Analysis Overview
SHA256
c6f282acd5d0af70ec6ab4f261862cd85d982ff68a2bf82a55558b8ddc0b1018
Threat Level: Likely malicious
The file FortnitePorting.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Drops file in Program Files directory
Unsigned PE
Browser Information Discovery
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Modifies registry class
NTFS ADS
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 17:10
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 17:10
Reported
2024-11-13 17:12
Platform
win10v2004-20241007-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
Loads dropped DLL
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Crashpad\metadata | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
| File opened for modification | C:\Program Files\Crashpad\settings.dat | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133759914785431815" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\CustomActivator = "{466f7274-6e69-7465-506f-7274696e6700}" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\AppId = "{466f7274-6e69-7465-506f-7274696e6700}" | C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\AppId = "{466f7274-6e69-7465-506f-7274696e6700}" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\CustomActivator = "{466f7274-6e69-7465-506f-7274696e6700}" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{466f7274-6e69-7465-506f-7274696e6700}\RunAs = "Interactive User" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\IconUri = "C:\\Users\\Admin\\AppData\\Local\\ToastNotificationManagerCompat\\Apps\\FortnitePorting\\Icon.png" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{466f7274-6e69-7465-506f-7274696e6700} | C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\AppId = "{466f7274-6e69-7465-506f-7274696e6700}" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\IconBackgroundColor = "FFDDDDDD" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\IconUri = "C:\\Users\\Admin\\AppData\\Local\\ToastNotificationManagerCompat\\Apps\\FortnitePorting\\Icon.png" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32 | C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\AppId = "{466f7274-6e69-7465-506f-7274696e6700}" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\AppId = "{466f7274-6e69-7465-506f-7274696e6700}" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\CustomActivator = "{466f7274-6e69-7465-506f-7274696e6700}" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{466f7274-6e69-7465-506f-7274696e6700}\RunAs = "Interactive User" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\CustomActivator = "{466f7274-6e69-7465-506f-7274696e6700}" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\DisplayName = "FortnitePorting" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\IconUri = "C:\\Users\\Admin\\AppData\\Local\\ToastNotificationManagerCompat\\Apps\\FortnitePorting\\Icon.png" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\AppId = "{466f7274-6e69-7465-506f-7274696e6700}" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\IconUri = "C:\\Users\\Admin\\AppData\\Local\\ToastNotificationManagerCompat\\Apps\\FortnitePorting\\Icon.png" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\IconBackgroundColor = "FFDDDDDD" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\CustomActivator = "{466f7274-6e69-7465-506f-7274696e6700}" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{466f7274-6e69-7465-506f-7274696e6700}\RunAs = "Interactive User" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\Has7.0.1Fix = "1" | C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\DisplayName = "FortnitePorting" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\DisplayName = "FortnitePorting" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\DisplayName = "FortnitePorting" | C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{466f7274-6e69-7465-506f-7274696e6700}\RunAs = "Interactive User" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\AppId = "{466f7274-6e69-7465-506f-7274696e6700}" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting | C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700} | C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32 | C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\IconUri = "C:\\Users\\Admin\\AppData\\Local\\ToastNotificationManagerCompat\\Apps\\FortnitePorting\\Icon.png" | C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\DisplayName = "FortnitePorting" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\FortnitePorting.exe\" -ToastActivated" | C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\CustomActivator = "{466f7274-6e69-7465-506f-7274696e6700}" | C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\IconUri = "C:\\Users\\Admin\\AppData\\Local\\ToastNotificationManagerCompat\\Apps\\FortnitePorting\\Icon.png" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\CustomActivator = "{466f7274-6e69-7465-506f-7274696e6700}" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\DisplayName = "FortnitePorting" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\IconUri = "C:\\Users\\Admin\\AppData\\Local\\ToastNotificationManagerCompat\\Apps\\FortnitePorting\\Icon.png" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\DisplayName = "FortnitePorting" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700} | C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{466f7274-6e69-7465-506f-7274696e6700}\RunAs = "Interactive User" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\AppId = "{466f7274-6e69-7465-506f-7274696e6700}" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\AppId = "{466f7274-6e69-7465-506f-7274696e6700}" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\CustomActivator = "{466f7274-6e69-7465-506f-7274696e6700}" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\FortnitePorting.exe\" -ToastActivated" | C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{466f7274-6e69-7465-506f-7274696e6700}\RunAs = "Interactive User" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\IconBackgroundColor = "FFDDDDDD" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\CustomActivator = "{466f7274-6e69-7465-506f-7274696e6700}" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID | C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" | C:\Users\Admin\Downloads\FortnitePorting.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 680133.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe
"C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff94344cc40,0x7ff94344cc4c,0x7ff94344cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2156,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1880,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2540 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1944,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2548 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3736,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3684 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4936,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4752 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5012,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5028 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4824,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5032 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4496,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5104 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5256,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5132 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5608,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5672 /prefetch:2
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff73cba4698,0x7ff73cba46a4,0x7ff73cba46b0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5324,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff93f1246f8,0x7ff93f124708,0x7ff93f124718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5224 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x46c 0x3ac
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6552 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 /prefetch:8
C:\Users\Admin\Downloads\FortnitePorting.exe
"C:\Users\Admin\Downloads\FortnitePorting.exe"
C:\Users\Admin\Downloads\FortnitePorting.exe
"C:\Users\Admin\Downloads\FortnitePorting.exe"
C:\Users\Admin\Downloads\FortnitePorting.exe
"C:\Users\Admin\Downloads\FortnitePorting.exe"
C:\Users\Admin\Downloads\FortnitePorting.exe
"C:\Users\Admin\Downloads\FortnitePorting.exe"
C:\Users\Admin\Downloads\FortnitePorting.exe
"C:\Users\Admin\Downloads\FortnitePorting.exe"
C:\Users\Admin\Downloads\FortnitePorting.exe
"C:\Users\Admin\Downloads\FortnitePorting.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\FortnitePorting.exe
"C:\Users\Admin\Downloads\FortnitePorting.exe"
C:\Users\Admin\Downloads\FortnitePorting.exe
"C:\Users\Admin\Downloads\FortnitePorting.exe"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\SkipUpdate.mpv2"
C:\Users\Admin\Downloads\FortnitePorting.exe
"C:\Users\Admin\Downloads\FortnitePorting.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 100.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 216.58.204.78:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 142.250.179.225:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 88.221.135.11:443 | www.bing.com | tcp |
| GB | 88.221.135.11:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 11.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 95.101.143.182:443 | th.bing.com | tcp |
| GB | 95.101.143.182:443 | th.bing.com | tcp |
| GB | 95.101.143.202:443 | th.bing.com | tcp |
| GB | 95.101.143.202:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 182.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 134.252.19.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Costura\FFFF3E44E214F6F0C42D6BFBA606EA3F\64\av_libglesv2.dll
| MD5 | 0c6d7ef9f90b40fe51e67a2ff9f38244 |
| SHA1 | d6cbf5d5b9957028d75d2456f1209b2454072367 |
| SHA256 | caff1be1faee32f7c5bfba9162ee617c347aad40772caa9a1aff794e3a191420 |
| SHA512 | b4cf85ea6be1c8528bfa6126a81faf44132b6978a07cf01af729f68807c7db6ae16fe71eb74135c9db9fe7696094d89330a94217c953b2ee5cce9be4a4e33373 |
C:\Users\Admin\AppData\Local\Temp\Costura\FFFF3E44E214F6F0C42D6BFBA606EA3F\64\blake3_dotnet.dll
| MD5 | a3c084912ba7c8099eda54ed8f56c4ac |
| SHA1 | 7379ddf0b2e05bb587461e8d9d4856feea2c4a55 |
| SHA256 | 4bc8bd9869144b57c58b51a85915fd51e0d22f91e9cf7d6809341e85ab56f720 |
| SHA512 | 7018448625c9b3d58b29cf86951a8b2ced77c5006edc75222dbd81adee86a04b0ead653ad1e61b543c8b6855a575cbdf012fb61db65b580359bbba7e254841cd |
C:\Users\Admin\AppData\Local\Temp\Costura\FFFF3E44E214F6F0C42D6BFBA606EA3F\64\glfw3.dll
| MD5 | 529bf9fb63a41e5cc66cb1fc0b4303d7 |
| SHA1 | 7eeca1b55f2dc9f73e73aa42ef3809955a5ebc74 |
| SHA256 | e15c2dca331d4c15b7f60fbad81f7774ec4cf23c94484d4dc1912c016eaa93ea |
| SHA512 | d8e0905f2687e8059279cdbbc90e77ffc6a40c427714e65fa5b97bc3800938f0c5636e54139f74d3964735a4711b5bcacf38dac83b423f9dd89ffa7f8c0f365a |
C:\Users\Admin\AppData\Local\Temp\Costura\FFFF3E44E214F6F0C42D6BFBA606EA3F\64\libharfbuzzsharp.dll
| MD5 | c22de44419d1a1f1aa059f451fc59016 |
| SHA1 | cff7fc6071b8ccfbaea2ad922071f243d265afea |
| SHA256 | ef5923ef4cdc8612c1825b294174b5b8cc8a056ed0f06b58db56aabc56aaae12 |
| SHA512 | 12f93c7d4548c1c20288d9fd1b2b1b3dd0dec7c1a0c9b12f7f2c1b8045cfbbbd1256e39112f7296c83f93bc6c8fad45390384cc80087edeff46e9d125e3bcbba |
C:\Users\Admin\AppData\Local\Temp\Costura\FFFF3E44E214F6F0C42D6BFBA606EA3F\64\libskiasharp.dll
| MD5 | 26d723bd75b5c6591dfde18b71281920 |
| SHA1 | 47c05d42af2968f83877bb9cbf744c938489f466 |
| SHA256 | 2ca940b7c4621ecd27d2f07c5f46fafa0375f493692cd4e6e1e66c07fbc8109a |
| SHA512 | 90bbdd48588616177354402b91a3fac363f8eb7959af570e6cee1174eeab950077b71ed47645262daf0957ced5b90b3aa5a7146a5d04d52b5c7975a5d31c5ef7 |
\??\pipe\crashpad_812_CIPKFMPWQMVHTLIX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\scoped_dir812_878037108\c04ac51c-e119-40e1-a2aa-f220082dd4dd.tmp
| MD5 | da75bb05d10acc967eecaac040d3d733 |
| SHA1 | 95c08e067df713af8992db113f7e9aec84f17181 |
| SHA256 | 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2 |
| SHA512 | 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef |
C:\Users\Admin\AppData\Local\Temp\scoped_dir812_878037108\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | c818dd65c06ad3459ba316d5c03cd06a |
| SHA1 | 3503958f553274acc039c043359ab60e083aea92 |
| SHA256 | d285dfb65d8c826c2cf9b8b19c11ce588f0d0f23159ed1a217d00281cc81e039 |
| SHA512 | dd94a620c8e847d1f7f146a9b5a21771c3f4970c8d918117366111ba108042258eb9fcc4e7dc1273460329ef80f8fd71fb92102816d336b4ebed4c515681f5c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | da6d9e0de790d0920e4d1eafe19d37e7 |
| SHA1 | bcc9ed21166e881498f8af89c3477bb3185557e1 |
| SHA256 | e8dd1140066823812e3e5b35104e90fb0e89ebe0396df97535b31166682ecef0 |
| SHA512 | b2ddece8f0b87733989eaf2f04474be5bba1153fc1b6359b9f6ba797bf2773025507619e4347f3eb2123fd4aafc491092cd1ac4631857daa6b73c6be1dfe7166 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 71cb7a8b367b6ee5efcb642f1b1f0150 |
| SHA1 | f955dd75b54f0e0b0d6d2e2ae5b7f910cf5344f5 |
| SHA256 | 0c80fa5f295baf06a840ff5b5c4b2b4e4b1c7cd7d41ec77a03e2d361006484a6 |
| SHA512 | 2ba51c4005760ae40c4354f9fae1d706f46632acdf21be18fdc3ee5e67673a8fdfeaa659226fd3d44398c990a80bc2dc91879c99bfe712ce5b1989a63222a368 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5da059d36473d2528497439d180b3a61 |
| SHA1 | c830191983b37c2fa3a094000fa497d36c674c01 |
| SHA256 | 06e2e83bcdfe7228c18d34713e4bebae5e1b9fdd1615cc583b6339c8ee750948 |
| SHA512 | 00ed8a8e2a9ec40b79728f76203e5a7a544c03fa5158aca2142429a3668dea67176ce7e1b1e6f7cb67278a2c439eaf5a19b0f6d6fee51ff2d77cc0e413d8c7af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | f37363028b2e48705d6892c938049ee8 |
| SHA1 | a176b601c2dd7eee8b6daba94f337b2ab902fc27 |
| SHA256 | 5108dbcfa3f1897bc684e7b09f781757b6c2859d25893b1f580d4021bd3c5191 |
| SHA512 | 8cd3ab9f0fda3485ea417787c3ef6e21aad1bda42ce9a38de55dd1c20b29d055eafe05e45640efe2067aa5a3d2364cd1e80a4fc790a925e3cfb1d9a2274c61bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ba6ef346187b40694d493da98d5da979 |
| SHA1 | 643c15bec043f8673943885199bb06cd1652ee37 |
| SHA256 | d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73 |
| SHA512 | 2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\81a07e32-ca36-49ac-a904-bc45c58dc51b.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ae79f8cecf6071ad076f475285dfa954 |
| SHA1 | 54d27941bced30affeb0613f48d589d0dfbd153a |
| SHA256 | b2f1800bf971ab921c5f8549f0a45fe1b44c9367cef9e239d0571d50f9552422 |
| SHA512 | c15da89ca74e96c7acce3cd289c22f69ef78c5e81394ee1e46be54b47dca34f068bdd8e5c59c5af1d3f839826a89ae1319943bfabbb6ce59535a2477d101cfd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 726eb6fc9969331a8ad8942531ea725c |
| SHA1 | 7e652f1b8e566fd9b6d8e251956b15c9b4cdb499 |
| SHA256 | 0daeda57f39e3bde90b351ae9d77d893449a585431b4fb5f2f3d65e386acc85f |
| SHA512 | d2ef8cf585bea5293dd9c64a24d1984e1380230bf637b3e0c78f2d97a2a1012c37bf7002aa7030acbbf705331470b5257a0c33daec962737d5de1d6f7f24667e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 24b240a05632c12639a0925495410de7 |
| SHA1 | 97d9abdec700d4f28af3e2cf84fe5b64a60741e6 |
| SHA256 | 772d6d959bb1393c78a908f50eeacf9cff0d7b62130576f1c2899949d42b640a |
| SHA512 | 517babab36cb5b7bae085256229f92f55a8a9e171354de71031f33bf133d8c34b2c1f588d96895a88cd297ed74caf8381af02b4a3c51b69854ed1fe7efc74994 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7693ad19fbce974f33c6ef1999e5a0a0 |
| SHA1 | 1d1a9f8402ee0b0e90328b2e8ffbb038649a6b36 |
| SHA256 | 8e56a99948c7fda0ec4d37dc696ba2193d1d32c28085ffd86dff5d4ee34aca5e |
| SHA512 | fee983e7907f7d909598b919557c842824dcf98683619cfa80fafa007f0bdb99033db9b44cbd095a5ff9a89b3e6aab647ec92aebe6942a05620822b13d8fbffd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 674d0dfe6a9aeb1068705db3253731af |
| SHA1 | 7f90a44dabf992b5a6b60ff32a1bf0915116107f |
| SHA256 | 8e250d6f65d12556f74836ac3000adecca8005b423878e9f12a13fb95fb943cf |
| SHA512 | 675e9469dbf329bc7baa4955d70364b0c0089f7703784ba6673acf9b68277b0e176aebf273476e7817d1db6ccb0b158c5436180ca7352788bdbbc6faed16e057 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1989b9708a8034ac25cf0a5bca617583 |
| SHA1 | daad4d85c09658bb7864e4cb168b4c8824c5ab75 |
| SHA256 | 67f0cb7e18dc9a4f8c0f8fd9e8f8d435dc838e23c7261be93177e6ce71b4d386 |
| SHA512 | 96a1d2add54a27599d6d8a85478d7d525cbb1991b593ff7244e684492e9b869fdc262be7c509696fcc198eb4fc955755bba1d26cf9a834f67c384212e91e2290 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b654cfc934dd74ab970a87047652cf57 |
| SHA1 | b377242e1804ab888d04fbe83e7a6d321ec2bad0 |
| SHA256 | 1692b961c8b79cbf6577bb40af7ec52e6db5da0fb0ed33399f05830bcc575194 |
| SHA512 | 749cd395227fb1671072e143ee67d522e81bf2112e3b913c235e1fa6c3b670e71a66e9d016f83954c079195d23e81a218401f149514daa9ef1f1239d3e451c26 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | edf0d0f4ce0b705760a154ff875b4ee8 |
| SHA1 | 8483d63f38cf3dd4beca39f13230f428812fa6e2 |
| SHA256 | bd09f12b7e4f4b64b3d5d5f79feaf8d7bea7c414364de2122c6f42599ec133b0 |
| SHA512 | 3e667b49a3e9b2e16a16b02cc1c9e6a60dac6766a9cd1a321ae50a33a27afc1563e0410c3304d81f18e7ef0b3a75ccd8845b456445e2c629e7aa1c8694445a71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8ac172f4b2957d973aa55afe99289785 |
| SHA1 | c84940021f56b66fee23db13cb2fd6c59889e460 |
| SHA256 | 42790f29b8c8c0de550ab3a53bfa3868996ed1cc8e6af67ab51007dea7c09bd7 |
| SHA512 | f6dda197d18f89d68a0b596d83cf651dacae04057ffe5bd1a69d0bb08064f062a30d870cd5cff3f4ffe25eae65c3b8d31320343815bff9aba0d25de42ffca4f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 52f6227640a05e17a8447b04f2dc20a2 |
| SHA1 | 89af5702cfd8bf5c442769a1db56f0de31b6a83f |
| SHA256 | 7899aec86c1eaab3e13416f1312f349ab03c82ebf135df54435999dcf058560d |
| SHA512 | c109bb3d0a5c5f21c5af0563fe129c7fbd5880dfaa82f1b41dd608860f8ecb6814e7f18b8c7e542175476e3742335f520e90c684ec9a6356d08cfb530024820b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a8ce.TMP
| MD5 | 4ba1f32b2b0b7790a1c02f384bf67229 |
| SHA1 | 70965fb1ce41b9024b0a6eaf59ce6441c02ebf39 |
| SHA256 | 6e7cee2f5e6405a3e1209065d4200afa065f506d544be209b2a731541732c4ee |
| SHA512 | 861210a6cea132485e4831caf5893d984b99500e66e60b31348e80dda73fba5bd456904a1dd4f5648b593eb2fdcd06861518b3def3d952c92a9f9bd4a095f293 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1f66fbbff2afc83ec8d4e0aa7129783f |
| SHA1 | 2a09ca764728e63e87d2a3b30f42c47dee919853 |
| SHA256 | 2d4a1acdf8e8b8a7236a3f444f4feb719ead7f8a42ad33c5166fdaee1ee1ac8d |
| SHA512 | c3accce01f8bc96c6ea18bda4de201bb0ace8795205f933c8883c81ddcc954c8b4976cc0c651ecfa079b0a9f4e76a532cc81f49a682db32aace46fce2ec770b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 54fcee1c4486dc88cb3f7f0499634196 |
| SHA1 | 0e976c9cd06b855741eb22d531cf657434e3c64d |
| SHA256 | 12ad2bb1ca689c6fbc7c26e470c7a60269c471d195507f75053ee0be2a00a1e5 |
| SHA512 | 17ece4a9ca0a42711bf73c86ce9e2fae18489a86d495f974a2a63a457cbb389fbaf5c91ebc95a74abc4d1c7924fa705c6c42ec45564d6fe1453fa62981e80ddd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1e39f73d2b23d505556ccb6128180743 |
| SHA1 | 3295531f7bc40758623965cc6310c7fb379ec996 |
| SHA256 | b21673c0427d49aa749afc8ded147cf0d7f078b2b94f1a8e81a18e1c85ab5952 |
| SHA512 | bbffb9c04a3a7d494546fde0aaad5c84c1487d2eb38b8e78e49a1eed522b95fca3652c11e9249ab857a057ff6d7871ccf495172b8162a6c92a3eb4746909fb65 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FortnitePorting.lnk
| MD5 | ddb5206049eae89169780dd2b54280f0 |
| SHA1 | c3ff0a2a9a5a4a6201e5498e25cc971ffda980ef |
| SHA256 | 07e0ccabae2a691f65d53ccc99d9f8583552085f38ce4e7649f6ff9d4cfd22e8 |
| SHA512 | 3d1cfeb30c6eda974dc328a53994a65e009ba20a21ad6c905eecdd1397e2bf3a85f8351469fac28b594fc4e16ae101a591b193f52aa5b20ebabcce134a92c7d8 |
C:\Users\Admin\AppData\Local\ToastNotificationManagerCompat\Apps\FortnitePorting\Icon.png
| MD5 | 545f93bc2c9044a70eb45d444845d14c |
| SHA1 | febc12f22a9c5ff59264222d407fda45cf7d072a |
| SHA256 | 5faef96dab4b4a565a1382884da59e6b4f937c393566a28602e27fe5f740fdf4 |
| SHA512 | d6bc1f6c60ad0f08647d47181edba89f69cd250c1bb563cfb00b52d43e23c075d59fcab3181975dc24595886a933e2326d81129540bcca1e745218243b99df4c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e579003c0062f7386a91b296cf7a9c55 |
| SHA1 | 2140815c3bbb0e29412344e83aa1c25c86087e1d |
| SHA256 | 24b6f7db506c8b10292fbb9a336827969dbed765b01f8269256c34cdb2a85229 |
| SHA512 | 70c79fd4aac2f909ab5747b6e64d3eb60909b49c42360df01fe1ade00f6d7bdac8a9c1ed3844fa8aa588e97ec22bdba57e5059960c2164258ef1709782d6be6a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 87f84fd0c4bfd912657d5b3c7f0fb09a |
| SHA1 | 7e7f0ea2c3860f6b9713efeeca860fced8c6c83e |
| SHA256 | b09a4589b52e187da74a3a433bc2da03708554ea82764fab21d6fa534df6e511 |
| SHA512 | c5a62f7f7f13fa094d2042248801f026009a42fcb902fa73bf4208d01b9294d4bd25d999f86924f67cacdf8d270efdfa3aab4dad12cf6accdfa28ea24a720b1c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4eebbdcf52869d5e9772737396d89225 |
| SHA1 | 38359f29b7e98a3a2d0137497aad6771d8be0129 |
| SHA256 | 05d598bd53a7a6eaaf4fd4a8e44114beec9cb063d7fdf21dbd8482d011a475f4 |
| SHA512 | bcd3c7516dd09b855b6029e0ec437b369af0ffff69cd6634323daa4e648ba999a960627093cc9085890f56ab3b744670c2aa564c2a7815171a9e91889125ec8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9272160e88edb6476f5743022a8a4b39 |
| SHA1 | 72388b4b415440f20e920ca6d993616a4fe87747 |
| SHA256 | 194973a38b71d5b558eb0d6185241645615995a19edbda78c911c05511b74a30 |
| SHA512 | 7aa88feefce0f461739351974b255d796eb3150ec97d592f13f8629eb09cc37c744f7dff934a3c4b5d98249c01f42bdd18bd5976d646242428b721603076ec47 |
memory/3336-985-0x00007FF6D8F00000-0x00007FF6D8FF8000-memory.dmp
memory/3336-986-0x00007FF9525C0000-0x00007FF9525F4000-memory.dmp
memory/3336-987-0x00007FF93B8C0000-0x00007FF93BB76000-memory.dmp
memory/3336-988-0x00007FF936FF0000-0x00007FF9380A0000-memory.dmp