Malware Analysis Report

2024-12-07 11:38

Sample ID 241113-vpy76swcmd
Target FortnitePorting.exe
SHA256 c6f282acd5d0af70ec6ab4f261862cd85d982ff68a2bf82a55558b8ddc0b1018
Tags
discovery persistence privilege_escalation
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

c6f282acd5d0af70ec6ab4f261862cd85d982ff68a2bf82a55558b8ddc0b1018

Threat Level: Likely malicious

The file FortnitePorting.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence privilege_escalation

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Drops file in Program Files directory

Unsigned PE

Browser Information Discovery

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Modifies registry class

NTFS ADS

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 17:10

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 17:10

Reported

2024-11-13 17:12

Platform

win10v2004-20241007-en

Max time kernel

119s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\FortnitePorting.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A
N/A N/A C:\Users\Admin\Downloads\FortnitePorting.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Crashpad\metadata C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A
File opened for modification C:\Program Files\Crashpad\settings.dat C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133759914785431815" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\CustomActivator = "{466f7274-6e69-7465-506f-7274696e6700}" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\AppId = "{466f7274-6e69-7465-506f-7274696e6700}" C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\AppId = "{466f7274-6e69-7465-506f-7274696e6700}" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\CustomActivator = "{466f7274-6e69-7465-506f-7274696e6700}" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{466f7274-6e69-7465-506f-7274696e6700}\RunAs = "Interactive User" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\IconUri = "C:\\Users\\Admin\\AppData\\Local\\ToastNotificationManagerCompat\\Apps\\FortnitePorting\\Icon.png" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{466f7274-6e69-7465-506f-7274696e6700} C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\AppId = "{466f7274-6e69-7465-506f-7274696e6700}" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\IconBackgroundColor = "FFDDDDDD" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\IconUri = "C:\\Users\\Admin\\AppData\\Local\\ToastNotificationManagerCompat\\Apps\\FortnitePorting\\Icon.png" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32 C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\AppId = "{466f7274-6e69-7465-506f-7274696e6700}" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\AppId = "{466f7274-6e69-7465-506f-7274696e6700}" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\CustomActivator = "{466f7274-6e69-7465-506f-7274696e6700}" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{466f7274-6e69-7465-506f-7274696e6700}\RunAs = "Interactive User" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\CustomActivator = "{466f7274-6e69-7465-506f-7274696e6700}" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\DisplayName = "FortnitePorting" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\IconUri = "C:\\Users\\Admin\\AppData\\Local\\ToastNotificationManagerCompat\\Apps\\FortnitePorting\\Icon.png" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\AppId = "{466f7274-6e69-7465-506f-7274696e6700}" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\IconUri = "C:\\Users\\Admin\\AppData\\Local\\ToastNotificationManagerCompat\\Apps\\FortnitePorting\\Icon.png" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\IconBackgroundColor = "FFDDDDDD" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\CustomActivator = "{466f7274-6e69-7465-506f-7274696e6700}" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{466f7274-6e69-7465-506f-7274696e6700}\RunAs = "Interactive User" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\Has7.0.1Fix = "1" C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\DisplayName = "FortnitePorting" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\DisplayName = "FortnitePorting" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\DisplayName = "FortnitePorting" C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{466f7274-6e69-7465-506f-7274696e6700}\RunAs = "Interactive User" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\AppId = "{466f7274-6e69-7465-506f-7274696e6700}" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700} C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32 C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\IconUri = "C:\\Users\\Admin\\AppData\\Local\\ToastNotificationManagerCompat\\Apps\\FortnitePorting\\Icon.png" C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\DisplayName = "FortnitePorting" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\FortnitePorting.exe\" -ToastActivated" C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\CustomActivator = "{466f7274-6e69-7465-506f-7274696e6700}" C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\IconUri = "C:\\Users\\Admin\\AppData\\Local\\ToastNotificationManagerCompat\\Apps\\FortnitePorting\\Icon.png" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\CustomActivator = "{466f7274-6e69-7465-506f-7274696e6700}" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\DisplayName = "FortnitePorting" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\IconUri = "C:\\Users\\Admin\\AppData\\Local\\ToastNotificationManagerCompat\\Apps\\FortnitePorting\\Icon.png" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\DisplayName = "FortnitePorting" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700} C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{466f7274-6e69-7465-506f-7274696e6700}\RunAs = "Interactive User" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\AppId = "{466f7274-6e69-7465-506f-7274696e6700}" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\AppId = "{466f7274-6e69-7465-506f-7274696e6700}" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\CustomActivator = "{466f7274-6e69-7465-506f-7274696e6700}" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\FortnitePorting.exe\" -ToastActivated" C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{466f7274-6e69-7465-506f-7274696e6700}\RunAs = "Interactive User" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\IconBackgroundColor = "FFDDDDDD" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\AppUserModelId\FortnitePorting\CustomActivator = "{466f7274-6e69-7465-506f-7274696e6700}" C:\Users\Admin\Downloads\FortnitePorting.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{466f7274-6e69-7465-506f-7274696e6700}\LocalServer32\ = "\"C:\\Users\\Admin\\Downloads\\FortnitePorting.exe\" -ToastActivated" C:\Users\Admin\Downloads\FortnitePorting.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 680133.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 812 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 1732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 1732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 812 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe

"C:\Users\Admin\AppData\Local\Temp\FortnitePorting.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff94344cc40,0x7ff94344cc4c,0x7ff94344cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2156,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1880,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2540 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1944,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2548 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3736,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3684 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4936,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4752 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5012,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5028 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4824,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5032 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4496,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5104 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5256,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5132 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5608,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5672 /prefetch:2

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff73cba4698,0x7ff73cba46a4,0x7ff73cba46b0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5324,i,10231069600840390273,15074662372428281877,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff93f1246f8,0x7ff93f124708,0x7ff93f124718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5224 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x46c 0x3ac

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6056 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6552 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,15157142868436337049,9744804617280513872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 /prefetch:8

C:\Users\Admin\Downloads\FortnitePorting.exe

"C:\Users\Admin\Downloads\FortnitePorting.exe"

C:\Users\Admin\Downloads\FortnitePorting.exe

"C:\Users\Admin\Downloads\FortnitePorting.exe"

C:\Users\Admin\Downloads\FortnitePorting.exe

"C:\Users\Admin\Downloads\FortnitePorting.exe"

C:\Users\Admin\Downloads\FortnitePorting.exe

"C:\Users\Admin\Downloads\FortnitePorting.exe"

C:\Users\Admin\Downloads\FortnitePorting.exe

"C:\Users\Admin\Downloads\FortnitePorting.exe"

C:\Users\Admin\Downloads\FortnitePorting.exe

"C:\Users\Admin\Downloads\FortnitePorting.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\FortnitePorting.exe

"C:\Users\Admin\Downloads\FortnitePorting.exe"

C:\Users\Admin\Downloads\FortnitePorting.exe

"C:\Users\Admin\Downloads\FortnitePorting.exe"

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\SkipUpdate.mpv2"

C:\Users\Admin\Downloads\FortnitePorting.exe

"C:\Users\Admin\Downloads\FortnitePorting.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
GB 216.58.201.100:443 www.google.com tcp
GB 216.58.201.100:443 www.google.com udp
US 8.8.8.8:53 100.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 216.58.204.78:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 142.250.179.225:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 225.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
GB 88.221.135.11:443 www.bing.com tcp
GB 88.221.135.11:443 www.bing.com tcp
US 8.8.8.8:53 11.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 95.101.143.182:443 th.bing.com tcp
GB 95.101.143.182:443 th.bing.com tcp
GB 95.101.143.202:443 th.bing.com tcp
GB 95.101.143.202:443 th.bing.com tcp
US 8.8.8.8:53 182.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 202.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 104.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.252.134:443 aefd.nelreports.net tcp
US 8.8.8.8:53 134.252.19.2.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\Costura\FFFF3E44E214F6F0C42D6BFBA606EA3F\64\av_libglesv2.dll

MD5 0c6d7ef9f90b40fe51e67a2ff9f38244
SHA1 d6cbf5d5b9957028d75d2456f1209b2454072367
SHA256 caff1be1faee32f7c5bfba9162ee617c347aad40772caa9a1aff794e3a191420
SHA512 b4cf85ea6be1c8528bfa6126a81faf44132b6978a07cf01af729f68807c7db6ae16fe71eb74135c9db9fe7696094d89330a94217c953b2ee5cce9be4a4e33373

C:\Users\Admin\AppData\Local\Temp\Costura\FFFF3E44E214F6F0C42D6BFBA606EA3F\64\blake3_dotnet.dll

MD5 a3c084912ba7c8099eda54ed8f56c4ac
SHA1 7379ddf0b2e05bb587461e8d9d4856feea2c4a55
SHA256 4bc8bd9869144b57c58b51a85915fd51e0d22f91e9cf7d6809341e85ab56f720
SHA512 7018448625c9b3d58b29cf86951a8b2ced77c5006edc75222dbd81adee86a04b0ead653ad1e61b543c8b6855a575cbdf012fb61db65b580359bbba7e254841cd

C:\Users\Admin\AppData\Local\Temp\Costura\FFFF3E44E214F6F0C42D6BFBA606EA3F\64\glfw3.dll

MD5 529bf9fb63a41e5cc66cb1fc0b4303d7
SHA1 7eeca1b55f2dc9f73e73aa42ef3809955a5ebc74
SHA256 e15c2dca331d4c15b7f60fbad81f7774ec4cf23c94484d4dc1912c016eaa93ea
SHA512 d8e0905f2687e8059279cdbbc90e77ffc6a40c427714e65fa5b97bc3800938f0c5636e54139f74d3964735a4711b5bcacf38dac83b423f9dd89ffa7f8c0f365a

C:\Users\Admin\AppData\Local\Temp\Costura\FFFF3E44E214F6F0C42D6BFBA606EA3F\64\libharfbuzzsharp.dll

MD5 c22de44419d1a1f1aa059f451fc59016
SHA1 cff7fc6071b8ccfbaea2ad922071f243d265afea
SHA256 ef5923ef4cdc8612c1825b294174b5b8cc8a056ed0f06b58db56aabc56aaae12
SHA512 12f93c7d4548c1c20288d9fd1b2b1b3dd0dec7c1a0c9b12f7f2c1b8045cfbbbd1256e39112f7296c83f93bc6c8fad45390384cc80087edeff46e9d125e3bcbba

C:\Users\Admin\AppData\Local\Temp\Costura\FFFF3E44E214F6F0C42D6BFBA606EA3F\64\libskiasharp.dll

MD5 26d723bd75b5c6591dfde18b71281920
SHA1 47c05d42af2968f83877bb9cbf744c938489f466
SHA256 2ca940b7c4621ecd27d2f07c5f46fafa0375f493692cd4e6e1e66c07fbc8109a
SHA512 90bbdd48588616177354402b91a3fac363f8eb7959af570e6cee1174eeab950077b71ed47645262daf0957ced5b90b3aa5a7146a5d04d52b5c7975a5d31c5ef7

\??\pipe\crashpad_812_CIPKFMPWQMVHTLIX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\scoped_dir812_878037108\c04ac51c-e119-40e1-a2aa-f220082dd4dd.tmp

MD5 da75bb05d10acc967eecaac040d3d733
SHA1 95c08e067df713af8992db113f7e9aec84f17181
SHA256 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA512 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

C:\Users\Admin\AppData\Local\Temp\scoped_dir812_878037108\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 c818dd65c06ad3459ba316d5c03cd06a
SHA1 3503958f553274acc039c043359ab60e083aea92
SHA256 d285dfb65d8c826c2cf9b8b19c11ce588f0d0f23159ed1a217d00281cc81e039
SHA512 dd94a620c8e847d1f7f146a9b5a21771c3f4970c8d918117366111ba108042258eb9fcc4e7dc1273460329ef80f8fd71fb92102816d336b4ebed4c515681f5c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 da6d9e0de790d0920e4d1eafe19d37e7
SHA1 bcc9ed21166e881498f8af89c3477bb3185557e1
SHA256 e8dd1140066823812e3e5b35104e90fb0e89ebe0396df97535b31166682ecef0
SHA512 b2ddece8f0b87733989eaf2f04474be5bba1153fc1b6359b9f6ba797bf2773025507619e4347f3eb2123fd4aafc491092cd1ac4631857daa6b73c6be1dfe7166

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 71cb7a8b367b6ee5efcb642f1b1f0150
SHA1 f955dd75b54f0e0b0d6d2e2ae5b7f910cf5344f5
SHA256 0c80fa5f295baf06a840ff5b5c4b2b4e4b1c7cd7d41ec77a03e2d361006484a6
SHA512 2ba51c4005760ae40c4354f9fae1d706f46632acdf21be18fdc3ee5e67673a8fdfeaa659226fd3d44398c990a80bc2dc91879c99bfe712ce5b1989a63222a368

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5da059d36473d2528497439d180b3a61
SHA1 c830191983b37c2fa3a094000fa497d36c674c01
SHA256 06e2e83bcdfe7228c18d34713e4bebae5e1b9fdd1615cc583b6339c8ee750948
SHA512 00ed8a8e2a9ec40b79728f76203e5a7a544c03fa5158aca2142429a3668dea67176ce7e1b1e6f7cb67278a2c439eaf5a19b0f6d6fee51ff2d77cc0e413d8c7af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 f37363028b2e48705d6892c938049ee8
SHA1 a176b601c2dd7eee8b6daba94f337b2ab902fc27
SHA256 5108dbcfa3f1897bc684e7b09f781757b6c2859d25893b1f580d4021bd3c5191
SHA512 8cd3ab9f0fda3485ea417787c3ef6e21aad1bda42ce9a38de55dd1c20b29d055eafe05e45640efe2067aa5a3d2364cd1e80a4fc790a925e3cfb1d9a2274c61bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ba6ef346187b40694d493da98d5da979
SHA1 643c15bec043f8673943885199bb06cd1652ee37
SHA256 d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73
SHA512 2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\81a07e32-ca36-49ac-a904-bc45c58dc51b.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ae79f8cecf6071ad076f475285dfa954
SHA1 54d27941bced30affeb0613f48d589d0dfbd153a
SHA256 b2f1800bf971ab921c5f8549f0a45fe1b44c9367cef9e239d0571d50f9552422
SHA512 c15da89ca74e96c7acce3cd289c22f69ef78c5e81394ee1e46be54b47dca34f068bdd8e5c59c5af1d3f839826a89ae1319943bfabbb6ce59535a2477d101cfd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 726eb6fc9969331a8ad8942531ea725c
SHA1 7e652f1b8e566fd9b6d8e251956b15c9b4cdb499
SHA256 0daeda57f39e3bde90b351ae9d77d893449a585431b4fb5f2f3d65e386acc85f
SHA512 d2ef8cf585bea5293dd9c64a24d1984e1380230bf637b3e0c78f2d97a2a1012c37bf7002aa7030acbbf705331470b5257a0c33daec962737d5de1d6f7f24667e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 24b240a05632c12639a0925495410de7
SHA1 97d9abdec700d4f28af3e2cf84fe5b64a60741e6
SHA256 772d6d959bb1393c78a908f50eeacf9cff0d7b62130576f1c2899949d42b640a
SHA512 517babab36cb5b7bae085256229f92f55a8a9e171354de71031f33bf133d8c34b2c1f588d96895a88cd297ed74caf8381af02b4a3c51b69854ed1fe7efc74994

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7693ad19fbce974f33c6ef1999e5a0a0
SHA1 1d1a9f8402ee0b0e90328b2e8ffbb038649a6b36
SHA256 8e56a99948c7fda0ec4d37dc696ba2193d1d32c28085ffd86dff5d4ee34aca5e
SHA512 fee983e7907f7d909598b919557c842824dcf98683619cfa80fafa007f0bdb99033db9b44cbd095a5ff9a89b3e6aab647ec92aebe6942a05620822b13d8fbffd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 674d0dfe6a9aeb1068705db3253731af
SHA1 7f90a44dabf992b5a6b60ff32a1bf0915116107f
SHA256 8e250d6f65d12556f74836ac3000adecca8005b423878e9f12a13fb95fb943cf
SHA512 675e9469dbf329bc7baa4955d70364b0c0089f7703784ba6673acf9b68277b0e176aebf273476e7817d1db6ccb0b158c5436180ca7352788bdbbc6faed16e057

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1989b9708a8034ac25cf0a5bca617583
SHA1 daad4d85c09658bb7864e4cb168b4c8824c5ab75
SHA256 67f0cb7e18dc9a4f8c0f8fd9e8f8d435dc838e23c7261be93177e6ce71b4d386
SHA512 96a1d2add54a27599d6d8a85478d7d525cbb1991b593ff7244e684492e9b869fdc262be7c509696fcc198eb4fc955755bba1d26cf9a834f67c384212e91e2290

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b654cfc934dd74ab970a87047652cf57
SHA1 b377242e1804ab888d04fbe83e7a6d321ec2bad0
SHA256 1692b961c8b79cbf6577bb40af7ec52e6db5da0fb0ed33399f05830bcc575194
SHA512 749cd395227fb1671072e143ee67d522e81bf2112e3b913c235e1fa6c3b670e71a66e9d016f83954c079195d23e81a218401f149514daa9ef1f1239d3e451c26

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 edf0d0f4ce0b705760a154ff875b4ee8
SHA1 8483d63f38cf3dd4beca39f13230f428812fa6e2
SHA256 bd09f12b7e4f4b64b3d5d5f79feaf8d7bea7c414364de2122c6f42599ec133b0
SHA512 3e667b49a3e9b2e16a16b02cc1c9e6a60dac6766a9cd1a321ae50a33a27afc1563e0410c3304d81f18e7ef0b3a75ccd8845b456445e2c629e7aa1c8694445a71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8ac172f4b2957d973aa55afe99289785
SHA1 c84940021f56b66fee23db13cb2fd6c59889e460
SHA256 42790f29b8c8c0de550ab3a53bfa3868996ed1cc8e6af67ab51007dea7c09bd7
SHA512 f6dda197d18f89d68a0b596d83cf651dacae04057ffe5bd1a69d0bb08064f062a30d870cd5cff3f4ffe25eae65c3b8d31320343815bff9aba0d25de42ffca4f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 52f6227640a05e17a8447b04f2dc20a2
SHA1 89af5702cfd8bf5c442769a1db56f0de31b6a83f
SHA256 7899aec86c1eaab3e13416f1312f349ab03c82ebf135df54435999dcf058560d
SHA512 c109bb3d0a5c5f21c5af0563fe129c7fbd5880dfaa82f1b41dd608860f8ecb6814e7f18b8c7e542175476e3742335f520e90c684ec9a6356d08cfb530024820b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a8ce.TMP

MD5 4ba1f32b2b0b7790a1c02f384bf67229
SHA1 70965fb1ce41b9024b0a6eaf59ce6441c02ebf39
SHA256 6e7cee2f5e6405a3e1209065d4200afa065f506d544be209b2a731541732c4ee
SHA512 861210a6cea132485e4831caf5893d984b99500e66e60b31348e80dda73fba5bd456904a1dd4f5648b593eb2fdcd06861518b3def3d952c92a9f9bd4a095f293

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1f66fbbff2afc83ec8d4e0aa7129783f
SHA1 2a09ca764728e63e87d2a3b30f42c47dee919853
SHA256 2d4a1acdf8e8b8a7236a3f444f4feb719ead7f8a42ad33c5166fdaee1ee1ac8d
SHA512 c3accce01f8bc96c6ea18bda4de201bb0ace8795205f933c8883c81ddcc954c8b4976cc0c651ecfa079b0a9f4e76a532cc81f49a682db32aace46fce2ec770b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 54fcee1c4486dc88cb3f7f0499634196
SHA1 0e976c9cd06b855741eb22d531cf657434e3c64d
SHA256 12ad2bb1ca689c6fbc7c26e470c7a60269c471d195507f75053ee0be2a00a1e5
SHA512 17ece4a9ca0a42711bf73c86ce9e2fae18489a86d495f974a2a63a457cbb389fbaf5c91ebc95a74abc4d1c7924fa705c6c42ec45564d6fe1453fa62981e80ddd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1e39f73d2b23d505556ccb6128180743
SHA1 3295531f7bc40758623965cc6310c7fb379ec996
SHA256 b21673c0427d49aa749afc8ded147cf0d7f078b2b94f1a8e81a18e1c85ab5952
SHA512 bbffb9c04a3a7d494546fde0aaad5c84c1487d2eb38b8e78e49a1eed522b95fca3652c11e9249ab857a057ff6d7871ccf495172b8162a6c92a3eb4746909fb65

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FortnitePorting.lnk

MD5 ddb5206049eae89169780dd2b54280f0
SHA1 c3ff0a2a9a5a4a6201e5498e25cc971ffda980ef
SHA256 07e0ccabae2a691f65d53ccc99d9f8583552085f38ce4e7649f6ff9d4cfd22e8
SHA512 3d1cfeb30c6eda974dc328a53994a65e009ba20a21ad6c905eecdd1397e2bf3a85f8351469fac28b594fc4e16ae101a591b193f52aa5b20ebabcce134a92c7d8

C:\Users\Admin\AppData\Local\ToastNotificationManagerCompat\Apps\FortnitePorting\Icon.png

MD5 545f93bc2c9044a70eb45d444845d14c
SHA1 febc12f22a9c5ff59264222d407fda45cf7d072a
SHA256 5faef96dab4b4a565a1382884da59e6b4f937c393566a28602e27fe5f740fdf4
SHA512 d6bc1f6c60ad0f08647d47181edba89f69cd250c1bb563cfb00b52d43e23c075d59fcab3181975dc24595886a933e2326d81129540bcca1e745218243b99df4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e579003c0062f7386a91b296cf7a9c55
SHA1 2140815c3bbb0e29412344e83aa1c25c86087e1d
SHA256 24b6f7db506c8b10292fbb9a336827969dbed765b01f8269256c34cdb2a85229
SHA512 70c79fd4aac2f909ab5747b6e64d3eb60909b49c42360df01fe1ade00f6d7bdac8a9c1ed3844fa8aa588e97ec22bdba57e5059960c2164258ef1709782d6be6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 87f84fd0c4bfd912657d5b3c7f0fb09a
SHA1 7e7f0ea2c3860f6b9713efeeca860fced8c6c83e
SHA256 b09a4589b52e187da74a3a433bc2da03708554ea82764fab21d6fa534df6e511
SHA512 c5a62f7f7f13fa094d2042248801f026009a42fcb902fa73bf4208d01b9294d4bd25d999f86924f67cacdf8d270efdfa3aab4dad12cf6accdfa28ea24a720b1c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4eebbdcf52869d5e9772737396d89225
SHA1 38359f29b7e98a3a2d0137497aad6771d8be0129
SHA256 05d598bd53a7a6eaaf4fd4a8e44114beec9cb063d7fdf21dbd8482d011a475f4
SHA512 bcd3c7516dd09b855b6029e0ec437b369af0ffff69cd6634323daa4e648ba999a960627093cc9085890f56ab3b744670c2aa564c2a7815171a9e91889125ec8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9272160e88edb6476f5743022a8a4b39
SHA1 72388b4b415440f20e920ca6d993616a4fe87747
SHA256 194973a38b71d5b558eb0d6185241645615995a19edbda78c911c05511b74a30
SHA512 7aa88feefce0f461739351974b255d796eb3150ec97d592f13f8629eb09cc37c744f7dff934a3c4b5d98249c01f42bdd18bd5976d646242428b721603076ec47

memory/3336-985-0x00007FF6D8F00000-0x00007FF6D8FF8000-memory.dmp

memory/3336-986-0x00007FF9525C0000-0x00007FF9525F4000-memory.dmp

memory/3336-987-0x00007FF93B8C0000-0x00007FF93BB76000-memory.dmp

memory/3336-988-0x00007FF936FF0000-0x00007FF9380A0000-memory.dmp