lumma | b029393ea7b7cf644fb1c9f984f57c1980077562ee2e15d0ffd049c4c48098d3

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2024 05:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

desktop.ini
Size

282B
MD5

3a37312509712d4e12d27240137ff377
SHA1

30ced927e23b584725cf16351394175a6d2a9577
SHA256

b029393ea7b7cf644fb1c9f984f57c1980077562ee2e15d0ffd049c4c48098d3
SHA512

dbb9abe70f8a781d141a71651a62a3a743c71a75a8305e9d23af92f7307fb639dc4a85499115885e2a781b040cbb7613f582544c2d6de521e588531e9c294b05

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://covvercilverow.shop/api

https://surroundeocw.shop/api

https://abortinoiwiam.shop/api

https://pumpkinkwquo.shop/api

https://priooozekw.shop/api

https://deallyharvenw.shop/api

https://defenddsouneuw.shop/api

https://racedsuitreow.shop/api

https://roaddrermncomplai.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Loads dropped DLL 2 IoCs

Processes:

FORTNITE MACROS EDITOR V2.5.exeFORTNITE MACROS EDITOR V2.5.exe

pid	Process
1336	FORTNITE MACROS EDITOR V2.5.exe
1928	FORTNITE MACROS EDITOR V2.5.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

FORTNITE MACROS EDITOR V2.5.exeFORTNITE MACROS EDITOR V2.5.exe

description	pid	Process	procid_target
PID 1336 set thread context of 4476	1336	FORTNITE MACROS EDITOR V2.5.exe	123
PID 1928 set thread context of 4680	1928	FORTNITE MACROS EDITOR V2.5.exe	129

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

aspnet_regiis.exeFORTNITE MACROS EDITOR V2.5.exeaspnet_regiis.exeFORTNITE MACROS EDITOR V2.5.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FORTNITE MACROS EDITOR V2.5.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FORTNITE MACROS EDITOR V2.5.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133770716963080712"	chrome.exe

Modifies registry class 15 IoCs

Processes:

chrome.exeOpenWith.exeOpenWith.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\md_auto_file	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\읒⍭ᴀ谀耋	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\읒⍭ᴀ谀耋\ = "md_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\md_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\md_auto_file\shell\open	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.md	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\.md\ = "md_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\md_auto_file\shell\edit	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\md_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\md_auto_file\shell\open\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\md_auto_file\shell\edit\command	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\md_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

Processes:

NOTEPAD.EXE

pid	Process
5088	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exetaskmgr.exe

pid	Process
2860	chrome.exe
2860	chrome.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

OpenWith.exetaskmgr.exe

pid	Process
3000	OpenWith.exe
968	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exe

pid	Process
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exetaskmgr.exe

pid	Process
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exetaskmgr.exe

pid	Process
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe
968	taskmgr.exe

Suspicious use of SetWindowsHookEx 26 IoCs

Processes:

OpenWith.exeOpenWith.exe

pid	Process
2560	OpenWith.exe
3000	OpenWith.exe
3000	OpenWith.exe
3000	OpenWith.exe
3000	OpenWith.exe
3000	OpenWith.exe
3000	OpenWith.exe
3000	OpenWith.exe
3000	OpenWith.exe
3000	OpenWith.exe
3000	OpenWith.exe
3000	OpenWith.exe
3000	OpenWith.exe
3000	OpenWith.exe
3000	OpenWith.exe
3000	OpenWith.exe
3000	OpenWith.exe
3000	OpenWith.exe
3000	OpenWith.exe
3000	OpenWith.exe
3000	OpenWith.exe
3000	OpenWith.exe
3000	OpenWith.exe
3000	OpenWith.exe
3000	OpenWith.exe
3000	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 2860 wrote to memory of 3140	2860	chrome.exe	93
PID 2860 wrote to memory of 3140	2860	chrome.exe	93
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 3848	2860	chrome.exe	94
PID 2860 wrote to memory of 220	2860	chrome.exe	95
PID 2860 wrote to memory of 220	2860	chrome.exe	95
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96
PID 2860 wrote to memory of 720	2860	chrome.exe	96

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\desktop.ini
1⤵
- Opens file in notepad (likely ransom note)
PID:5088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc094cc40,0x7ffdc094cc4c,0x7ffdc094cc58
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,850231590990629939,16430874050598386108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1892,i,850231590990629939,16430874050598386108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2312,i,850231590990629939,16430874050598386108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,850231590990629939,16430874050598386108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3304,i,850231590990629939,16430874050598386108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3704,i,850231590990629939,16430874050598386108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4680,i,850231590990629939,16430874050598386108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5024,i,850231590990629939,16430874050598386108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5260,i,850231590990629939,16430874050598386108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4592,i,850231590990629939,16430874050598386108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4896,i,850231590990629939,16430874050598386108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3520,i,850231590990629939,16430874050598386108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4516 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5400,i,850231590990629939,16430874050598386108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4404 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3400,i,850231590990629939,16430874050598386108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4992,i,850231590990629939,16430874050598386108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4588,i,850231590990629939,16430874050598386108,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5892 /prefetch:8
  2⤵
  PID:1184

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1656

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3620

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3264

C:\Users\Admin\Downloads\FORTNITE-MACROS-EDITOR-V2.5-main\FORTNITE MACROS EDITOR V2.5.exe
"C:\Users\Admin\Downloads\FORTNITE-MACROS-EDITOR-V2.5-main\FORTNITE MACROS EDITOR V2.5.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1336
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4476

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:968

C:\Users\Admin\Downloads\FORTNITE-MACROS-EDITOR-V2.5-main\FORTNITE MACROS EDITOR V2.5.exe
"C:\Users\Admin\Downloads\FORTNITE-MACROS-EDITOR-V2.5-main\FORTNITE MACROS EDITOR V2.5.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1928
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4680

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3000
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\FORTNITE-MACROS-EDITOR-V2.5-main\README.md
  2⤵
  PID:2436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b00a2e356351e191577ec13f3ac8855f

SHA1
7e78987c7b130c9a527313399abb4f2602df2285

SHA256
f0f7279e6a53ece32a48fb7b13a9ce0fa91b84ee89ebcf3a24191ab5b03ac82f

SHA512
3dcffc8ea221a9c9dcaf92dd09ae69b32283d047c886f3eccbdd072c6bd16016313da2e7153670a35b86b2d389868bb4b7f493efd8a1e3467f818460e659b600

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cf5a800223b89b1ee9ec2a5f02d2ef9e

SHA1
5ff284a7c7ad75a8023fa7028cb7c36d22e627d8

SHA256
560bb22b348a4680bfbbf51bfe7f9f0a9a3a7b86c4b84bf0cbd0619f72457302

SHA512
01a4d7b05b56d934e06b555c83220ef013ae0263670c5510281d6850bcbc7f28b33b584aa45208b4703fbe1a016ed80cbca734bfb9fee03edc7aa0724dc435bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
8e6427d687f9b4fa35259cad17b68cbc

SHA1
a06f307eb0a93e76ca049771281c32aee157b046

SHA256
58cd5a474a978aadbc0a50b6fb916af6ba384918fdaca6e0b8b09a7bb393ed5f

SHA512
9bf8646c672ef22d7be445c7faa9b75c02da9d8123d33ce11a055ecab92cea20af1d8a9e063c8740c2371d9ece100ee4dbf257a31135995e8b312d4318c63477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
685f3eb6d52b7764370c36e4c4a7cc5e

SHA1
16fd71c650107880005dafcf7bd59d914fb0cd5d

SHA256
b6819f609aca4b559a7ef25339435aadda2de5c81b6cce0e803846d16a9171b2

SHA512
ccac9b6d2b2ee744e3f3a630d04b81dfda15736870f91cb97d0247a7cb19168aedaab915c83238595acb4618031d86f6144d63f23278e36d9dce737968a015ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
0929fc3f67c7337df50f4bb3f1ff9353

SHA1
38522919c2f60b4e9454fbde62415904e101a08e

SHA256
87cd9c54606932569fdafedad306e92bab088e9fd184b4ab6c68176d1deb9b6a

SHA512
e718cfe4f1c8b36880ae235f1e70d09728ef77bb850318b689e702a7cf9532e04818b6796252d0dafa558b8dd3c573dea62f8721d14f1dbcf103d8d2e750d1d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e756984e598d8e8f5b79ae840fbb2ae7

SHA1
6461c83261e3152a979eae671127f59f19f88019

SHA256
5172d2f8b5b68b6ff0274b1701e9e08b0e2f2cbf821c05d1552010075c928549

SHA512
f09940a1a1563a7262bc13c39f3c33d5c8ba2100c884ddf6a8dfb1e87abc7f36a2d993d9cc606ae0a1ef66fd11d3060958898ac1e7fd057be48e025f11023825

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
27f0e5e1b2dc254ec714689b996752b3

SHA1
da11fe3938f641d7ff8786f4a9a8a2ea7c45223a

SHA256
9e90011384d108c4287d12e23b939fb0c2c0294166d0f8f4fbfea343d49475c0

SHA512
d2d800fb43f6beec75de49cc1de78c127246a1be82fc0a3a56368ad8dcb621cc2413a47509f75ab8934641b5c7f5bed55390de0aa27b2e7bb0ccbd751894467b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a269fdbc-c8bc-4d62-88d1-a2750dedfc13.tmp

Filesize
1KB

MD5
ead13df424fa87db0a79b9198fdceac4

SHA1
b4239bb2707bf2f1bd86150266f718d3dd0eb918

SHA256
61c9c5b42ba184b60d0a63b5e03338832d46b158f59b691be34e97e77e18fa47

SHA512
1f139752338f6a5036c7dc619dd847cb0331d7e3ad441301686f86140e35d2350fc32562491388bea19f3763a8636facb4796b2dfa3b206925a89e2dbc5c9a8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a101eb5838c1fc28b77e7bb58ab3ac58

SHA1
947d51d9b10543186ffccca7d7c14ae2aead4ac4

SHA256
8869ebd540f9907b59a0611266e9d92359a8425e2242460453c2629487e8c7e1

SHA512
79ffc0938dfbb86fcf6741bbaf78a5325a2eb29b364bcdfed8ca2822eefb3ae0f022d27f6c889835c354337bc8875daf71b8096d76b49d46885991a24e44dd91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b03aa89f7a9ecd36ae80a48b5b436c6

SHA1
436345f6f8406de7d50507a6a20dedeba16f1b87

SHA256
1dbb47048025a5f9a14b5acfb8f51197bf54189e9dbfef6bca5074c133d2d292

SHA512
6b7ecda0dacbce79dd16bb4c390d3d35a5d1908c541fe3e01e3231988cda6325a28c435fc6a9edffb8b707b2e1cdd45b46d49daed497445b79be10b5b58f4e66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
947656ef95f49f98a752849b2f0ca579

SHA1
c3c837bb6af1971c1bb4ebf861774261550411db

SHA256
a6d1ef924a33e1369576f1002f8b70980289ff2e6c09de57f73566129c7ace02

SHA512
fc981d5f3f17692031322d699a535188fc8bd7b1a6c880e9447bbaf5ee49ee874c2f72462a31398519c7b030a26fc6e668ba44e00883c9d3d9da263a33497b76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ecf9bb5e9f0ab0c722a8546a0042ced9

SHA1
b18e7260c33466ce92cdf0d4063c380d12a1429c

SHA256
0cf0315b5f89377422aaf71660af391f7f4cb2920c7d6d41851b15195760aec0

SHA512
4d0f8705410efe3e8acea5516963f4358c69a698241261ee2ec1960244658eff3ded082041496e7dc5bb633c1a72b51a464e146e2731a36a5a7cdcd23051d13c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bad3d32cc6721e90d4486a5880c8e51c

SHA1
45f992df7737fff1aedbb19ddfe1f9daa04d51f6

SHA256
420b18c542ea3f26ad9c95f77cc04f2c80384ed9377430579a5b231172b49d5e

SHA512
c39ad791d0d5916cab82e04cae1054234ee3380e50af4e1a851d13c8c16f547fa940058156ac3d9de40e4312524ae970a646507f1d2329538021f6c0a67f3524

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
de766085591c0d1792b6bf9d3ad7691b

SHA1
86e12f32883e70e93cf8e2c912104ad28592cd53

SHA256
d908ae95359e2905fc0da42bab054006e1cce859af5726d43f1213b4c7a3ce8c

SHA512
54288cdc2847013b3f58c61cd47a2d28df81e2e28c5a485574ea0467db9edb09cc344ac1348788956cb7eec6f889180a294a113db97093c3aaa7120b1ea0dcac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2b7cfb3be21de142cf94259e08cfd090

SHA1
234bfa92611d36711851aeae1b09ca08b19669d0

SHA256
0a4a4c03e8be3eec6455ae2a4720af39e07033238631dc8d8cf5f8879e9784f2

SHA512
3c80eb7336fb763017a7eaf65cbd311a12a0ed854570cdfd709cc8fe201749b6130a2a9de9dd740790bab450f5cd4043a201be62cca2f9c55930008eec80d3ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d28d979205d0ffd1a1a2d7bc9f9a15d7

SHA1
cd42fbf24a614b3baaec6e6ebd64b32a9a31ba58

SHA256
d610d56dad8dad723b27ae012244e001fc6e032f0ebc8fd37ba6072511eee931

SHA512
9ee698430af1bf424cdab0d06f739fd4faab32b0738ad123e543480c854921048e1b0f092f99dd4e0bec9baa335b80883f888595c52dcc27736c7e011be88454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
93435d90deabbd323d45d21d2c8b33ea

SHA1
84fc926f9041057f07a0bffd4719c6d6a45ae0f5

SHA256
1b37c5d2c5ec424f9942e83aee0afdc7352b0b4f11ede819ea8203ced9d2f582

SHA512
be53fcaef566fd2a3969e4a4c30acd267595836adf88ef451b001267b598c9dda1a2ad0ae2cb1c2f72b5ac3ef33d85f18b975218d4e7a4355d46dd8a418d0ece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
134240b7474a10c67b3aa8d2e9cc8a89

SHA1
ede915677c855fba795407ddb2f81de5312dc738

SHA256
64e27a85329c84ee494d95c658143d262c6bc7ad8067d74bda227b7d3e87f6e3

SHA512
b47a7575789ba6ab5b3c915fa75ff443ea5034d59c4f070eadbeb16d5498a7f65e31d4c49c420e048488bf98ec08f63eae3268ca20016c4aa75f028f06c744c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
99bc7adf2774d4aaf11aea9abaa8f2b4

SHA1
de16d914c9a5a70ab2c8fafee5247c8acda03841

SHA256
844b6fe2f2d402c7873def99dab49dfc0395b26a1e8744ddbe32d2c4c63cec89

SHA512
145462425841729aad2c351e7177dcc165d357e5e1388c320833aa96d274681670f9288531dbecee704b43bf061110f7ab1b5869fabaff7b1ac9d39853e852e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
0711bb08c04d4cfc5e4f2174730f8e72

SHA1
a67db96c0f87d87131272148f2b3f8d2a3319ba7

SHA256
9d880ab9c2da9848889aa6a47b75b7f0c6f1e471d841c37820c6187e66d207d3

SHA512
d01f7da93af73140f299b314c3b2344550db986ad155047e76ee7bea809641c12bc9f0d8e8a0a153d822c35fb92dadf28d6de294695a67217c5e73c1ee08a734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
aa632c9a592f5920e4f840305018305b

SHA1
29d961524220e9eb795a252e0739a5d572ba31ff

SHA256
de899ee570dba858e172642ee18ed7b94e852a72d0cdc1ed246a49b4b210473c

SHA512
22d7df4fb1b4651c17b85bade2b455fa46689839f2f668f828635ddfd943be3f5094f8e8b2e5fab2ff2b319de2a4c2c1a98ca05123227888d10704224334b42d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
284d1d90b94ab04e924a96b7f47031bf

SHA1
a38db13fcd05395f08e01db6d073aa7d329dd202

SHA256
91df773b3b514c7821f08bed364e957890804d8b92813532d45b2d13726934c1

SHA512
63ba5a55ccdaddd3f7c653500086f6789fe68892c7f4029ea801430e61f5edf2ad4813df50e60964d4e16399b226d95821b918b50e6580670d0eef6ead5fb361

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FORTNITE MACROS EDITOR V2.5.exe.log

Filesize
42B

MD5
84cfdb4b995b1dbf543b26b86c863adc

SHA1
d2f47764908bf30036cf8248b9ff5541e2711fa2

SHA256
d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b

SHA512
485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce

Download Submit
C:\Users\Admin\AppData\Roaming\msvcp110.dll

Filesize
642KB

MD5
9bc424be13dca227268ab018dca9ef0c

SHA1
f6f42e926f511d57ef298613634f3a186ec25ddc

SHA256
59d3999d0989c9c91dae93c26499f5a14b837a0fe56e6fc29f57456f54a1f8a2

SHA512
70a1abb35bd95efc40af6653d5db2e155fab9a8575b7ae5b69ab3fbcd60925c66a675dac6cba57564a430e9b92f1a2ea9e912c4d7f356b82696ed77e92b52715

Download Submit
\??\pipe\crashpad_2860_WJACPKVEEJPYHVPY

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/968-151-0x000001889B7E0000-0x000001889B7E1000-memory.dmp

Filesize
4KB

Download
memory/968-142-0x000001889B7E0000-0x000001889B7E1000-memory.dmp

Filesize
4KB

Download
memory/968-149-0x000001889B7E0000-0x000001889B7E1000-memory.dmp

Filesize
4KB

Download
memory/968-148-0x000001889B7E0000-0x000001889B7E1000-memory.dmp

Filesize
4KB

Download
memory/968-152-0x000001889B7E0000-0x000001889B7E1000-memory.dmp

Filesize
4KB

Download
memory/968-153-0x000001889B7E0000-0x000001889B7E1000-memory.dmp

Filesize
4KB

Download
memory/968-144-0x000001889B7E0000-0x000001889B7E1000-memory.dmp

Filesize
4KB

Download
memory/968-154-0x000001889B7E0000-0x000001889B7E1000-memory.dmp

Filesize
4KB

Download
memory/968-150-0x000001889B7E0000-0x000001889B7E1000-memory.dmp

Filesize
4KB

Download
memory/968-143-0x000001889B7E0000-0x000001889B7E1000-memory.dmp

Filesize
4KB

Download
memory/1336-120-0x00000000003D0000-0x0000000000460000-memory.dmp

Filesize
576KB

Download
memory/4476-132-0x0000000000520000-0x0000000000585000-memory.dmp

Filesize
404KB

Download
memory/4476-127-0x0000000000520000-0x0000000000585000-memory.dmp

Filesize
404KB

Download
memory/4476-128-0x0000000000520000-0x0000000000585000-memory.dmp

Filesize
404KB

Download
memory/4680-180-0x0000000000140000-0x00000000001A5000-memory.dmp

Filesize
404KB

Download
memory/4680-177-0x0000000000140000-0x00000000001A5000-memory.dmp

Filesize
404KB

Download