Analysis Overview
SHA256
40e72b30c0ae514e773b17acfa9d770dd43425e4f5cc181eb1e9041fb2f9efb6
Threat Level: Known bad
The file FortniteHack.rar was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Downloads MZ/PE file
Reads user/profile data of web browsers
Loads dropped DLL
Executes dropped EXE
Enumerates connected drives
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of SetThreadContext
Drops file in Program Files directory
Program crash
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: LoadsDriver
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-06 02:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-06 02:26
Reported
2024-07-06 02:33
Platform
win10v2004-20240704-en
Max time kernel
364s
Max time network
359s
Command Line
Signatures
Lumma Stealer
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\FortniteHack\FortniteHack.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\FortniteHack\FortniteHack.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\Everything.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\7-Zip\7zFM.exe | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Enumerates connected drives
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1096 set thread context of 1060 | N/A | C:\Users\Admin\Documents\FortniteHack\FortniteHack.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 5236 set thread context of 5296 | N/A | C:\Users\Admin\Documents\FortniteHack\FortniteHack.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\7-Zip\Lang\fy.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\nb.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\lt.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\da.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\id.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\lv.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\sa.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\el.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\io.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ku.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\nl.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\tr.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\sk.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\de.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\et.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\kaa.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\fi.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\mn.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\uz.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\readme.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\bn.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\sk.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\tt.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\es.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\hu.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\si.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\7zFM.exe | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\fy.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\si.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\az.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\ku.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\lv.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\pa-in.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\sv.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\7z.dll | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\mng2.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\ms.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\bg.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\bn.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\el.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\ka.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ka.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\kab.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\pt-br.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\uk.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\7-zip.chm | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\sa.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\uz.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\vi.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\zh-cn.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\zh-tw.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\an.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ko.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\br.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ga.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\readme.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\ar.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\mr.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\sr-spc.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\tr.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\7zCon.sfx | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\co.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ug.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\7-zip.chm | C:\Users\Admin\Downloads\7z2407.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Documents\FortniteHack\FortniteHack.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Documents\FortniteHack\FortniteHack.exe |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings | C:\Users\Admin\Documents\Everything.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files (x86)\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files (x86)\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files (x86)\\7-Zip\\7-zip.dll" | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2407.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\7z2407.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Everything-1.4.1.1024.x86.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\7-Zip\7zFM.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\Everything.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\7-Zip\7zFM.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\Everything.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\FortniteHack.rar
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.0.656030495\183668225" -parentBuildID 20230214051806 -prefsHandle 1808 -prefMapHandle 1800 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e70fab5f-5a04-430e-a028-435c04c30a1c} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 1760 2059f910e58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.1.1837589115\1235153529" -parentBuildID 20230214051806 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f97e5cab-e254-4d29-984e-a105a6619ddb} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 2452 20592b89358 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.2.480479868\6959015" -childID 1 -isForBrowser -prefsHandle 2956 -prefMapHandle 2952 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cff07d55-7471-4286-b893-85fa17af6fac} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 2968 205a2606c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.3.1148803259\1875761382" -childID 2 -isForBrowser -prefsHandle 3976 -prefMapHandle 3972 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fad4f88-0e39-4590-aa11-f23bbe8da131} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 3952 20592b3f158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.4.1354451155\386351120" -childID 3 -isForBrowser -prefsHandle 5028 -prefMapHandle 4328 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d69be86-ed6e-4844-bf0c-22ccc7ff79d0} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 5040 205a6d7ce58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.5.436476907\201304772" -childID 4 -isForBrowser -prefsHandle 5164 -prefMapHandle 5168 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {901b615f-14e9-44cd-8b0f-35db15d69918} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 5152 205a6d7da58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.6.49923801\1422009400" -childID 5 -isForBrowser -prefsHandle 5356 -prefMapHandle 5360 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bebc3d0-2b06-4a2e-816f-db7dfa6fa0c8} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 5344 205a6d7d458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.7.1250063579\70010907" -childID 6 -isForBrowser -prefsHandle 5756 -prefMapHandle 5752 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56a47fd8-2b21-4b4c-90b8-038cacd6bacd} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 4960 205a6332158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.8.834234853\1683334092" -childID 7 -isForBrowser -prefsHandle 5064 -prefMapHandle 5052 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56229e66-27dc-4a4a-abfa-b98ff1fcec7f} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 5136 205a488b958 tab
C:\Users\Admin\Downloads\7z2407.exe
"C:\Users\Admin\Downloads\7z2407.exe"
C:\Program Files (x86)\7-Zip\7zFM.exe
"C:\Program Files (x86)\7-Zip\7zFM.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.9.1478745053\1372039991" -childID 8 -isForBrowser -prefsHandle 1640 -prefMapHandle 3580 -prefsLen 28282 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6900748-9fbd-4454-b2d6-c57b6dc812f8} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 3616 205a60f7858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.10.150242129\936506403" -childID 9 -isForBrowser -prefsHandle 5040 -prefMapHandle 5336 -prefsLen 28282 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af4acb35-9265-4017-a590-42e97b4dadce} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 6076 205a4581758 tab
C:\Users\Admin\Documents\Everything.exe
"C:\Users\Admin\Documents\Everything.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\7-Zip\7zFM.exe
"C:\Program Files (x86)\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\FortniteHack.rar"
C:\Users\Admin\Documents\FortniteHack\FortniteHack.exe
"C:\Users\Admin\Documents\FortniteHack\FortniteHack.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1096 -ip 1096
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 324
C:\Users\Admin\Documents\FortniteHack\FortniteHack.exe
"C:\Users\Admin\Documents\FortniteHack\FortniteHack.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5236 -ip 5236
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 248
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:60739 | tcp | |
| US | 44.238.192.228:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | 228.192.238.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:60745 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| US | 8.8.8.8:53 | 237.202.12.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.15.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.voidtools.com | udp |
| US | 162.211.80.236:443 | www.voidtools.com | tcp |
| US | 8.8.8.8:53 | voidtools.com | udp |
| US | 8.8.8.8:53 | voidtools.com | udp |
| US | 162.211.80.236:443 | voidtools.com | tcp |
| US | 162.211.80.236:443 | voidtools.com | udp |
| US | 8.8.8.8:53 | 236.80.211.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | bitchsafettyudjwu.shop | udp |
| US | 172.67.168.236:443 | bitchsafettyudjwu.shop | tcp |
| US | 8.8.8.8:53 | 236.168.67.172.in-addr.arpa | udp |
| US | 172.67.168.236:443 | bitchsafettyudjwu.shop | tcp |
| US | 172.67.168.236:443 | bitchsafettyudjwu.shop | tcp |
| US | 172.67.168.236:443 | bitchsafettyudjwu.shop | tcp |
| US | 172.67.168.236:443 | bitchsafettyudjwu.shop | tcp |
| US | 172.67.168.236:443 | bitchsafettyudjwu.shop | tcp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 172.67.168.236:443 | bitchsafettyudjwu.shop | tcp |
| US | 172.67.168.236:443 | bitchsafettyudjwu.shop | tcp |
| US | 172.67.168.236:443 | bitchsafettyudjwu.shop | tcp |
| US | 172.67.168.236:443 | bitchsafettyudjwu.shop | tcp |
| US | 172.67.168.236:443 | bitchsafettyudjwu.shop | tcp |
| US | 172.67.168.236:443 | bitchsafettyudjwu.shop | tcp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | e0f7f894c569a5fb2e7156c130da2a75 |
| SHA1 | 3e7e19b2ebbe5637dae19c1b53fbd62b27db0a81 |
| SHA256 | 86e627c261b47a5495241e37e1449fe8e8c7ac86ff45e8afa6303cef4f683293 |
| SHA512 | c81a02cc3c1c977da29db70ec8108aef28ae6dad1167ad14842a99cb35bfa73319c7ed321a24106c0a05d6b17fa41e4aecf4b291e73d8a588e8c54bd4cd06663 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | f1033207bebb325b9ee316f6a0cad0f3 |
| SHA1 | 02a5e8aa5c3e6d42bec1d2b38c5abccc134b22d4 |
| SHA256 | c5231fca54ff9828f04030d579ab37d5e31f6061e4f081ea3746d49bd0a66da4 |
| SHA512 | 1829057812a99672f399a179511233fbfa735f72d1c3f8007b1d742e3e636623cea86918ad40712b39fa5838523a2f5bf0f1252d034c1dd27cfa39d9d2b633d1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js
| MD5 | 679f9bede63005740867f0185911cab6 |
| SHA1 | 403efd7d735fdc117e624221e30d2367f934a84d |
| SHA256 | c2479ff5903585b6b7da64ba0652fb64b854a3af104d79b435777a88705d0e60 |
| SHA512 | 1032686212beb1f518c100939c468cd663b5b17690c36dfff722083b10a9d3205909f54776d9e9ffbb9d8e4cf3036245c86ed7ea9f1150eb50a6d8f6cdbf4416 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b2f5776fb3bd5959f2cecad4a41d340e |
| SHA1 | dbf9e7cbeb18900a2bc3aa18f6e3d7e77117256c |
| SHA256 | 50ee3ba6b6db54c346d58fe62b4b678a6ca15a73bd69a0607b1eaccd62506f2e |
| SHA512 | f8fb300a3e1a46b2fb3053aacb27a8a313be476b5e3c79f03907047fce0202a3fbc434f9a568b5b5e53e353a32a1f207fda46a548e3b9456372e16007026cafa |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\cache2\entries\2547F4F8D6358638CDE0B31A1322D63360CA032C
| MD5 | 75173feb6855550f62eacb89d81eda90 |
| SHA1 | 0c1ebafed471babc65bed1530b1095f98b711abd |
| SHA256 | 527011d2e27f3507c8d91b2eee041a3defd70f84e9aae0d3e3e8d037bb5ecc18 |
| SHA512 | 648aba572af39a84b7b8832a41d98ac28c666761ad790b21a3f7a30e69b3ebebebb8bec284ad8542152f57772fafee7da42603ec9a6aaeda9681f9ff88a0811c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | cf925e5d5348b62eb3d18b1f231d88d8 |
| SHA1 | 11c370eafa473b57f6d7d5df2607745c6fd1c11b |
| SHA256 | edb4557db81c6099f3c80987c137595bb0a01a23aaa94131aff6232d61652045 |
| SHA512 | e407a96ec909729c7732309d3ae1a7702f27e6e40bbf1bc2d360873b2417a5e4fb6efd9e5d5728c3ff31d4e9af9ebf059e3f0a72afeebc55c5f7bb2a78e59489 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js
| MD5 | 8cbd05c160134356517349f9ce3f3f10 |
| SHA1 | df7b57ec032633eb82c7d9c2d467faddc2dccce8 |
| SHA256 | a8999edacd1c071e5c32bf8ef0cc2372da7f7851c6469761b7bc10bb5ffa4a2a |
| SHA512 | 3968ff320d5e7183f60386589320c5a2c3f84541918df33c3b1565960ab41d16a0a82f16ade5937f510e24f17d1b4c19194031e75a318b317112e3c5ebb40ad5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 188343cd0d3ad6edcb88addaff388b39 |
| SHA1 | 25a58abba7011d81f6363b01a288c94252d2d5be |
| SHA256 | c6560a487379ea1dc1b4c364cdb88b27ef2b203a20cd1903f5b5bd5f3d07d21d |
| SHA512 | 5fce02ca0df3d2728dcf56beaebac8cada28127dfea1d3a19f5b1447466f6c8943c87d8ac0a1e4900e2e3d95759a7747e46b668eed8c0f93b92092694f877a0b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\cache2\entries\2803F2FBAAE4ABCB08334CAF353BF333FBB61A02
| MD5 | 89ad266ee1015431f605bf095e29f1fd |
| SHA1 | e85815bb5f9d4c5a5bd623874f15f3a4cdbd50dd |
| SHA256 | 5e0c159e419193e444da96fee3157c389a15540cf5641219209d9fce5c901592 |
| SHA512 | a0fc5a2ea1233a2038aa753d0e7bf80beebba4ea021983b4bbcd0e0ff453dbed5bb76c8ac36511b7602dd0e45af2adb6650c4abd0a357ca079880a9e2b6a961d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | fc470bc672cdecb84bd76795da891c1c |
| SHA1 | baa5303ee2f497158d0da1accc3cef5734ccc9fa |
| SHA256 | 55e4d7bfa5744f16a975ee9e7fcc5307625a5134181d4fb1e69b639b0574f5a9 |
| SHA512 | e366313a1b16e4bb92ed20d50bb1083d6df4e165769654ec6dc49c3c4af3d88438b2860294635ec0073b1d2efed803ff1d79152b4727b29cd8245f22b4c88291 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\cache2\doomed\1026
| MD5 | c2348bb6250fef9cb312e5bf7bafc17f |
| SHA1 | 820aba5b69c92cd88f58e082fa049a849ef6a704 |
| SHA256 | 03d9386c165d84e44960349c5f17dfe198d3d7ad03b605db9d4978acc7964c55 |
| SHA512 | 64daf355148f50db1c030994376629a05ab695d8f0be5d9a9522a6cce871d224e00eed3538c86605562ff7535748ce4752a7a79f35c2e6b93d55a6a79225816e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2c2814d127da92b5a0b42f8723d18a6f |
| SHA1 | e57737798ba63751cee7b6a1975e4ad25c6b1c2f |
| SHA256 | 30e2e5a40a9d5d59d593a46dd870918abc05f01344d196db62d0ef9ecb092bd8 |
| SHA512 | 83c21cbfb00c7af712eeb98944759d84f03f53e6e9fd54fff68bd4d6e959be1fee74fee1a57c7272a7520bb416518bd13f7b57a749b07d4ff1ba485cc25e189c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 25bcce0ca9faea4f70f7cacc6cb23cc9 |
| SHA1 | 35067c808e2e6bb14e9928c4f1061203617f9e28 |
| SHA256 | 346aea292cff44ced7b28658b2a260f3b3e066222be7bf0919d39f17215aadf4 |
| SHA512 | 0ddcb328443a8a179288a26a24026d7c3550a9edfd604a65c0a93aab14359c754e27f5f5add7053e791e2d3a933cb71f441828ed0792864f3575a6807d380a50 |
C:\Users\Admin\Downloads\7z2407.1Jt8NmK9.exe.part
| MD5 | 3f6d2cef65fe49a38190781a0cb46707 |
| SHA1 | 6132b1cbb8b81a587d3eda3c9ac3a1c434fb13b0 |
| SHA256 | 151261d221ba0f6120c7f16700ab0724b92ff3230f05a89ef15dbcd8198678bb |
| SHA512 | 731b8fe2c578444ce859bf2061c342b13716e49647d99517358b69740e2f6e49d751474c241f25381b0e194defc2af9fe0f434aedd3bd96aa39cbd19dd457a58 |
C:\Program Files (x86)\7-Zip\7zFM.exe
| MD5 | 1e9ee7e5ef7b011c2ae93c24b1480072 |
| SHA1 | 6cefd04d615dc2a6cc218e7a762dcd7bdb510bee |
| SHA256 | 1c263c236a27eeb6294d85782d4da44f5221a3c826debb5e2a3a970ad746c480 |
| SHA512 | b735f4ec1d1e2891048fac24b057bc80ae27cf5ce9f659eff13a58fa25e7040d63ecf9e95dadf1374859236ca3e20f4cf786c0d43b2d584285c0bbf47e6ad268 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | bdc91314faa946ece70d5baabba0d8db |
| SHA1 | 3c891da950b09a1e4ad589eeed69d61688aafc47 |
| SHA256 | d4c98cc6e3b9b006595288a6af9926175e1555212aafa73ed63bf2e48e8681d8 |
| SHA512 | 4d6ff0e88a013c0b9097b81ded08bc3dc5a4a69d4bb8c6877d3eb0050bd1ce1bc9da02cebdf43d36f625338c8c19709e9d001d2c4aa8c071ea86a32dbcc30038 |
C:\Program Files (x86)\7-Zip\7z.dll
| MD5 | d69c8007d55870b0b422245d55c101b1 |
| SHA1 | 2aace174dfdd00a07d99aa30dd8ed94be5447d92 |
| SHA256 | c03d96dc860739527addb073973e5ba5af6df9b0fca8925efc3bca348c17abdc |
| SHA512 | 4db937cefa866899af267fcce25ad6ce573e014dc5ec1c990c012146af370ef8583894d1a08350ba2609c6079ec9ba941a1d7a736f011db6d627d480f76172df |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 27950233a371d5a3ecba15a86c2ac85c |
| SHA1 | df67796d2a2b9045f6e2eedb76f70d891b5a00f6 |
| SHA256 | 3b6f788f2a10ec5107241b3e8d5564634e84452473f72c0f0c245d217f180fad |
| SHA512 | 0a21dc2279ca45685a3ed39be8a14394ef4a79cba0f6c4b1e86ee5ccf2c098acfd58e631604370355bdbbe5f6ac8bb7eb9bdf0383614ba9bf012373a09109d23 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 55cdc2a5aabe8eea7a6cae417e10483c |
| SHA1 | ea9fccc4bb6316f8187a22b0f54766d184e974a5 |
| SHA256 | 0b0ab58dcc156bb18f6260b65c8d7b2b6a1c80698a0bb26cd51633dc043b5406 |
| SHA512 | cb67f72f01889b2e466b71932c53cac2e6eb7b4472ad976fb5c0e61af55a713547d22207d5b81fa1155db70d764de6ea84f66ad89dfa20677b496c3937ea3e8f |
C:\Users\Admin\Downloads\Everything-1.xT4Cijdx.4.1.1024.x86.zip.part
| MD5 | e737068c9aff545687ebcd2117c0bbc3 |
| SHA1 | 4c86fdf39f62d4a41fa23bc4dcfd6b6ac94b4c9e |
| SHA256 | 88cfa8fdeda47c02406ee0e17bae84f875efbe8b89aa24754064f3d9c283fe89 |
| SHA512 | 66e7a8e250a2d318a8fa1fe6432bfcca5e006a9f9d3ccc9b7d03f58e9677fde98fee9ae1544a7daefd73640ba9d31d6bbac3412b24a0c931c0d2dba3f9ebe743 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 17c884c5ce698d153ccb23058346647d |
| SHA1 | 80d8f7e3d91b90cffeefffb3cfcf4f5c38b46e43 |
| SHA256 | 2be5a454944da881e9ad2a6969e32f3f066d26486fcc8393005ae330332c5426 |
| SHA512 | 78ac741cde2446ad9b50842464f0809528e9e326be9f6e4f517b5736565fc63a873f24f017ef21d0844741e806acea27e2ef5f326a1c2de72442d86e97b95e63 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 4f404efd4fa6dac77725d943bc43a722 |
| SHA1 | 6ee87eefc7a3134a1280db0dfe175dd9ae166542 |
| SHA256 | 47522acbc7b5f9ffbf19f34fe203a8dd32111994e654843b48e46fae61d29bcb |
| SHA512 | a0272e80b3727c5857d6c638396d1c9f2adf343135cd3dfaf2747fe7ce4f437e0c809bb7d32cf34221126f398e47a78e00034ba5543675e18171312988c06a1b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 290b5ac5399c11abf1efadc94d934e77 |
| SHA1 | c14421757235c3b87f0bc2470fc929b0a183e9e2 |
| SHA256 | 0b34611013dfef3bac2fdc5f41bd4b08a01067ce2c3a5958db89722a88a557cb |
| SHA512 | 4a63d786cd4c3678fe765769c25631c5d7566b4a6177053b7a78c28ebe89ef30e78468d4f4ee1e514ec26e3fb2a1ea8e5c6a612f55e8bc2134f2d0be2c56b423 |
C:\Program Files (x86)\7-Zip\7-zip.dll
| MD5 | 1a90dd6957e67314dad9998236e00b6d |
| SHA1 | 95cbe832fc20e132d5b3dcad4f0e16de6cf54dea |
| SHA256 | b09471025a5e36bd48314f3e05b02d15bfd1dad53f7af142217fc6efc3d89dcb |
| SHA512 | b0362d5010ab7e82c459f9356e57a57927ff0cc91e2a8aeb5e81b6be53cad20a3c0ecbd321550af28c6b03f71000ef2aa329e43b3509efefd012d0f8811bc709 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\cache2\doomed\27281
| MD5 | 7c6f82a876e64b35dfe086f14fd0af23 |
| SHA1 | 5771acc57cbe34fbeb681dbcf5436a18b07d5098 |
| SHA256 | 8838b7009b03a8241a3c9fc1b4253cdcc920ee750882a4c181e4e0315e518df1 |
| SHA512 | c876f53765a5671c4b8d45bfa29aaa9dcbaddc7b4ab434d86c43a429e83251fe441556b25fbc3395513c3a611c93b508444f8a7d1dad58e958afe52ca9355913 |
C:\Users\Admin\Documents\FortniteHack\FortniteHack.exe
| MD5 | 46d8808c5d5d34b578c6956bf24d3ce3 |
| SHA1 | 9681e006313bccccfeca35cee94f42151bfe237f |
| SHA256 | a3095b9f5ad0cf7bd7fdaef9837cfc06388a68a6c042aed268e4b98e31cc0fcb |
| SHA512 | 21eb7cec39d570e489da6c6dbf41774f5015d3ba37682de49607b9813274a73d1ef469c0c79c4a0cb3ac077d7e181a39535f373cdedf7669686514a9b531d273 |
memory/1060-765-0x0000000000400000-0x000000000045B000-memory.dmp
memory/1060-766-0x0000000000400000-0x000000000045B000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\cert9.db
| MD5 | e284cbaf2f4f44cc5a0a28de7c0bded8 |
| SHA1 | 38aa4c04b5d7ed93e20e8b828aa6609f4e015d86 |
| SHA256 | 35e3679a4df025077611b4f3532cb65cd6f752066bf711a01fa6b1734ed56b15 |
| SHA512 | e57097a0e0224354a72a9e953087ba9af654702a77981e115940911d5361c4f96c84afa26b65934dff4243f42487913037025bc8d71ad8a080a9c8d662017765 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\formhistory.sqlite
| MD5 | bf607fea2063b1d27f92b5d1693492da |
| SHA1 | 736f30c5bfa789e4b122b92e83819187e757a404 |
| SHA256 | 8a69b84c189e776202565ba81f8c9901499f235668741fd82bd464950ce51153 |
| SHA512 | 6efcd71a225e5970e17b66423cbde5a37a3d79567196bb2a16641b90a5eec9994199492945052fdf1a8cf1c9742a29ad7b7ee7f7e211dd132469bdf2cf8dc56c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\places.sqlite
| MD5 | bbde983ec1810800ff83382dce7d379b |
| SHA1 | 257d5f4cdec22b4a11b6fd1f347e6b076f283a2b |
| SHA256 | 74886b1204632ba6a6cb7771d881ad2e1e2a2f4857aa463472faa7946cae1bb6 |
| SHA512 | f619669cdefe96f503538f3d680b63958043bc0cff1a9e4d33c51e9875029f03e16dd2e2c9a866fef20f0105c50aeceba98349dabda0c5b0dc6ce4f5e4ef6cf5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\cookies.sqlite
| MD5 | 20fc6fd9a3706977ddb90f7cb1ee67fa |
| SHA1 | 21fbeeb5db134cbd56eee18597d0018c7e59f229 |
| SHA256 | f8f61e56f0ff47d3241abf098539630cf91b31133a7eb5e0213f181e294e8981 |
| SHA512 | 177cc75be1d6835f89dd638b50bf19329fba1fd2a730b2e075855dd38fdf400780d4bf5fde1b7243403d154ca7b913d229af9ef0d42cdb5d923d1d20173d1a74 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs.js
| MD5 | 15b81423fd56e48864027220cb5eda3d |
| SHA1 | c6917c285d11283ef17f2fdcf0906e61c370829d |
| SHA256 | 3dfd1051e9073803c973d609d66e553e4914b124546c4665a726e77cc2525345 |
| SHA512 | 68b340140f5778cbf00c2bf03e4b9db02b0442166947c0f47f3ffc6f8cb1051f36d6c32ed8d1b5a6b9e679568c64c78248b27c9df814a103f9426f3451e307a9 |