hxxps://www[.]mediafire[.]com/file/fnfe76w8wikaave/Valorant_Hack[.]rar/file

Analysis

max time kernel
123s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
06-04-2023 11:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/fnfe76w8wikaave/Valorant_Hack.rar/file

Score

9^/10

bootkit discovery evasion persistence trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 3 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

Setup.exeSetup.exeSetup.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Setup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Setup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Setup.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 6 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Setup.exeSetup.exeSetup.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Setup.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

winrar-x64-621.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	winrar-x64-621.exe

Executes dropped EXE 6 IoCs

Processes:

winrar-x64-621.exeuninstall.exeWinRAR.exeSetup.exeSetup.exeSetup.exe

pid process

5256 winrar-x64-621.exe
5192 uninstall.exe
5208 WinRAR.exe
5528 Setup.exe
5048 Setup.exe
3632 Setup.exe
Loads dropped DLL 2 IoCs

Processes:

pid process

3136
3136

pid	process
5256	winrar-x64-621.exe
5192	uninstall.exe
5208	WinRAR.exe
5528	Setup.exe
5048	Setup.exe
3632	Setup.exe

pid	process
3136
3136

Modifies system executable filetype association 2 TTPs 8 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1042

Processes:

uninstall.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32	uninstall.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

uninstall.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ = "C:\\Program Files\\WinRAR\\rarext.dll"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment"	uninstall.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

Setup.exeSetup.exeSetup.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Setup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Setup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Setup.exe

Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

Processes:

Setup.exeSetup.exeSetup.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	Setup.exe
File opened for modification	\??\PhysicalDrive0	Setup.exe
File opened for modification	\??\PhysicalDrive0	Setup.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Processes:

Setup.exeSetup.exeSetup.exe

pid process

5528 Setup.exe
5048 Setup.exe
3632 Setup.exe

pid	process
5528	Setup.exe
5048	Setup.exe
3632	Setup.exe

Drops file in Program Files directory 60 IoCs

Processes:

winrar-x64-621.exeuninstall.exe

description	ioc	process
File created	C:\Program Files\WinRAR\License.txt	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\RarExt.dll	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\RarExt.dll	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Rar.txt	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Order.htm	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\WinRAR.exe	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\RarExt32.dll	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\WinRAR.chm	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Default64.SFX	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\RarExt32.dll	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\RarExtPackage.msix	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\WinCon64.SFX	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Rar.exe	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Default.SFX	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Default.SFX	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Default64.SFX	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Uninstall.lst	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Descript.ion	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\License.txt	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Order.htm	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\RarFiles.lst	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Uninstall.lst	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\7zxa.dll	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\rarnew.dat	uninstall.exe
File opened for modification	C:\Program Files\WinRAR\RarExtInstaller.exe	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Uninstall.exe	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\WinCon64.SFX	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Descript.ion	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Rar.txt	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\RarFiles.lst	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\RarExtInstaller.exe	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\ReadMe.txt	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\UnRAR.exe	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Zip64.SFX	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\WhatsNew.txt	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\WinCon.SFX	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Zip.SFX	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\WinRAR.chm	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Uninstall.exe	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\UnRAR.exe	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Resources.pri	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Zip64.SFX	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Rar.exe	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\7zxa.dll	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\RarExtPackage.msix	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\zipnew.dat	uninstall.exe
File created	C:\Program Files\WinRAR\__tmp_rar_sfx_access_check_240588500	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\ReadMe.txt	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\WhatsNew.txt	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Resources.pri	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\WinCon.SFX	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Zip.SFX	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\WinRAR.exe	winrar-x64-621.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133252602786495903"	chrome.exe

Modifies registry class 64 IoCs

Processes:

uninstall.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r07\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.taz\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r11\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tlz\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tar\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r00\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r06\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.zip\ShellNew\FileName = "C:\\Program Files\\WinRAR\\zipnew.dat"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InProcServer32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r03\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r09\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r21\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tbz2\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.z	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r21	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xxe\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r00	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xz	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\ = "RAR recovery volume"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r29\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tgz\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open\command	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.gz\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r27\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r16\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r17\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r28	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command\ = "\"C:\\Program Files\\WinRAR\\WinRAR.exe\" \"%1\""	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r25\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rar\ShellNew	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.zip\ = "WinRAR.ZIP"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.lha	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.7z\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tgz	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r20	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\DefaultIcon	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xz\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tzst\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r01\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r24\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.zip	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.bz2	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r19\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.lz	uninstall.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

chrome.exeSetup.exeSetup.exeSetup.exe

pid process

3800 chrome.exe
3800 chrome.exe
5528 Setup.exe
5528 Setup.exe
5048 Setup.exe
5048 Setup.exe
3632 Setup.exe
3632 Setup.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

Processes:

chrome.exe

pid	process
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

winrar-x64-621.exeuninstall.exe

pid process

5256 winrar-x64-621.exe
5256 winrar-x64-621.exe
5256 winrar-x64-621.exe
5192 uninstall.exe

pid	process
5256	winrar-x64-621.exe
5256	winrar-x64-621.exe
5256	winrar-x64-621.exe
5192	uninstall.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3800 wrote to memory of 4112	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 4112	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1488	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1904	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 1904	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 2512	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 2512	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 2512	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 2512	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 2512	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 2512	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 2512	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 2512	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 2512	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 2512	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 2512	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 2512	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 2512	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 2512	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 2512	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 2512	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 2512	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 2512	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 2512	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 2512	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 2512	3800	chrome.exe	chrome.exe
PID 3800 wrote to memory of 2512	3800	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.mediafire.com/file/fnfe76w8wikaave/Valorant_Hack.rar/file
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9fba9758,0x7ffd9fba9768,0x7ffd9fba9778
2⤵
PID:4112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:2
2⤵
PID:1488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:8
2⤵
PID:1904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:8
2⤵
PID:2512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3176 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:3708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:4548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4620 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:4624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5104 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:2188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5112 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:2500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5136 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:4576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5480 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3996 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:2192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6228 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:8
2⤵
PID:3664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6376 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:8
2⤵
PID:1252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6496 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:2204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6352 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6792 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:4184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6984 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:8
2⤵
PID:3476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7288 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:1064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=7180 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:3520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6960 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:4088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7800 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:4528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7608 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:3664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8036 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:8
2⤵
PID:5332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7612 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:8
2⤵
PID:5452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7132 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:5772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8124 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:5536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6216 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:5548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5792 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:5520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7532 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:8
2⤵
PID:5024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7416 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:8
2⤵
PID:5172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7616 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:8
2⤵
PID:5136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7612 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:8
2⤵
PID:5776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2356 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:8
2⤵
PID:5260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2804 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:8
2⤵
PID:5224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7872 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:8
2⤵
PID:5196

C:\Users\Admin\Downloads\winrar-x64-621.exe
"C:\Users\Admin\Downloads\winrar-x64-621.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:5256

C:\Program Files\WinRAR\uninstall.exe
"C:\Program Files\WinRAR\uninstall.exe" /setup
3⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Registers COM server for autorun
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7692 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:5764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8092 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:5928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5688 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:5016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5624 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:6012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=5944 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:1416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=6064 --field-trial-handle=1800,i,14680148495979363848,10057954798945943325,131072 /prefetch:1
2⤵
PID:4412

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4328

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3284

C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ver -imon1 -- "C:\Users\Admin\Downloads\Valorant Hack.rar" "C:\Users\Admin\Downloads\Valorant Hack\"
1⤵
- Executes dropped EXE
PID:5208

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:5528

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ENC cwB0AGEAcgB0AC0AcwBsAGUAZQBwACAALQBzAGUAYwBvAG4AZABzACAAMQA1AA==
2⤵
PID:1208

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:5904

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:3604

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:5304

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:480

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:5372

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:1140

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:4416

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:2532

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:4904

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:4856

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:5048

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ENC cwB0AGEAcgB0AC0AcwBsAGUAZQBwACAALQBzAGUAYwBvAG4AZABzACAAMQA1AA==
2⤵
PID:5472

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:4516

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:3544

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:5408

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:5360

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:4996

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:3188

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:3244

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:2360

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:392

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:4696

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:3632

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ENC cwB0AGEAcgB0AC0AcwBsAGUAZQBwACAALQBzAGUAYwBvAG4AZABzACAAMQA1AA==
2⤵
PID:5004

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:1360

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:3160

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:5808

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:5796

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:1040

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:484

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:1816

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:1396

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:2436

C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
"C:\Users\Admin\Downloads\Valorant Hack\Setup.exe"
2⤵
PID:1212

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Change Default File Association

T1042

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\WinRAR\Rar.txt
Filesize
109KB

MD5
e51d9ff73c65b76ccd7cd09aeea99c3c

SHA1
d4789310e9b7a4628154f21af9803e88e89e9b1b

SHA256
7456f489100ec876062d68d152081167ac00d45194b17af4a8dd53680acfc9bd

SHA512
57ab82d4a95d3b5d181c0ec1a1a1de56a4d6c83af5644032ff3af71e9bd8e13051ae274609bda8b336d70a99f2fba17331773694d7e98d4a7635f7b59651b77c

Download Submit
C:\Program Files\WinRAR\RarExt.dll
Filesize
659KB

MD5
4f190f63e84c68d504ae198d25bf2b09

SHA1
56a26791df3d241ce96e1bb7dd527f6fecc6e231

SHA256
3a5d6267a16c3cf5a20c556a7ddbfc80c64fcd2700a8bfd901e328b3945d6a1a

SHA512
521ada80acc35d41ac82ce41bcb84496a3c95cb4db34830787c13cdcb369c59830c2f7ff291f21b7f204d764f3812b68e77fd3ab52dfe0d148c01580db564291

Download Submit
C:\Program Files\WinRAR\RarExt.dll
Filesize
659KB

MD5
4f190f63e84c68d504ae198d25bf2b09

SHA1
56a26791df3d241ce96e1bb7dd527f6fecc6e231

SHA256
3a5d6267a16c3cf5a20c556a7ddbfc80c64fcd2700a8bfd901e328b3945d6a1a

SHA512
521ada80acc35d41ac82ce41bcb84496a3c95cb4db34830787c13cdcb369c59830c2f7ff291f21b7f204d764f3812b68e77fd3ab52dfe0d148c01580db564291

Download Submit
C:\Program Files\WinRAR\Uninstall.exe
Filesize
437KB

MD5
cac9723066062383778f37e9d64fd94e

SHA1
1cd78fc041d733f7eacdd447371c9dec25c7ef2c

SHA256
e187e1119350caa3aec9d531989f60452d0198368f19cf65ffd2194a8a4003ad

SHA512
2b3dc50fb5006f1f3beec1774d0927a0533b49d20122e49a0b4b41840f83c494376c8e61da735aa58d27453c44450203d5c2bb4f03fdd37b648ee0f51f925c59

Download Submit
C:\Program Files\WinRAR\Uninstall.exe
Filesize
437KB

MD5
cac9723066062383778f37e9d64fd94e

SHA1
1cd78fc041d733f7eacdd447371c9dec25c7ef2c

SHA256
e187e1119350caa3aec9d531989f60452d0198368f19cf65ffd2194a8a4003ad

SHA512
2b3dc50fb5006f1f3beec1774d0927a0533b49d20122e49a0b4b41840f83c494376c8e61da735aa58d27453c44450203d5c2bb4f03fdd37b648ee0f51f925c59

Download Submit
C:\Program Files\WinRAR\WhatsNew.txt
Filesize
103KB

MD5
4c88a040b31c4d144b44b0dc68fb2cc8

SHA1
bf473f5a5d3d8be6e5870a398212450580f8b37b

SHA256
6f1a005a0e5c765fcc68fe15f7ccd18667a6e583980e001ba7181aaaeed442b8

SHA512
e7f224a21d7c111b83775c778e6d9fa447e53809e0efd4f3ba99c7d6206036aa3dde9484248b244fb26789467559a40516c8e163d379e84dcf31ac84b4c5d2a8

Download Submit
C:\Program Files\WinRAR\WinRAR.chm
Filesize
317KB

MD5
381eae01a2241b8a4738b3c64649fbc0

SHA1
cc5944fde68ed622ebee2da9412534e5a44a7c9a

SHA256
ad58f39f5d429b5a3726c4a8ee5ccada86d24273eebf2f6072ad1fb61ea82d6e

SHA512
f7a8903ea38f2b62d6fa2cc755e0d972a14d00a2e1047e6e983902eff1d3a6bca98327c2b8ed47e46435d1156816e4b0d494726fce87b6cbe7722f5249889b88

Download Submit
C:\Program Files\WinRAR\WinRAR.exe
Filesize
2.4MB

MD5
46d15a70619d5e68415c8f22d5c81555

SHA1
12ec96e89b0fd38c469546042e30452b070e337f

SHA256
2e503ad5a9c800f2dac2fed2b3e8698d96d25b219ed86ed1a54896232cbe4781

SHA512
09446dc9d0c768844213f7f71ba65ee4e86b61d7a61610b63892d1b142952bdd346d14d27d878c026362e012e22fcb49c6746912d5e02db6b40223cafa6d01fb

Download Submit
C:\Program Files\WinRAR\WinRAR.exe
Filesize
2.4MB

MD5
46d15a70619d5e68415c8f22d5c81555

SHA1
12ec96e89b0fd38c469546042e30452b070e337f

SHA256
2e503ad5a9c800f2dac2fed2b3e8698d96d25b219ed86ed1a54896232cbe4781

SHA512
09446dc9d0c768844213f7f71ba65ee4e86b61d7a61610b63892d1b142952bdd346d14d27d878c026362e012e22fcb49c6746912d5e02db6b40223cafa6d01fb

Download Submit
C:\Program Files\WinRAR\uninstall.exe
Filesize
437KB

MD5
cac9723066062383778f37e9d64fd94e

SHA1
1cd78fc041d733f7eacdd447371c9dec25c7ef2c

SHA256
e187e1119350caa3aec9d531989f60452d0198368f19cf65ffd2194a8a4003ad

SHA512
2b3dc50fb5006f1f3beec1774d0927a0533b49d20122e49a0b4b41840f83c494376c8e61da735aa58d27453c44450203d5c2bb4f03fdd37b648ee0f51f925c59

Download Submit
C:\ProgramData\mntemp
Filesize
16B

MD5
79fdc5582378571a88570a4b71c2433b

SHA1
2bf809ff1913354458adace07237ee7564f6662c

SHA256
3cfb58285bae890eb2aef55cdbd2f9e28c50839818bb83534ba2e9cb8b8aa439

SHA512
6d8a7fc55812fa6fcd21785cb701dc68790e06832b1c240908355d1b69a71652872942fa8f63ecfc9721c6062b5852e2b40f74ce341e06487b359bbc9fe5ea19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
52957d4bf2f5b79a0cf7b42e9eb1a954

SHA1
c6ca0bc3ebd37a4a7a99b3ec8b4cc29368c5fac5

SHA256
373963e79b7dd7a50576b9bf92f1a5c356e30bad53e25c44d245dfcc2f869d6b

SHA512
90f957c13fe611b314c501d6cff5fa6d747ce1bb67d32b73997292c6c846c516e509ca76351f827bfaefe80960d4ba8ee89ac7a2a9330f4741f6dce9b4170036

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
a2b6c0615042c95e5a459c39216d8e96

SHA1
6f3666bfa1913964bebd967729000871eab16d36

SHA256
87faac9ba06fb97066b51d89bda81a701738558c846590b96bba529ea24fdc8a

SHA512
44d378b1667b292e23bfe053401bc66dc468e0fe9c6798c1ac26029b4aec4fee1af5bed5fe25e1b7da9bf32ec444f5429b2d611b82131bbcbcd55282acfb9ba1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
Filesize
264KB

MD5
79654d2220918ccc2a5b16db6c025b3c

SHA1
a716b2043c9ecbf30d7b12e5889aff76566167cd

SHA256
01202e6b62d6e0758b11adf8849f023c351391b9afc095e0fa0aec2119883281

SHA512
77af92ff4d0a9d09d5bae2e468fc413556893e2974b45f62c429340a7e3a8bb97c22e7673c561cf021f2196d4eb5ec375565038568575e042cf4609b1decfba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
11KB

MD5
337f0e8172d8fc344c360da76bb58eb7

SHA1
1723be572ee77e81e5aac6612a2c7389c236e834

SHA256
4139b6a2ca181e453591291da01d78cea3978c4243edc9915fe3c58f39d7a1b4

SHA512
40aab4667fa17f924a7aab96ab0aea1236d221ddf5555fb1f4479ac048e3dd124ff845a41166d4fb3375a46628d924f64d6c2f29349d17e197a4d9e378b49810

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
e0f69a3033d39d7f4a9c99a9bbd8c02b

SHA1
beb33707266db866dbc9299773018cfc2210f7c0

SHA256
a1c33239de9dc2d42e915d98816fdbee73e5c98b8d306785d9536277ddadd36a

SHA512
dd821f119c8dd9ddd12964584cf758a51f539d778890265a9dafd42c2d588608a5999553036d42e9b8619f8a265ab9c9ab1beea076c203d2b68d3d5c12a19a8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
5eb81b8cc901c4a851b3dcab57862266

SHA1
720adf07a09c7aee3653b7f22e4d18e64df4c891

SHA256
07b4ff884754c5535f332666210ff92ffd166d86ca4aa2ca08c7c5c088eec14a

SHA512
56b670bd009ce71a6c31291a6fc0b8540b0ddee220dce1739e5c5a1d8c8c91c03f879ce558dd436ed0483294f29d671b0a30b18a24a8c7dad5cd08977527e54a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
bced27fe89dfa8751ecd8514f41dec63

SHA1
62499df04c78afa90d5c1adcc9e28fdddcaaf116

SHA256
d33eb8d6ae2f8c645866fecab3eae996a0e707cde9a63ced0bfa95a3dbc0213c

SHA512
1e2fff7dcf62fc1e2b02831ee863089d46f1478b432213a79ad7325f750580166bb55c4797527b8fee85b0abd9fa753fef02151a9245772461a444c2af134ea8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
f6879cd29cd4caa1470b978a35227f1b

SHA1
2a3987d7c1009dc84db7c4fb0969ed6cf98a4a25

SHA256
102903ff24ae2e409ea40393f4a973a885de87637f1322b2f140a030f6b8bf3f

SHA512
13e33b7257b7d7f912c2ca871cd30275f37c2b24a34c62547563b092a88e084eac7523db39c91e01669be29a7bebe303decd94666b0c833666bf9f77ea3b9b91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
3386b36244025f490b946157f3ad6d99

SHA1
104a4dcce6f0024867acf266a09477d2b3086602

SHA256
93d72d29de3d61c592e546cff3521eaa762d95cc189b924377ffcc8df36172e2

SHA512
bd65ddfa44cfdb1e0bbd603cb481375ca1de71e3cb9dede2c5c84a2ff6fd9d22fb5e1b17f2d776aeef80656cbcd38c2b9b6d1c13999d41e9a6643272c744c640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
f177ad3db2b92166543e55f2c95f3e85

SHA1
780c8f4ec9cef2c5cf2528ba881e0fca7a87a893

SHA256
8dfa44fb3a7d72235496f4dc1ab11d1a6b4075615ce30e652fa2b05eefe863c9

SHA512
23a80345659c803fed1cd772935084ebff0540042203c47a37a5f510abd40157cfa65481c9ca85e4bfa350a44e933f1f9f93f5fdc3bff5908fb6c2ff06351bd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
e4fb2933fcced14bfd3c615451b5f401

SHA1
a9546a9e63ddfebcea6391851d55615deb1c6ce2

SHA256
df7ec49d43b462607b975c6134d6b71682a9d7a6bdcdeef2481c21ceffa9abed

SHA512
97e251ee654afdba85b69297cc4ca2b8c3919c088a2d9566b2a68d0cbb71c5c0df2f6f1f4b75c9247a56eb1037e305c874d2aaaab08cb58484a515b81b03844f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
67413e6924115b1367b5467def75f669

SHA1
e7d87fc667a64f8c2a71483ac2593a1383f9cf3c

SHA256
512b1823892c08b637ead655fa7e14ecba501337c270aff4ca91b21213125eee

SHA512
a3e7d1f541ec3e444b61bc80f29acda0cd64d7cda1506969b2fec91fbec2acea46eec3bf946c5e7dc54543b98cf0b358b1aae3ea89f3e216e6b87c5e48af8ab2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
58c5fb74d32e621689de4a09e942be49

SHA1
11c1329add829db045a94d29e8995c8d1e540fff

SHA256
c62e88100266dc31f18a73e34e62c74b732b864a177281a94e96ae6e2bd280bb

SHA512
7d3060c1d9c995b337b51e99186494302eeba7954ba6e7d476b4d6282f0751c3dc60cd239db9c226ddcfc471d7bec3406ef21a5107d16adc943b0f75c2321076

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
a7a77bca6a6d3edd9e00a567825298c5

SHA1
b16ddc5c585cec4aa39ef822476fd0bfb64b22f4

SHA256
a10e38e9991a9167bd6b3114782636b5c4e23d5018af8b1737bca9eaeffa9b97

SHA512
f710e22e4f6a9ff5b7d89145e2f728610b16e9dcafb340e3755a91d51f6a4bc5c580175e0601630024952d367e6145766e14d98c64375a7e66394b31e77ba31a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
199KB

MD5
fedf76735f601f68ec17fea0a862551a

SHA1
6edd0b5cf756df3ffee5619b7a72ce1f43756534

SHA256
293611e6412e855a4ba67ed75491784be6d8e5f22cd08f125e6b078d48524438

SHA512
4c9644d805cae91c8319743d441fa0195c774782f424261511a41c56cb850b359626fc1e75bf0dbedd7b8166ef41b245088aa11df424191bd49bb27c806220e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
199KB

MD5
43fe4769569cbc2c4cc72970cfe2e854

SHA1
eb4df5b66a11fdc41264e63f724d501aee9840e7

SHA256
6ddd8b89d93fe41efe696438649d94f843dfa1ce078ee003d528d7921e5dd9d3

SHA512
4a706e6b130150ca4bd1a3b95bee9c7b6cefb5d3e5f24c9d9c171c7f5509a37eac3921b9a610bd4cde6484e1577a3dde8c784705a3844e390a62c7a5b0e10e79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
199KB

MD5
6aa633b1834e613a39c30bae9e7f73d5

SHA1
a483ed1872156841679e016099905e5410ffcbd3

SHA256
38d3479201604256248aad420a1f4328b42bdb4a7be143ae59950225ff4aa501

SHA512
828ed6d9d79b81db66fe2fc1a08ec7e2b8a593eb8da62474ed59428d99514393142f97ae97b93e64e512fcbe6e177afb3db733806bda05dd403a5b191b815ecf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
199KB

MD5
b9008defcf473724b650cbeac695ff35

SHA1
0f8ade1e7496d528a60f7b2e0d620a62f0d62954

SHA256
f4d92604936b77eade808fa6736bf7dce3e62a382ff2aa98ece34864d382f6fc

SHA512
9b4be75472fe9614570860ade8c097633c89ea358a5da5ef2dc838e11fde04158620c306a6bf89ef6ae5563c1ef5abc9f55edab955b1002607e152f0a473c401

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
116KB

MD5
f3fa53d1ea5a5eec069a522db2b18e51

SHA1
bded244b555ec22e84ae19e11c9b24f82c9e3e13

SHA256
4fe4618b6ea1f643237db400052b58347a4d263382a70edce85a29bb6d8bd048

SHA512
bddf09db9dcce397b30fb8a15a9cd34895ad80a46306c4c9b47707c631c44bce15bd512f043823003262095e97f8189f3f408fe90a86502ea7720c999b9d499e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5730d4.TMP
Filesize
108KB

MD5
35efa8f7c956188db1b261750834e58c

SHA1
9ae669c9725511667396dba27fc51090b49f2d78

SHA256
aae8155a34d3012075f662bf15d2a3625e1214c9c5c8af8dc022c4d66b6d27e5

SHA512
48b330ea3283d5c1a9fed2c0cd817e4600db9fd6c6c7b555897d5e486561be8f59023e6838353f35e52505bcb646c5621377fa828d88da4db855cf66a68a01ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
Filesize
1KB

MD5
6195a91754effb4df74dbc72cdf4f7a6

SHA1
aba262f5726c6d77659fe0d3195e36a85046b427

SHA256
3254495a5513b37a2686a876d0040275414699e7ce760e7b5ee05e41a54b96f5

SHA512
ed723d15de267390dc93263538428e2c881be3494c996a810616b470d6df7d5acfcc8725687d5c50319ebef45caef44f769bfc32e0dc3abd249dacff4a12cc89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
16KB

MD5
f4b1bd91199e46e2b334e777eea9728f

SHA1
1fe2712b4ed863b955bed19c5350b5871bbddb1a

SHA256
a4b68f0b02d445032b61ad5e2e654d2f52998a5daf0837ce7e547d5c946518da

SHA512
d04554c7099e70e2ae93fc3f9193ad70f93f7cfd6561649de4b06d2fd9b8edd0a99b26bd10ed8861d879ca7f3e6de6f40ba53ff693a8b309f240559b29c39833

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
16KB

MD5
f4b1bd91199e46e2b334e777eea9728f

SHA1
1fe2712b4ed863b955bed19c5350b5871bbddb1a

SHA256
a4b68f0b02d445032b61ad5e2e654d2f52998a5daf0837ce7e547d5c946518da

SHA512
d04554c7099e70e2ae93fc3f9193ad70f93f7cfd6561649de4b06d2fd9b8edd0a99b26bd10ed8861d879ca7f3e6de6f40ba53ff693a8b309f240559b29c39833

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jjmvutyy.42x.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\Valorant Hack.rar
Filesize
43.1MB

MD5
700efeaa660dd8f8642fa2fecdb11bd7

SHA1
2198e666ce1fdfa06972b4ea23fa58fa1827ca8a

SHA256
fa85784df4058132194ac7c5c5106cbd91d7d2963e911dbe7a265ff3203d2c0e

SHA512
1657669d17e4f16b2cd47e44b78f242faf196bf416a8ab5ff1a52e35badeb7783fae8f68689b99bf8b90bee941adba8dcbb763e30818fc9c54305bd73691f31e

Download Submit
C:\Users\Admin\Downloads\Valorant Hack\Data\level4.resS
Filesize
128KB

MD5
64d183ad524dfcd10a7c816fbca3333d

SHA1
5a180d5c1f42a0deaf475b7390755b3c0ecc951c

SHA256
5a666340f42f0f985772024d90a83d15c9a241a68d58205cd4afbb1a31f1621a

SHA512
3cab59dff09981f49d1070fba06a781439bb1ea2dae0cfcb937d9875bbe9e866be2c951cfc6a3ca4a92aea79dd3e9c4792a765f5a06f230a57dabcab2f0b3c1e

Download Submit
C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
Filesize
369.4MB

MD5
ff881d97ca2448acbd843126da64d2f5

SHA1
7699855eae7ab254245a49bdec643b1ac59e5ae5

SHA256
5ff802519c78bddb8e5cdf0e72be5795da3fefcdc138112520d910a5b97aeeff

SHA512
68e55766ec05f5a24f8ef1e3f875829227e6876c3ea8b7f73485f7181c14976ccb8be9e9aba4cb45fd4af7258142e43c631b8a8b515d1f234edb342a1e8b2083

Download Submit
C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
Filesize
386.4MB

MD5
e45474a2381d105c427d7024c0a4d181

SHA1
e8a90cf9668b025cb4db58af34e4691639daf1e5

SHA256
bb3c4375e3b1aad7907cf7949a42f772cca24ab69f366308e17851189a20b30f

SHA512
d25788e39ed6cceb233b7946bdb59f6af17b3a9aa9c615a29edf4e9f104515459efc144f271049e8f704a273aea4cb071595fdf44381184a569fde3391e1ddc3

Download Submit
C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
Filesize
159.1MB

MD5
af5c58fd8d7adbe8a523c038ce8cda11

SHA1
b434f95e8029ca84943519addc2df5651c1e55ae

SHA256
ecf9571007b94888d65c5f40af64f2360d0654d1aaca28a6a718889bb82c6c31

SHA512
419aa580660f823d09ea8363e795b5b49048aab79a939586df941468b3a2c6ec1c55a5775dc5e46cdae428b84d2b6c826828e60ac433cd7431e3c868a82213df

Download Submit
C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
Filesize
139.7MB

MD5
9795a62a7bfadc6fb46f24f0851ac176

SHA1
3bace0322f3e5e728d748bba53b13ff50716cfd4

SHA256
55f906c3fddc755bc0fed5ca627d255c9146bd6b094e6797e56c7db7eb506b8a

SHA512
3712e48589fe81b832c42ee05847d425b2ccc3396a00ea99e0f2588d5f476d45d9a643ca4bfde0c8a69d2663b8e96f0354fd9f591113a476bff74dbbf4d2d79e

Download Submit
C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
Filesize
67.6MB

MD5
b119efc786253786e5e22ed79899f283

SHA1
6a304fc505e413044e793b9a8c46ef2d99e231da

SHA256
f757e853dc8eababc2325e0f41c30987fbf18cf76156f74f735dbf0524e0bac1

SHA512
7057b8de31406daafe07b2898871b921bbce1a687847e963d484bed977bb4ee410bad6cc762b78a9a84ff83029d6899ff7749da02f55b76247be85d928c72469

Download Submit
C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
Filesize
67.7MB

MD5
b190d3c3269c48b49db68113fe4a51fc

SHA1
f0dccaa08ade686af64cdd451b57f11eb6334241

SHA256
f83f04b2d6242b1af3154d2447dcfcce209f142e121be663e65764b5806d1238

SHA512
1533d78f71c78aa608aa0cf4360ba13e3cd877007a322be9fa9405a86e9327aaddac2827e9a3c53ef04751fd0c21aa3c0b9c7583cd5850ba7cb4700072799ad6

Download Submit
C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
Filesize
67.8MB

MD5
5aeb1703cbb3137b534673bc03cf4fd9

SHA1
36e36c8b0146476b4d2a26145fe19f255231695d

SHA256
b7aafc0fbe55068d37f9474418193938360af6636be9b54e89556c84bc273780

SHA512
c3b25fb729b54daabcb284876488b0cf1f4dc9b8c0154eb25304e1747eb0e87b872c5e85d78bf8fe5d825c84c4f37b4e3b4f77e1174b24f2f339581e116e4f3b

Download Submit
C:\Users\Admin\Downloads\Valorant Hack\Setup.exe
Filesize
48.7MB

MD5
cbf2c9e9fcfa398454210727ede93317

SHA1
a7a77cd57d9dd3c044f7459c673af280e156c0d5

SHA256
776d663c4693c10c2c2ea45c43c56f751cf172e3b59250fc3d5436b687e06313

SHA512
e5c6a6a6ab397492f03602ce588842ad538bfb87eb2c5f6b70a17d5a42b0eafa486f94c02f6afa661447f0cfd677ad174c8ad9c7c97b8a32a0c77a42b0ad6b02

Download Submit
C:\Users\Admin\Downloads\winrar-x64-621.exe
Filesize
3.4MB

MD5
766ac70b840c029689d3c065712cf46e

SHA1
e54f4628076d81b36de97b01c098a2e7ba123663

SHA256
06d6ecc5f9d88636b0bac62218c296bfa1b2222f734c9cbed5575bd9f634e219

SHA512
49064dc2c30eecd7320a6431abfee49d250ea7cda5e8ae630d2c55325f5bdf338355ae8d7a3246b4036afce5c100b8b30599baf19ab64d20190392d2d9a28608

Download Submit
C:\Users\Admin\Downloads\winrar-x64-621.exe
Filesize
3.4MB

MD5
766ac70b840c029689d3c065712cf46e

SHA1
e54f4628076d81b36de97b01c098a2e7ba123663

SHA256
06d6ecc5f9d88636b0bac62218c296bfa1b2222f734c9cbed5575bd9f634e219

SHA512
49064dc2c30eecd7320a6431abfee49d250ea7cda5e8ae630d2c55325f5bdf338355ae8d7a3246b4036afce5c100b8b30599baf19ab64d20190392d2d9a28608

Download Submit
C:\Users\Admin\Downloads\winrar-x64-621.exe
Filesize
3.4MB

MD5
766ac70b840c029689d3c065712cf46e

SHA1
e54f4628076d81b36de97b01c098a2e7ba123663

SHA256
06d6ecc5f9d88636b0bac62218c296bfa1b2222f734c9cbed5575bd9f634e219

SHA512
49064dc2c30eecd7320a6431abfee49d250ea7cda5e8ae630d2c55325f5bdf338355ae8d7a3246b4036afce5c100b8b30599baf19ab64d20190392d2d9a28608

Download Submit
\??\pipe\crashpad_3800_MUUABPYEHYNYPQMF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1208-1899-0x00000000068B0000-0x00000000068CA000-memory.dmp

Filesize
104KB

Download
memory/1208-1875-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/1208-1898-0x0000000007A00000-0x000000000807A000-memory.dmp

Filesize
6.5MB

Download
memory/1208-1864-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/1208-1859-0x0000000002A80000-0x0000000002AB6000-memory.dmp

Filesize
216KB

Download
memory/1208-1860-0x0000000005500000-0x0000000005B28000-memory.dmp

Filesize
6.2MB

Download
memory/1208-1897-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/1360-1920-0x0000000000050000-0x0000000000B58000-memory.dmp

Filesize
11.0MB

Download
memory/3632-1853-0x00000000054D0000-0x00000000054E0000-memory.dmp

Filesize
64KB

Download
memory/3632-1908-0x00000000054D0000-0x00000000054E0000-memory.dmp

Filesize
64KB

Download
memory/3632-1846-0x0000000000050000-0x0000000000B58000-memory.dmp

Filesize
11.0MB

Download
memory/3632-1851-0x0000000000050000-0x0000000000B58000-memory.dmp

Filesize
11.0MB

Download
memory/3632-1852-0x0000000005950000-0x0000000005972000-memory.dmp

Filesize
136KB

Download
memory/3632-1930-0x0000000000050000-0x0000000000B58000-memory.dmp

Filesize
11.0MB

Download
memory/3632-1847-0x0000000000050000-0x0000000000B58000-memory.dmp

Filesize
11.0MB

Download
memory/5004-1894-0x0000000006420000-0x000000000643E000-memory.dmp

Filesize
120KB

Download
memory/5004-1896-0x0000000004F90000-0x0000000004FA0000-memory.dmp

Filesize
64KB

Download
memory/5004-1861-0x00000000053F0000-0x0000000005456000-memory.dmp

Filesize
408KB

Download
memory/5004-1862-0x0000000004F90000-0x0000000004FA0000-memory.dmp

Filesize
64KB

Download
memory/5004-1874-0x0000000004F90000-0x0000000004FA0000-memory.dmp

Filesize
64KB

Download
memory/5004-1863-0x0000000005DF0000-0x0000000005E56000-memory.dmp

Filesize
408KB

Download
memory/5048-1904-0x0000000000050000-0x0000000000B58000-memory.dmp

Filesize
11.0MB

Download
memory/5048-1850-0x0000000000050000-0x0000000000B58000-memory.dmp

Filesize
11.0MB

Download
memory/5048-1931-0x0000000000050000-0x0000000000B58000-memory.dmp

Filesize
11.0MB

Download
memory/5048-1910-0x00000000057E0000-0x00000000057F0000-memory.dmp

Filesize
64KB

Download
memory/5048-1843-0x0000000000050000-0x0000000000B58000-memory.dmp

Filesize
11.0MB

Download
memory/5048-1845-0x0000000000050000-0x0000000000B58000-memory.dmp

Filesize
11.0MB

Download
memory/5048-1855-0x00000000057E0000-0x00000000057F0000-memory.dmp

Filesize
64KB

Download
memory/5472-1900-0x0000000004730000-0x0000000004740000-memory.dmp

Filesize
64KB

Download
memory/5528-1849-0x0000000000050000-0x0000000000B58000-memory.dmp

Filesize
11.0MB

Download
memory/5528-1854-0x0000000005A40000-0x0000000005A50000-memory.dmp

Filesize
64KB

Download
memory/5528-1895-0x0000000000050000-0x0000000000B58000-memory.dmp

Filesize
11.0MB

Download
memory/5528-1844-0x0000000000050000-0x0000000000B58000-memory.dmp

Filesize
11.0MB

Download
memory/5528-1836-0x0000000000050000-0x0000000000B58000-memory.dmp

Filesize
11.0MB

Download
memory/5528-1909-0x0000000005A40000-0x0000000005A50000-memory.dmp

Filesize
64KB

Download
memory/5528-1932-0x0000000000050000-0x0000000000B58000-memory.dmp

Filesize
11.0MB

Download