d3eda3c9ac3a1c434fb13b0
SHA256 151261d221ba0f6120c7f16700ab0724b92ff3230f05a89ef15dbcd8198678bb
SHA512 731b8fe2c578444ce859bf2061c342b13716e49647d99517358b69740e2f6e49d751474c241f25381b0e194defc2af9fe0f434aedd3bd96aa39cbd19dd457a58

C:\Program Files (x86)\7-Zip\7zFM.exe

MD5 1e9ee7e5ef7b011c2ae93c24b1480072
SHA1 6cefd04d615dc2a6cc218e7a762dcd7bdb510bee
SHA256 1c263c236a27eeb6294d85782d4da44f5221a3c826debb5e2a3a970ad746c480
SHA512 b735f4ec1d1e2891048fac24b057bc80ae27cf5ce9f659eff13a58fa25e7040d63ecf9e95dadf1374859236ca3e20f4cf786c0d43b2d584285c0bbf47e6ad268

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 bdc91314faa946ece70d5baabba0d8db
SHA1 3c891da950b09a1e4ad589eeed69d61688aafc47
SHA256 d4c98cc6e3b9b006595288a6af9926175e1555212aafa73ed63bf2e48e8681d8
SHA512 4d6ff0e88a013c0b9097b81ded08bc3dc5a4a69d4bb8c6877d3eb0050bd1ce1bc9da02cebdf43d36f625338c8c19709e9d001d2c4aa8c071ea86a32dbcc30038

C:\Program Files (x86)\7-Zip\7z.dll

MD5 d69c8007d55870b0b422245d55c101b1
SHA1 2aace174dfdd00a07d99aa30dd8ed94be5447d92
SHA256 c03d96dc860739527addb073973e5ba5af6df9b0fca8925efc3bca348c17abdc
SHA512 4db937cefa866899af267fcce25ad6ce573e014dc5ec1c990c012146af370ef8583894d1a08350ba2609c6079ec9ba941a1d7a736f011db6d627d480f76172df

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 27950233a371d5a3ecba15a86c2ac85c
SHA1 df67796d2a2b9045f6e2eedb76f70d891b5a00f6
SHA256 3b6f788f2a10ec5107241b3e8d5564634e84452473f72c0f0c245d217f180fad
SHA512 0a21dc2279ca45685a3ed39be8a14394ef4a79cba0f6c4b1e86ee5ccf2c098acfd58e631604370355bdbbe5f6ac8bb7eb9bdf0383614ba9bf012373a09109d23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 55cdc2a5aabe8eea7a6cae417e10483c
SHA1 ea9fccc4bb6316f8187a22b0f54766d184e974a5
SHA256 0b0ab58dcc156bb18f6260b65c8d7b2b6a1c80698a0bb26cd51633dc043b5406
SHA512 cb67f72f01889b2e466b71932c53cac2e6eb7b4472ad976fb5c0e61af55a713547d22207d5b81fa1155db70d764de6ea84f66ad89dfa20677b496c3937ea3e8f

C:\Users\Admin\Downloads\Everything-1.xT4Cijdx.4.1.1024.x86.zip.part

MD5 e737068c9aff545687ebcd2117c0bbc3
SHA1 4c86fdf39f62d4a41fa23bc4dcfd6b6ac94b4c9e
SHA256 88cfa8fdeda47c02406ee0e17bae84f875efbe8b89aa24754064f3d9c283fe89
SHA512 66e7a8e250a2d318a8fa1fe6432bfcca5e006a9f9d3ccc9b7d03f58e9677fde98fee9ae1544a7daefd73640ba9d31d6bbac3412b24a0c931c0d2dba3f9ebe743

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 17c884c5ce698d153ccb23058346647d
SHA1 80d8f7e3d91b90cffeefffb3cfcf4f5c38b46e43
SHA256 2be5a454944da881e9ad2a6969e32f3f066d26486fcc8393005ae330332c5426
SHA512 78ac741cde2446ad9b50842464f0809528e9e326be9f6e4f517b5736565fc63a873f24f017ef21d0844741e806acea27e2ef5f326a1c2de72442d86e97b95e63

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 4f404efd4fa6dac77725d943bc43a722
SHA1 6ee87eefc7a3134a1280db0dfe175dd9ae166542
SHA256 47522acbc7b5f9ffbf19f34fe203a8dd32111994e654843b48e46fae61d29bcb
SHA512 a0272e80b3727c5857d6c638396d1c9f2adf343135cd3dfaf2747fe7ce4f437e0c809bb7d32cf34221126f398e47a78e00034ba5543675e18171312988c06a1b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 290b5ac5399c11abf1efadc94d934e77
SHA1 c14421757235c3b87f0bc2470fc929b0a183e9e2
SHA256 0b34611013dfef3bac2fdc5f41bd4b08a01067ce2c3a5958db89722a88a557cb
SHA512 4a63d786cd4c3678fe765769c25631c5d7566b4a6177053b7a78c28ebe89ef30e78468d4f4ee1e514ec26e3fb2a1ea8e5c6a612f55e8bc2134f2d0be2c56b423

C:\Program Files (x86)\7-Zip\7-zip.dll

MD5 1a90dd6957e67314dad9998236e00b6d
SHA1 95cbe832fc20e132d5b3dcad4f0e16de6cf54dea
SHA256 b09471025a5e36bd48314f3e05b02d15bfd1dad53f7af142217fc6efc3d89dcb
SHA512 b0362d5010ab7e82c459f9356e57a57927ff0cc91e2a8aeb5e81b6be53cad20a3c0ecbd321550af28c6b03f71000ef2aa329e43b3509efefd012d0f8811bc709

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\cache2\doomed\27281

MD5 7c6f82a876e64b35dfe086f14fd0af23
SHA1 5771acc57cbe34fbeb681dbcf5436a18b07d5098
SHA256 8838b7009b03a8241a3c9fc1b4253cdcc920ee750882a4c181e4e0315e518df1
SHA512 c876f53765a5671c4b8d45bfa29aaa9dcbaddc7b4ab434d86c43a429e83251fe441556b25fbc3395513c3a611c93b508444f8a7d1dad58e958afe52ca9355913

C:\Users\Admin\Documents\FortniteHack\FortniteHack.exe

MD5 46d8808c5d5d34b578c6956bf24d3ce3
SHA1 9681e006313bccccfeca35cee94f42151bfe237f
SHA256 a3095b9f5ad0cf7bd7fdaef9837cfc06388a68a6c042aed268e4b98e31cc0fcb
SHA512 21eb7cec39d570e489da6c6dbf41774f5015d3ba37682de49607b9813274a73d1ef469c0c79c4a0cb3ac077d7e181a39535f373cdedf7669686514a9b531d273

memory/1060-765-0x0000000000400000-0x000000000045B000-memory.dmp

memory/1060-766-0x0000000000400000-0x000000000045B000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\cert9.db

MD5 e284cbaf2f4f44cc5a0a28de7c0bded8
SHA1 38aa4c04b5d7ed93e20e8b828aa6609f4e015d86
SHA256 35e3679a4df025077611b4f3532cb65cd6f752066bf711a01fa6b1734ed56b15
SHA512 e57097a0e0224354a72a9e953087ba9af654702a77981e115940911d5361c4f96c84afa26b65934dff4243f42487913037025bc8d71ad8a080a9c8d662017765

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\formhistory.sqlite

MD5 bf607fea2063b1d27f92b5d1693492da
SHA1 736f30c5bfa789e4b122b92e83819187e757a404
SHA256 8a69b84c189e776202565ba81f8c9901499f235668741fd82bd464950ce51153
SHA512 6efcd71a225e5970e17b66423cbde5a37a3d79567196bb2a16641b90a5eec9994199492945052fdf1a8cf1c9742a29ad7b7ee7f7e211dd132469bdf2cf8dc56c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\places.sqlite

MD5 bbde983ec1810800ff83382dce7d379b
SHA1 257d5f4cdec22b4a11b6fd1f347e6b076f283a2b
SHA256 74886b1204632ba6a6cb7771d881ad2e1e2a2f4857aa463472faa7946cae1bb6
SHA512 f619669cdefe96f503538f3d680b63958043bc0cff1a9e4d33c51e9875029f03e16dd2e2c9a866fef20f0105c50aeceba98349dabda0c5b0dc6ce4f5e4ef6cf5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\cookies.sqlite

MD5 20fc6fd9a3706977ddb90f7cb1ee67fa
SHA1 21fbeeb5db134cbd56eee18597d0018c7e59f229
SHA256 f8f61e56f0ff47d3241abf098539630cf91b31133a7eb5e0213f181e294e8981
SHA512 177cc75be1d6835f89dd638b50bf19329fba1fd2a730b2e075855dd38fdf400780d4bf5fde1b7243403d154ca7b913d229af9ef0d42cdb5d923d1d20173d1a74

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs.js

MD5 15b81423fd56e48864027220cb5eda3d
SHA1 c6917c285d11283ef17f2fdcf0906e61c370829d
SHA256 3dfd1051e9073803c973d609d66e553e4914b124546c4665a726e77cc2525345
SHA512 68b340140f5778cbf00c2bf03e4b9db02b0442166947c0f47f3ffc6f8cb1051f36d6c32ed8d1b5a6b9e679568c64c78248b27c9df814a103f9426f3451e307a9