hxxps://drive[.]google[.]com/drive/folders/1KeMHOivbKT-ajacfd8LzTqwf1cYq_qBB?usp=sharing

Analysis

max time kernel
1049s
max time network
1051s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24-08-2024 15:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1KeMHOivbKT-ajacfd8LzTqwf1cYq_qBB?usp=sharing

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
808	FortniteLauncher.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
8	drive.google.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133689887259362616"	chrome.exe

Modifies registry class 32 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	FortniteLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	FortniteLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	FortniteLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	FortniteLauncher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	FortniteLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	FortniteLauncher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	FortniteLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	FortniteLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	FortniteLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	FortniteLauncher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	FortniteLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	FortniteLauncher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	FortniteLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	FortniteLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	FortniteLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Documents"	FortniteLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	FortniteLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	FortniteLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	FortniteLauncher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	FortniteLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	FortniteLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	FortniteLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	FortniteLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	FortniteLauncher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	FortniteLauncher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e80922b16d365937a46956b92703aca08af0000	FortniteLauncher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	FortniteLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "3"	FortniteLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	FortniteLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	FortniteLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	FortniteLauncher.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2496	chrome.exe
2496	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
808	FortniteLauncher.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
808	FortniteLauncher.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 3028	2496	chrome.exe	84
PID 2496 wrote to memory of 3028	2496	chrome.exe	84
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2148	2496	chrome.exe	85
PID 2496 wrote to memory of 2424	2496	chrome.exe	86
PID 2496 wrote to memory of 2424	2496	chrome.exe	86
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87
PID 2496 wrote to memory of 2092	2496	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/drive/folders/1KeMHOivbKT-ajacfd8LzTqwf1cYq_qBB?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffea180cc40,0x7ffea180cc4c,0x7ffea180cc58
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2028,i,12814546169788648543,1821199666881568958,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1732,i,12814546169788648543,1821199666881568958,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2072,i,12814546169788648543,1821199666881568958,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,12814546169788648543,1821199666881568958,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,12814546169788648543,1821199666881568958,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4916,i,12814546169788648543,1821199666881568958,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4772,i,12814546169788648543,1821199666881568958,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4012,i,12814546169788648543,1821199666881568958,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4556 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4564,i,12814546169788648543,1821199666881568958,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2264

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4964

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:756

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4336

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap24706:150:7zEvent22764
1⤵
PID:2536

C:\Users\Admin\Downloads\EraLauncher_for_LawinV2\FortniteLauncher.exe
"C:\Users\Admin\Downloads\EraLauncher_for_LawinV2\FortniteLauncher.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
dfc3feef16748fe485022acf15f07b0d

SHA1
103000cd70235ef924ddfb507ef9130aa8e46221

SHA256
d10818f0e552c973d2208f29c29f00860ed624235c72618a447e6c5960e12087

SHA512
7bb09d5643dbd0326263700e13d33e970708d4b4fc1d0fc176024b5788655639492da89d309d7307b8c32b422094a2986ff48a1e4166fd6173454ba9ce07c6bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
72f6cd7455dfbb9c1ee55895855101e5

SHA1
5f96812bf52a3444b123f3c2cc57044b44c3e881

SHA256
bde30e182ef6e91291521ae621019a1366088a1517c7a138618681606dd8944e

SHA512
4189ba0cc7ad6d324e53b5f28c71138b09c7081b95b7888ce0630026848535ddd7f3b809d6e8c6fe0d9a5f26bfbd94e6b78089590094861579ff76ea292c90b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e4b68df4aa7c83a1a70e2c7259deb4f7

SHA1
c04499a97d4e0728bfa8947d01afb3af91fcbd23

SHA256
bbab6fa5e9988ff35f261c166bc7553f15dfde394d775e500538b284997127ee

SHA512
82e3f1d75e2ed92733422d2beeda677c720d91811232987a8b985f09d8acb5843c9f3a5b3ee892a7f3555e5bf855d658c321c6e8d10374b2a404224dd16b351f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e46705ea3767878906a5db0be2efef45

SHA1
96887fb5a84ae51c1cecdd8c6a96f4996df27157

SHA256
2149423cc22d97fc286cba778a2840ba05826b83c90c7540d312f85766b63d00

SHA512
69ef0850aacb667d072d8e573a459d987423199d3dcaffe5d0a1750f6000709ab18733ac6ae26ec92f6bf6b58517c488afd21769253c79a5e5d44c0f666c9a30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
05717345dc4bc413afe4f58d8692a939

SHA1
cde6494e96acf1702d7d0099891ed91687c29034

SHA256
83bcbba0c893194a905e9ce4d3976b88257d349df7c8a531ad17b7b74b70262a

SHA512
44b2e9b3f211f86fb4d5544a2e1ae675dbc41787e82679f3dc602392f1fed2df4963d50e21d03ac02646381d9915f9eae3428ed8512fc958b7a4cf5105f92e91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
8aece5834ba78bee6a0007acbd460071

SHA1
c7a71dedd3d350dd09b515060cefc285635e387b

SHA256
a5e0e9cc9359a4787db89feec965d2145bcb5ad8e628e8e164b2bf14b1f3f0c6

SHA512
15297409b48e94389f77455f8eb05fa0c7dd3e8a32a5334deb689e7c665abfec4e358a593c78f7390de18b9bdb041fea71299ee5b932bfa6d62bad90b41f7f98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
3bc61cbc83dd449714e361e9ce797f7e

SHA1
7b02e441c37ea90d6503cd8abbc6858c487a6147

SHA256
883ab6ebcf0aca8ea1c282e6ee66f1ce5f055f4cd324de99ecaf999cf32c15fa

SHA512
9fc8d739f4ffe8c74b66993e2e7b9372f8a94dcafb66c1ffef4b5d3f8579c6c9e1c94842110a9e9022a528f078e26526f880e294752d26fe08d7d230a66be791

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
baf70502d326f19e179b9d97f4ea7af2

SHA1
a3c72b9e13f488aae32c7f6ac9808358c9662a2b

SHA256
865ae79b24cab0233d5123507d2ebaee70662b00096a72755c064bc668bba8d2

SHA512
70365d85509faca729049839b41a581fcbffe09d116090719eb8c579b463a1e12ef590f2066704c8f540dc9fa19c0d2bd3cd617c193b3af717b597c1a794ab6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
b61e9145bf2572ab4c7dc95009c666d2

SHA1
aecb2ae5aa50085f5e0f29f0d881ff06fe35c2fe

SHA256
52e561927e5b56be742ed2b456ccbdf5b0e4c7142a56073b942f8ebbd2d06995

SHA512
3f7d4eaf166e38e30713ca12359dd4180e6884c0e91ae7e9c6b1ee86111a6e1bb409b002efde146ac326c74d29e6d10bf5135067957902c5f07e15442c90c5dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bc40689a2451e3b6352637b437a25d70

SHA1
2813117041ed4dfd548bdb31f07c093e1848fa73

SHA256
e5160a851ec00eee80b755102be94e5450eb8354cd90f6a2c23982414f9a91ae

SHA512
060708054a98760b86b9d3ebd3933b64a646a4c11259762471467ffb70550ed66f96ba15681dfa72d6a1f385340af848c3e534ead8550eee0da949ff5bc3a04e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4f52db32a18e88fbe96019648db2723b

SHA1
7350b03fbb323c684031a75ebe4d574863bc3b18

SHA256
627070894977cf78e5dd49eb15221034ae053d6021e08cacc042c51bd6ade96b

SHA512
29588498517873757bd8d55f88b175d170423e8937b01933a17796d36e477e9231e1d2e5f4b365709bb2b060f4b8fe7e9dfabfc83103d3198bc773bccc56bfa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cca34679c9ee3d036784c34ddd633bda

SHA1
a175d69e5e88d0eb112b3e4e0881d99412a340c8

SHA256
498a3a46eba45cb3af2a521ed35982bb886e93bb6abea56a880e5eeacd86777a

SHA512
586cea5d5e2bf442da62796b0a475bec4f25d3c3539d9b19f8ff128e1f6b018ab1c2f194261a8f955e0d67b508a4a25c07f0e0b25e7f5514a3a6d55b4065d5cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e77ac41a70be6eee1adcff1154e2a9ce

SHA1
1f40c68151791a79994622687d85bd476e321eec

SHA256
2eca222ca101a0ea3b527b15b6d9e0e9a2755e42ea86d310175dd85ee857907a

SHA512
b9a54e86e3b5a7582589cb154da34ab907f20d8fcabfb6c97194b3610a8374a2e09aa9c617d9004d749ae72671f2f0251365286f9ae9e95473f71525cab2f477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
35266580135901cd5396de29cfabc919

SHA1
f53c56820ab6e98f1088bd18eb54cc736abed71d

SHA256
e12b83ef80c9caef9e0f4520ad03e55820653afbb3674bf319a3d83a422b144f

SHA512
4b51667a1cbc4ded0e9fa96c997c59be3cd035fe9a89400713a3ae1de1cc909dcc17ed5a798170b148a280179d4ad5340b9e326bab296c42179931dc5ee1287a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a433e262d69724f5b18f393143cef7fb

SHA1
b9ac8d6acaa085bb8e1e2f8f8a99c08a61e72fd2

SHA256
d3bd7cf0cdea29645f942ff249b322074ecea6f10b822d4b75cb8d385bdfc233

SHA512
175ade46e80740c79ffa884b30153ecc0066c137b03161608c50596ae5e9b2fa6ecaff7b863c8438270c286a09deec9d5437b763933cdd974fbca85bc88c582e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
0a5af417878e7822988f32e248e50909

SHA1
84ee5ff549ef5d97ae4049875e8a75258183b86a

SHA256
5cad3812f59f7c2e5bdb2903e1d6a7b7c832bcda9d248cc62626a26853493b2a

SHA512
c11ad25a299ea9208f46e603645c8fd1db12774ee6807e76c00ccff129409a30699c75d42d444c50d7b70ffa797b6b2ecd8df7b559052741b6c09b977ca34883

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9d959c1693b05bb0cdff21120d508be4

SHA1
76904d441bfe84056911ca5298c361ac831e081b

SHA256
8874821690834a11505322d7f52c9d0787cc3a9d2f0f137303161645af1254de

SHA512
f851a9cd96f142149f4a34ec59d09b5289efcedc83e0ba60d8f340bb621cf933e69c12d5a04fb55547e5cb4cd44ea6b2bea8cd9948cd00996f04440a97bc8202

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
56cff1a4bf2902abc93013d130dd0cfb

SHA1
307c81c3ad724e4e648d5f8bbcf83526ce0c017c

SHA256
8383b0bd2882a6cf127469d6b4f34354504d2dea94697b8f137d18bbda4d5c8b

SHA512
442786c86acea894c4c6ea2b1ea3d1184fc0839e3a029301bf495d709f023922e9cb8801c7b921e24c9c2faca51a7acc93e4d87d109bd65890844a7f8d137b80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0cf4c136152aad15e39fae34c54928b4

SHA1
4358144ac79e96dc0489f0d7b3aebe7b5f90f4ec

SHA256
fae9f486b19231b5a16f89ff857681c2d2717425e5da55b654d91079e2fb9d0b

SHA512
01219093179459a3a31e5eb7f47b1d9629d84297e69dd97c5a21cba5f9eafe509df4d4760d7691661c1da750746259a58ece86ee56bae8f7f33fd035a78a0eb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
beb0683b3fee5e992826c8050c265b7a

SHA1
68511f484ce8baa2b38bbbcd046b58a162ede3cc

SHA256
c731044c571cee268f638584671d4766d79d755af40bb46cd443100fc44a9a38

SHA512
0cf0eb9309db07b1933779831ced1d0b498b3ec930143fec44bbc3ac1de4c8acf65872ab81dde6f03dce5a7f35c8c4d730a29863d5055822d004b0cc127fabee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
154d011e99e08f340fbaf960f7283d0f

SHA1
27f6da7202dee8d3cef774d293ff54d70b1ecaad

SHA256
9d7ff9331d4d84fe3b1706271bb42bf72cb96722e0bbe78566053aa30bf2692d

SHA512
10c12efd48c2e48c10f68c42c000b26e950c66475a6e9bca43c87a587230171b2e0d4a6ba814e8b41fb319f0c90a039b6ced1854aea49b8b0b4b068f1acaa38e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
859cd9c7b2691d523de8741f4ccf6e4b

SHA1
c051bd57d4957641f11cad526a107a5bce59cc67

SHA256
a734d0e47aa6818979953fb0da646594bfdd6b79d35cacc458430d00fd682710

SHA512
258ccf18256696cb6cf4708c826603ff306c157aa7a405aee0863ce549908bd19771304df00ce6d8e389c7b2809161ce97ec5315e692eda1dc07b0f47428220e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
56741c2e12bf2c35601da4d8947c3eef

SHA1
356be9b2c9031ad778d4c32b4dbf7e55662d3c0f

SHA256
389d9c3ec8eedf16073c1305a05e79de6943ee3fc23a4e0eb9cb007400504fc0

SHA512
47db848731e62db07573e146e7fe66876a56783b834d737a5fdb0fbc485233431c40db3f22400f7e92a189ec79eece9e9b6157ce08169412488773e40c887bf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
eb09508346f302ad790c9f0611138d22

SHA1
428d6a03f401eb795b9b3651a2bb7b4ae7aee280

SHA256
6f105dbadca559695de4fb5e06b78e619a1d266876f2f28ab8aea9af8a25cb5c

SHA512
815f17404abc1d51867eee68a15f166efcfdabc2391f4ea95c759895eb867ae6ff778d38fdeff85d5ad23b2cbe0d04134f2695f9a0176ba33b9bdcd4b4c7c82e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3fc95f4c7778d1decc492710b0498790

SHA1
8e4d2af61129d2e4cc060ca7ba68c7b2d33ce499

SHA256
3754824096f71fd0a7a8f5128d5fff44698eb83a923a39640f1324bd0f783e18

SHA512
7f1e8e88196de7872d07d3fd7b8aa582524f321bd9046cab69541cc9b7402eb117592982a7e3d883f566ab6b3e42331e8bc486ed9cd1af2a31e3608853a7f477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2dc09e991549e59e93404632bd943c52

SHA1
087ad6978d21a13c36843dbdc3399d458ebffab5

SHA256
0be9e0be0dc8022e2fecd172dfa8296ae009e40e40db2c7f4ecc194b042f51b8

SHA512
701e3d7418018a2f1c492448125ea3e74171f8664e339b7e3f9aeb4386d263e4617d33b849daa62138a0ab7b9a7c0fb0fdf3db603e7ae900a1e6360c25199933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
11b373cc2946dd89613d86a8cd750395

SHA1
2a22049720d243a939bfbbdb78fb9f5732343a42

SHA256
63320afc49a5e11c055aa7709c5249a37be0e3a19400f72384bff945967b3f6d

SHA512
1a0409f5e3b1b08afd3cfb615c225ba2f143b1235da290d582486a7002b9df10b804c00c9453d2e104bd91ed99e68fcb1e6599b8e2ca48ce600c3ec909d42fce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6fdb04c78c65bfb8093d849417dc2691

SHA1
4165fe44ac60ca362f853dc7e08af4f18b2a8427

SHA256
0f9a0ffa2dfb3b21f8b1cb59768933359135d8fd5dbb2e576ddb09c393dbef6c

SHA512
cb4b59679ac293964bcc8fc81852665019bd136171bd38816fea90fbb36aa5382956a9749fca0bb8edd30834c95acfb073f50a64bb10be576ad31fc5ac96b95d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fdb477167212c52f360373108198924e

SHA1
525587f02c58eca26f43d03399192615061723cd

SHA256
f8342293a14452207e0abb1aee972dd6749e8464cd30887dfeac6e19d6b43954

SHA512
231f99ed7f9c143296b70ca23869fb75d7213ee91e416c4c1a19a43c2ec59eb97c16667f978bb76bdb9863012522df0c9bf3f7612aea3ed38fdbdda9e756447b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6e300604986e323b5c751e22167357c0

SHA1
9986fbce9f6fa9dcbe657334dcf49bf8131c7287

SHA256
2e47a66b884c56cf940a0cc2ed20285eace5e2900266ae778b1bd70c9b1189f1

SHA512
48db97b05e639ac7d4eeb7016f0f52637db99ed1e76b6e97b18aee1c62f2e649d23cac8f60c714a9b4c8efea721e1a2176dfd31ee1804d64c4bc0adc555e5a31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
736d8b37b763b96837f1ae22ca9507db

SHA1
2e222e9b14cd0edf53771b759f75ce3a0f023005

SHA256
57f58f70e5c83d1f3c12e3c72fe1ed9bba5310a98082644e3c57a955aefec9ce

SHA512
fc833f267493f43ed35c9b0c8bdd9862fd588fb55f5363138603057431e360f5376f032832adcffcc72faa392833c3cf23a057d48c18d7397cf48bbf37561bc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aed9de94988b30df401a4950c6ee1c0b

SHA1
8cca6f9a08d18c3e158d9256559ddbb25c27be94

SHA256
ac6d76e516c973ad98d5a8570d20312c23f0f047195659d3a1a8d2f0bf7b219b

SHA512
58cfcf1ed2f268ac4b756fe34e53a3c0a7e89b594b262619127349087a0f5d92ac737c417927156e1d93a91f64bda7c2e11dc6519668279959523ef82639dc67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3e3a02309fbe032ff04c7316d8dad3ca

SHA1
7085c32197ea99fc9a61e14cdf2c6d5ff9e759f8

SHA256
f60e6fb53b08dad99aae13ec599e0a284d99bab9a435373a9981c839c906d57b

SHA512
c34446d539b18f4f4f8852e2d48eca833148159db38a29fb6a20865ddf59cea854f544744c7c2fffa2a6d82d363629ab0caab411055d629668c1141a5b367cf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3a2946f9b10116e54c81ff5297672bcd

SHA1
b9cadac2e1f64eb1713a330a4e5432e99cba6c30

SHA256
33a1f6501d6ad7d3da89dced1bf67b23c1f144ff1c688d8c763d17602a8dc5d1

SHA512
26a5dd5a2bf5b1d562878eb27e973d6338c202245d88ca2bb06a528df790adab5c233fe858c6d74d76ee629486a6ec4a6c110a1915917126b23fc7673cb751cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fb09dfbf3faea8d5ed97a51e09935eb5

SHA1
c414e3cad8577626d465fb2570dc2f54fa4854d0

SHA256
4b5e5a528229b8aa1dd67addc3a03b6daa87a2a855701e7a8a3d5b506a3b7357

SHA512
6d6264e6104d2052e2d1882b855516753b5f31c5f0b1fae7e48cb70230f5c50860d39c2b6ecfba7b66fd366d1d13254e5a77076fb3ef0d8a0c71c4f55b1a51c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5e90ae862557c6e89e61bc9f9208121a

SHA1
17da8c67682a128c322c1a66e95fc02407ad4d4d

SHA256
775459df052cdb5b721fa1c2c2602828488f147657b75a5985104569cba8d3c0

SHA512
03726f22798d75bcf14b4ca7647577488bb7b718a4675ef6bff15b7fbdc70c10f660f7d2a7873542db5f3cde5bf868a388a4f84399bef71c8dbd039eb5decfb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ec902392052080e73e5f54fbe85cac72

SHA1
094becd962756a28ee3b97ca288a8ba31b8d0ab4

SHA256
95fb5b2d8fa24a4547929e8a0371149499d3dfb6405c840b1ab223ae6e026afb

SHA512
65651cd570bb5f98d216d59274a3af810a049687e297d31e4ad8e6ee0163a4ea94a93031732a4be2dec8da72514d9fcb14f95569164b149f87f2fcb925a47ede

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
408e4b0bb754316f8b54bef231adc452

SHA1
910be6414d5ec493aa01d995bab019094a64edde

SHA256
d2081b9e5952549de0ede0ed23257474c71d248c34891fd09fb482080955e866

SHA512
0819060d141ef36e08fe1baa94ba568da236d92c6fa2e0667b88a2a60d07ac6747ab056ba6be7bf516936407dc47ff21bf4f6c9d2f1100ff6873b97cb9a6ab18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1f39f1a4df8f44c210c9901025c1b3af

SHA1
73477bb364d531577be448334f38fa4c3c03c9f5

SHA256
88404346b9fe565dbcdcfd9a3e812cb787efb6e20fddc6892aa713713333c27c

SHA512
1ca050543243f519f489978fab1dfa4c48db0429e9da9c30d876b2fd2a5592c13fdd739f4f067ae5ae538ab2ffc395769c5a97d4f51ce62bc5f5c0183eee4852

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a8691ecd3809535708332eaee07cfb39

SHA1
f48e18aa046970146495ef713f26db4f8c279f8e

SHA256
0ac582d61b29362af842dc902c8226e900bf5686632c97eae204a3dbcc9eb57f

SHA512
81e91a7089cb456babd0d01faec331126f2ee402bc21122a2ad0eb462174081b79b8368af741e082ad7983c89ff52425a8139534bb181b666b51f6db6f99dd31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
968f2da7c74e78f20e2abbdd163c69bc

SHA1
8bb0aa12272a23af12c4a8f7d12a2a684c815ba4

SHA256
8c2787ad46593233e33f1f11e3c93daff20cf1666dd1fbd5d78d0854981bc7d3

SHA512
51ee965e664c0d8bf5042f8e5692bfdb8496c96f08c3e0faa0a2646ace23f42c5d64e8eda7e688bbd801fda1a6ab48ddb301736d98d4b4ba243481b1238b32b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6a78fb34bbddd50bde6d8a7070179e38

SHA1
1c4deaadd4310f9dcc43257af4b7411122e5dc2e

SHA256
d44d732bfb99fef185d56967d37953f679b442b89be96f3253a5e9cbbd1b9033

SHA512
86fa2ce83126f26e3172b3d5205ee27bcb1811962fc81ca3b3d0060187a6a73527e69a94fa19e4ad7b6b52d16fd2c4338814777c05af0e3f621a96eeed496f13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8d109b73bbac90109f29ea36e95433e6

SHA1
aa083cb875354351a02c8255ceca1f0f621acd0d

SHA256
13487a1fb1da4a629bc660c81090fbbeb4520239c1e7367caf008d6934c3c44e

SHA512
0679729f80142716409919bde1c8bb21b456c6f3289afcb13be48d0f65899dad22ad2bf8abf4566c1b91eea00c64090b3a3d6930e2105d62f213c20240ecc4ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2ddd2efc87b57d414e380f8f9e4be40e

SHA1
2aa93518026fa16b8cdc894b05cf8c38f8adc515

SHA256
53461cf775bc3ff503670580cec50329703267b3a9921ffae42c3da0db485dfb

SHA512
35a819b5db9d4a6ba48045214a8ad3178a5178daf36868b830c6d453323234014ae7eb6532af297e71452cb6d7b8349068f327a8b6e3c03c30eded8ab65eab64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3bc76247b5c7dbfdac9e19fede25a6f3

SHA1
89bc1ad27e29e0c7160b466f5e189e944ce0cbf8

SHA256
e07e59fab4d560b8723b84b870324b559b01962b103c76babcf304f55284fd22

SHA512
2a286d830809fee3cb4f4b2bcd67c01d1688f3aa43848ff0c850559c48e9f120121e35d79235626a1022e158ca3cd2295152161a8f4e22ef5a499e74b532cb56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e1f00723d4f76160f52cd12b8c947e75

SHA1
88f1f423b1862723606904fbd429e04ce797e8d3

SHA256
332de83b2a165d91af79aa7adc624be1f6f5944d8879b8913f0771954f12c7b6

SHA512
2fcdabc3e64475ee837e3d14ff665b051622f4052c92f6bcf9a66745ea7f98aa5d9408a543dccd00a01b7b1c4a4004dabeea7efabc02f573daa0202392e96d81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c923e4589e6feed12100799db4dd6639

SHA1
568de3c27f949b42534e0d8a26aaa0b026fea08a

SHA256
3a31d782b23b10281a1cb2f6773e67e052ee96c086f74467f43ded09c69de7ad

SHA512
aca7a79f17c51b2b4ce70e8089b8a4e453ec2fdf30a7baa603e183740e6b1872ee2dcf821d848c7da3f690eed7e3f542aa1222c5ddbe03460d0a5cd41bdaa596

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
16bf9e94e1143311dab4d375fd9fccc6

SHA1
6cce3c7bf717ea24de83e5484010f655c0284725

SHA256
2b23643639b8d2f514fc893a085781248a83fa62aa230c37db9f33efd14df514

SHA512
96c0f0bcba841a87ece510617749a5ed776c6202fa246b929accc79570b9ee1cfc05450b6ee81bc1a9aedbd8e74e93c1df6cc2fd25dd40b577d56e0b12c2db66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9cf6220aa57c3ac8fffc4a1798b2812b

SHA1
961daf5705cbe75b06ca91369ecdcc6892479d32

SHA256
2875a60bb4b8b05907288fa0cc215898dc89ed11628f51c877fc921929150980

SHA512
6212b89a1a98ec52c3461f5a8766aecdb6185ab8dd8db35e8fc09404dc1678406d1942cdf177b289ffaa20a8fcd3929a0b063a32aca6bb7662b4fe0a6b22f551

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
808f2071d29eb92a321b350b6070ed20

SHA1
9ed06396c2e902d51c212cfb0c529d5b13518d3b

SHA256
730a8b46583f8653215258002fe1e5c7efa96349ea0423fc49c6870e3d3f4be3

SHA512
54c0b46c50571d3dfe7a1fce68961d8a0fd90682759e977faf84d1a00135d26b27b78c98c93b0fb99f679011e1a8e46bd1691b0c2bf1e7ca0efb0989e7f33f06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
134d5d6f5536dc363cc1a15c819216f0

SHA1
33c5523a771200e5d8ea357902a533b63a9a37b4

SHA256
8a7716afa29d972f3e6b6cb823aba4a6f7a20d6cccaebe8cdffb71685228c271

SHA512
346223d60caf59f881b9a10b3bc1da335606c360290a1add7f026850ee3228999634e6693d13a15cb1b3c283d9b781229173be6b063672f85a8abc44cfbbb462

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f4f6d25a926036cdaf96c97204d6f420

SHA1
4ae3a3fee2bff512643364b70233fc4544fbbd78

SHA256
84f9563125670889bfa9f07d0126625f66efebe2b6b2ed1fd761dc01c570aa31

SHA512
33b7433de2935a1af2c5e07116d499f3ddf4fa5c29ac46a9eb63b02c273b38f2508c8eaeab7b5c9d7e16da9becba85d33d0b4a20de70f0af3926c78d02b7739f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
edea7883fdf191a69d708c7d5c726071

SHA1
196a5324ed41143849e0c447e4742be545341aeb

SHA256
9f3fc8a10cd123a939f1c9906c831c324b3ba52a242f16dd61b6668e7d3c86d3

SHA512
1e0a22ae977e941a463753641ecc35f8c2264645d0494899cb249e49279b2117586516bb983785d8126d5b55e40335a805bdf107d5ca2a3c9b17724f33ec643e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b6ea7a8b1d12ac7fcc2fbee2691c418f

SHA1
87d9aa34e36adae89765baf0bd2dd3d6221dfe7b

SHA256
03ec04f32ef57d77e19575fd0454821dbd4dedf5f4b0dbf42864cd0f4fcc94f7

SHA512
16cc0fda884a22f515baed69a0cd33f45d4dd117c427dacf5089df7d1a7d274b4e8e182ee2fc78f32b3aab5703feb65e20c46d9589cfbc6c68b161d7bcdf5c46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f6a5a45564438729667da1d6e0e47882

SHA1
862a549c1634e7213f70ded7cfb23d8e14c61a19

SHA256
066306b3bd0de21edbd243e83a103a214157c49d988b122a92541aa787a93cc6

SHA512
0e43b3fce908ee32cd6d50f551db3e999bfdc31b9351bf96018f2b2b4bcffb0d4ec037edbb1946e0cf73a614593c22dadd1fdc67af149ace3297c90b60a3668e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aa96f254b9491ae958ce81b273bf544d

SHA1
66e482d96b4ebab83e27d9c9a3a349764f29c4c4

SHA256
55a50c7e7f0811ca76af2583521165add04d20d09ac613135ee80db6e8a1e6d4

SHA512
578e88d3ebaec2e95b7715ecd553f69efd18c7b0d3019f225bc42e0f83f87d9b9e6b41bd1607209f16762420a397d36f9dd39a9ea3b2ff54c20e8f888b2e5e11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fd919548d6c27c838ef9d7d141f03aa0

SHA1
f513e25e1a6cb235889cbf03379c3b642f3fe227

SHA256
9f038d61aa6947ee9949dee842e1b50dea84a49acef7468c6764eeb0f7da7efd

SHA512
3c94009ea0147d42913b439a569906729a40a6e313de60c8575affd9d47c57ab3898d80edc978d2ed2ef86719ea54cd9e681ebd6a60759e0920cf900105606fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
84123759d903c8be5cef3f7bbd731ba8

SHA1
ffde4da74fcdabc1ee22900f086d5ce683cc8af2

SHA256
22898bf68dd0749b177e58d8b636d567ba1ab944e9c8e6334d86122cbf650dd9

SHA512
b31405e8cdc4ec7c3067522950c738aab4b87b9d8884e2805c0689ed4c9da82b295cddf708d501a7de4b2522f8d5a24f729f88996b0836dafe98f30ff1dda90c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fc971e22484324df5d03246fe0314ee9

SHA1
3b1743f9fb8b30fde5dacbbe7342136d1ff0c260

SHA256
3ab02a88d6927d936a92d5a9281cdcff17396ce3a8b3947f1bb73033e04a4f91

SHA512
40ed975470f2182d72d5d8acc8c0753c633e006a2fd0b32c4b71f12387933dcb396c2cde1bd1aadb462c598ade839a7cb0c0b26ce1583ac7bb34718caa60b160

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
12dfa03f11c16f01c91b585f7e73be2c

SHA1
f99e129609f67bc8fcbc0f874c9673fbc1868ddd

SHA256
6679fc7bed91b9f63a7dea9caf1390ff7cf5f62d5645d15c8c8b6bcb0f81944d

SHA512
5de31e5adbaeca16c8fbee80f729ac100837a3ab2202bd7eb3749144767c7e070bfbaaebed2d199cb824772f05b3522dd49eb8861ac8c6d1f5dae395e79f4b9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d670058a25d6f22fd99cf35dd1cd5410

SHA1
21d1654407f6643d22641929c921a5dfcf9b106e

SHA256
d40cd8fd4c11c8a981b71844b4a8cef24fbb6d9b7b123b4b6e242b0159a4b4cc

SHA512
3e3a757dcf3cfb45e95c5855c747525b3af526e43cc889b0449acd2b9e9ae4db38aa0cd4e1593015d520bf19733c42359411a547cb17640734ef8cbe5907e51e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
841186555bb9aabcc3185fd18d8b4cc1

SHA1
10c18076e06afd1e8b09ec8b02d7984cb3c3fefb

SHA256
5414efb5374395504f683feb9fbadc48dc6ec674d38ecc802a858b081a3bda42

SHA512
37c7f4e960ff5bf181d8668b3eb20fce4a58f18d2bbdf3b97a53d9b81aed27dcad5140a603e4f1167fa140c9394c229d770d119ded2819caa5b88fb55a7e6004

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
fe7ef3301b8bebf11e967b4161805661

SHA1
fdcdd6619a68e58d30c85468525632b8c2971992

SHA256
6b113d132d45e8aaa0a41d5bcc161dfe6fa8b753133a56764afca8eef45e28c8

SHA512
798db595ee82988ee5e2b4a000ce64ca13e85d54098382bd944803fd69173a35440f8720733d02f5b85ec917f79b8d9de5c73ca6093dfa1c4e2493af79243843

Download Submit
C:\Users\Admin\Downloads\EraLauncher_for_LawinV2-20240824T155859Z-001.zip

Filesize
35.4MB

MD5
bdc39f394c5b86ef414fb36098317136

SHA1
bd6ca78e42e7b875f1332e0543be8269f1f78be5

SHA256
a4984c56df4f7c75e3c4bf6d7cb9f86cce8637af6ee92dd6c6e4bc2dad5c5ef3

SHA512
1c9b914c69ad1c6723f190e2098390e69aa66cbb998d098d1cff0ad6f276c99fa7b6e0d132849776d8cab8d99f845f9f66513bc6f73da9a63dc5bdf5f28ebf80

Download Submit
C:\Users\Admin\Downloads\EraLauncher_for_LawinV2\FortniteLauncher.exe

Filesize
34.4MB

MD5
e8091149baf87d8f723c08b8b3ec9aaf

SHA1
6e2c63ca45489f0b462a2ee51ef915af40c48bba

SHA256
c9c37c7a8e846165d21baac1bed8128cdfc1daf3056c18bd68fd617727c29371

SHA512
3d117e3fcc52368c9342c30e6fe4581851589eca39ac16230a4dd2e0eda200d5d98ed330b35d1f8848f7f8276ea0ef1e9672b70616bb4f0d9627363b4515f09a

Download Submit
C:\Users\Admin\Downloads\EraLauncher_for_LawinV2\INIFileParser.dll

Filesize
28KB

MD5
2e77f841dbf271fd1ffc460bfd87a1d5

SHA1
18125861f0519cdf643560c0a988bf70c87d47b3

SHA256
f81ba0dd987d46a67b1879ef4ee11c14f32940ff211eace347a68e42bf272554

SHA512
556e4133d28935c13d93e5190178804b13c98334332316ced50b878f35730b92c62f0440f1c2e1bc3f5c36eaeced5ca794cd2fdf9ad5434af6194940aed0e346

Download Submit
C:\Users\Admin\Downloads\EraLauncher_for_LawinV2\Microsoft.WindowsAPICodePack.Shell.dll

Filesize
574KB

MD5
f6a0bdf17dbfdc16cec93537731571d4

SHA1
22ef1d17448c01f9d06eddc0a4ace8827699a877

SHA256
6ea25be49a4e96c43c20bc29eb1ced078f4e0bcec4673ce722271c77bc2fa121

SHA512
c665512ac8cd86b93b2f60061cc6101222709112a6f10b18bed76e94aaf6730aaef100c10bd28b71ee96c704f3576ff0641b13af618e1f3d4c2515109771789a

Download Submit
C:\Users\Admin\Downloads\EraLauncher_for_LawinV2\Microsoft.WindowsAPICodePack.dll

Filesize
111KB

MD5
3efd49b9b913c9fd0c334ac3f2f2f6ef

SHA1
bd0f94459f2c6dc4912856ecaf0c71671d92ad75

SHA256
264180e6ec4c94c24679c392abc8438216cde7dfdb1b0befe8bf2216e895266f

SHA512
7479d471364f1026947e15f5a5649ffc839947d5c676148382ec397e201ffc448985226bef1f58e6e23635263dacba55d63a145b4029523afecf8e4dc3cd63bb

Download Submit
memory/808-393-0x000002403EAA0000-0x000002403EAAE000-memory.dmp

Filesize
56KB

Download
memory/808-392-0x000002403EAD0000-0x000002403EB08000-memory.dmp

Filesize
224KB

Download
memory/808-391-0x000002403EA50000-0x000002403EA58000-memory.dmp

Filesize
32KB

Download
memory/808-395-0x0000024047880000-0x0000024047916000-memory.dmp

Filesize
600KB

Download
memory/808-397-0x0000024043FB0000-0x0000024043FD2000-memory.dmp

Filesize
136KB

Download
memory/808-388-0x0000024021E50000-0x0000024021E5E000-memory.dmp

Filesize
56KB

Download
memory/808-386-0x000002401DFD0000-0x0000024020236000-memory.dmp

Filesize
34.4MB

Download