hxxps://cdn[.]discordapp[.]com/attachments/1278471976515665950/1278854393587830816/Fatality_2[.]rar?ex=66d25177&is=66d0fff7&hm=cf40e8d2989c9673e34c55d83864b3e672283f7343b4b8a2a9c9db73af3fa055&

Analysis

max time kernel
41s
max time network
33s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
submitted
29-08-2024 23:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1278471976515665950/1278854393587830816/Fatality_2.rar?ex=66d25177&is=66d0fff7&hm=cf40e8d2989c9673e34c55d83864b3e672283f7343b4b8a2a9c9db73af3fa055&

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133694466838809328"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	OpenWith.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5056	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3352	chrome.exe
3352	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2392	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3352	chrome.exe
3352	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeRestorePrivilege	2392	7zFM.exe
Token: 35	2392	7zFM.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeSecurityPrivilege	2392	7zFM.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe
Token: SeCreatePagefilePrivilege	3352	chrome.exe
Token: SeShutdownPrivilege	3352	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
2392	7zFM.exe
2392	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe
3352	chrome.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
2452	OpenWith.exe
2452	OpenWith.exe
2452	OpenWith.exe
2452	OpenWith.exe
2452	OpenWith.exe
2452	OpenWith.exe
2452	OpenWith.exe
2452	OpenWith.exe
2452	OpenWith.exe
2452	OpenWith.exe
2452	OpenWith.exe
2452	OpenWith.exe
2452	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3352 wrote to memory of 532	3352	chrome.exe	84
PID 3352 wrote to memory of 532	3352	chrome.exe	84
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 2156	3352	chrome.exe	85
PID 3352 wrote to memory of 4788	3352	chrome.exe	86
PID 3352 wrote to memory of 4788	3352	chrome.exe	86
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87
PID 3352 wrote to memory of 1936	3352	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1278471976515665950/1278854393587830816/Fatality_2.rar?ex=66d25177&is=66d0fff7&hm=cf40e8d2989c9673e34c55d83864b3e672283f7343b4b8a2a9c9db73af3fa055&
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffab75ecc40,0x7ffab75ecc4c,0x7ffab75ecc58
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,13301189052411369462,12132116652652142361,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1836,i,13301189052411369462,12132116652652142361,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1856 /prefetch:3
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,13301189052411369462,12132116652652142361,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2492 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,13301189052411369462,12132116652652142361,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,13301189052411369462,12132116652652142361,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4728,i,13301189052411369462,12132116652652142361,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3700,i,13301189052411369462,12132116652652142361,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4488 /prefetch:8
  2⤵
  PID:3800

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2656

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2260

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4640

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Fatality_2.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2392

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2452
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Fatality.dll
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:5056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
500fb62e6f3bc52173fbfa21b29efd4c

SHA1
7be14059e230c62404c614a03684d395c7c15586

SHA256
ec226ec79ebba1c927745b7fc8e0e85aaab87e4b150280b6a608cf0608c52a25

SHA512
d184bab5365fa21aa8480eeef841419e0144be28d3b4186bdbba2ff4f467673f72d767b1940227759ef8a9d02dfdbf585a512fd23c2b2dea95b29bb11a641930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
dedaa03e011925cee32d7c75ed29d005

SHA1
8a42edb05a61f004ea928fdf008823737843b2cb

SHA256
2b35d4e84095aeb2f68d957674b8dd86e5e1aaf259967106d667b2ac30f175f1

SHA512
8380c960bd938f0028eea632d5fcf3ac5ddc07e34968d1b512b7ddd72bf340d8ae05f395ee9dc4d39a3f852ce3a72e03d194cacdf353ba64dc7abe7c0adc4088

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
28137e6ee92fb4682664fe109b5b72c7

SHA1
e59b57e6a486a0cac6c47350216d4368a69655b2

SHA256
9df162ef51c66d0187623aa4e45368f758091c2e55ec3eb56fa74357ee762be7

SHA512
7f47d82a4ec66641b7379ed109c1287699e13f761ab427fe0cc3b46435feebb1ab6bf33f6b360f7cc70163c3dc502651695e8fc9961436e62bb0f62c69d424dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e60c567ef5b57ec7caee672f45dbf808

SHA1
4bea075438539c71ac06c9e9844692a250caca9c

SHA256
73d5526fa4f6786cf83c038de04a1103f610293dcdc1cb4d9cc79558c94a0835

SHA512
352e942925bb09af48ca594c94aa7e82b6491f4197605839abf42b62eeb8c43f0eddc807e88bc0360445336268eecf6caf53441504f765900ba0657151f71ee7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5d6e25d73998f775970dc0071a23adb0

SHA1
3e28d966e4aa133922090cdb7f3f8c92b277b593

SHA256
013eff03c7e97d02f6e93af822d3c756e3bb0461cdfbcb1381875dbc618313db

SHA512
462c6ce35f182645009e7b9806730258a1af599a3c70e6d437b96174c31cdcbaf1ce4813bb26575ed780d323b95e35f0f2ee91fd1af22d08a6871089779d8987

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
b60fcb62ca27b21f362459c732eef17a

SHA1
bad82b4a38f8cbe9baf839acd2c5c60e54af1493

SHA256
5d8e98d0a4b6885c1fdde3af7c7a9feb83046ead1726cd8c6fe074a558ce0673

SHA512
6d21a8c522bd449d51438d28b113c9cf954db3453dcfc69faaf3ff7bcbfdf1c436663216a0a75082aa254db6cfbddaa62b8aaa0ed857021b155bfa81ba32c3bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
17ef94d4060c6c97b5f2671c7f5a2e32

SHA1
8158186b7b847e73b52f099f7178d5659cb389e1

SHA256
cdbd53c47a99fe908735ac01c5097cfe14ecfab17104f8387f718e480d6dacf2

SHA512
f73e1c6aaa3ea1d95ac7a678aeb236366f8c3feea9d0df976553053f2d1f2edff4cb36ec4f06706b81eab45aa452ccb506e58916d5af5518acb2735997e35b24

Download Submit
C:\Users\Admin\Desktop\Fatality.dll

Filesize
36.1MB

MD5
38bf550f8d73ea9791d7778d9b6b44a8

SHA1
67bf70a4d78f9f18b1af30cd9c85c632b52188c1

SHA256
ed6566cd8828d0d9a7bd2bd7731df7703977d9b18fa7ede31bb8b1835b12da78

SHA512
cfff6d55b90a42be22d09aaf30eed718b71fff8bfddab2404e968359a18ab8aec679a4ca85e144d3527602fd515a03724e897addd68865e796b0a387f582fd7f

Download Submit
C:\Users\Admin\Downloads\Fatality_2.rar.crdownload

Filesize
9.7MB

MD5
8d644b7336981e58669064baedde217b

SHA1
99ac8caf3daabf500a6f324e4ca8224cf68268f2

SHA256
02a7590ab5032fb9131567336dd2cba1dc4cf5dc21b4c68cabde8b7f570ec78f

SHA512
95b38bbbc9a478c3e4daf2d8396447af0458740f1f69409af35f7a21ff56bdab8f9b09118fe4474380f26b0d070f2732315477af9b3fe7ab113b030777dd4098

Download Submit