Resubmissions

29/04/2023, 16:39

230429-t563aadd3x 10

29/04/2023, 16:33

230429-t2xpfadd2v 10

Analysis

  • max time kernel
    25s
  • max time network
    161s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    29/04/2023, 16:33

General

  • Target

    ValorantLoading0.exe

  • Size

    53.2MB

  • MD5

    528c7fa8598ab0f0cf3ace973391a991

  • SHA1

    1bb881224b1b5400204b1493d1920ad7750064fe

  • SHA256

    2db50e843ecb7e518b6dbf29192158e0b2c3bfacdbe2257be98ad45319bba568

  • SHA512

    5996f3f55f5d77fa877f7377a978c4b132e72311861fabf04dc086f3d8fd6bcc4c5412128ce8cdbd6db349c4587e45c86ed40284aba8e0bbb5fc0ce4da5d3cf1

  • SSDEEP

    1572864:AexVAYy9tDh0FZk7yacONW5h5eekQC32L7:3xY7Dh0F+OacAOh9CGL7

Score
10/10

Malware Config

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates processes with tasklist 1 TTPs 2 IoCs
  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Kills process with taskkill 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe
    "C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1276
    • C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
      C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:1572
      • C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
        "C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=912 --field-trial-handle=1020,i,3379062896062076106,17685055750181938799,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        3⤵
          PID:2668
        • C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
          "C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=1196 --field-trial-handle=1020,i,3379062896062076106,17685055750181938799,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
          3⤵
            PID:3064
          • C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
            "C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1376 --field-trial-handle=1020,i,3379062896062076106,17685055750181938799,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
            3⤵
              PID:756
            • C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
              "C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=912 --field-trial-handle=1020,i,3379062896062076106,17685055750181938799,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
              3⤵
                PID:2252
              • C:\Windows\SysWOW64\cmd.exe
                C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                3⤵
                  PID:2268
                  • C:\Windows\SysWOW64\tasklist.exe
                    tasklist
                    4⤵
                    • Enumerates processes with tasklist
                    PID:2780
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
                  3⤵
                    PID:2732
                    • C:\Windows\SysWOW64\taskkill.exe
                      taskkill /IM chrome.exe /F
                      4⤵
                      • Kills process with taskkill
                      PID:3012
                  • C:\Windows\SysWOW64\cmd.exe
                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                    3⤵
                      PID:2000
                      • C:\Windows\SysWOW64\tasklist.exe
                        tasklist
                        4⤵
                        • Enumerates processes with tasklist
                        PID:1936
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe"
                  1⤵
                  • Enumerates system info in registry
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SendNotifyMessage
                  • Suspicious use of WriteProcessMemory
                  PID:872
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5fa9758,0x7fef5fa9768,0x7fef5fa9778
                    2⤵
                      PID:1064
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=1364,i,1929071770762687364,10823359012165618813,131072 /prefetch:2
                      2⤵
                        PID:2012
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1364,i,1929071770762687364,10823359012165618813,131072 /prefetch:8
                        2⤵
                          PID:2096
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1364,i,1929071770762687364,10823359012165618813,131072 /prefetch:8
                          2⤵
                            PID:2196
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2240 --field-trial-handle=1364,i,1929071770762687364,10823359012165618813,131072 /prefetch:1
                            2⤵
                              PID:2208
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2264 --field-trial-handle=1364,i,1929071770762687364,10823359012165618813,131072 /prefetch:1
                              2⤵
                                PID:2228
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3324 --field-trial-handle=1364,i,1929071770762687364,10823359012165618813,131072 /prefetch:2
                                2⤵
                                  PID:2636
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1400 --field-trial-handle=1364,i,1929071770762687364,10823359012165618813,131072 /prefetch:2
                                  2⤵
                                    PID:2396
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3688 --field-trial-handle=1364,i,1929071770762687364,10823359012165618813,131072 /prefetch:1
                                    2⤵
                                      PID:920
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                    1⤵
                                    • Enumerates system info in registry
                                    • Suspicious use of WriteProcessMemory
                                    PID:1612
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5fa9758,0x7fef5fa9768,0x7fef5fa9778
                                      2⤵
                                        PID:520
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1208 --field-trial-handle=1252,i,431051597181870794,12755281343275445983,131072 /prefetch:2
                                        2⤵
                                          PID:2412
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=1252,i,431051597181870794,12755281343275445983,131072 /prefetch:8
                                          2⤵
                                            PID:2556
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                          1⤵
                                          • Enumerates system info in registry
                                          • Suspicious use of AdjustPrivilegeToken
                                          • Suspicious use of WriteProcessMemory
                                          PID:1240
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5fa9758,0x7fef5fa9768,0x7fef5fa9778
                                            2⤵
                                              PID:1052
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1220 --field-trial-handle=1264,i,9517913687812422292,5433684922195904951,131072 /prefetch:2
                                              2⤵
                                                PID:2056
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=1264,i,9517913687812422292,5433684922195904951,131072 /prefetch:8
                                                2⤵
                                                  PID:2120
                                              • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                1⤵
                                                  PID:2452
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5fa9758,0x7fef5fa9768,0x7fef5fa9778
                                                  1⤵
                                                    PID:2640
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                    1⤵
                                                      PID:292
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:2
                                                        2⤵
                                                          PID:752
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:8
                                                          2⤵
                                                            PID:2468
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:8
                                                            2⤵
                                                              PID:1664
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2292 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:1
                                                              2⤵
                                                                PID:2340
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2300 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:1
                                                                2⤵
                                                                  PID:1776
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1368 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:2
                                                                  2⤵
                                                                    PID:2212
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1368 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:2
                                                                    2⤵
                                                                      PID:1508
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3512 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:1
                                                                      2⤵
                                                                        PID:2128
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3540 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:8
                                                                        2⤵
                                                                          PID:2308
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3796 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:8
                                                                          2⤵
                                                                            PID:1944
                                                                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                          1⤵
                                                                            PID:1524

                                                                          Network

                                                                                MITRE ATT&CK Enterprise v6

                                                                                Replay Monitor

                                                                                Loading Replay Monitor...

                                                                                Downloads

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                  Filesize

                                                                                  40B

                                                                                  MD5

                                                                                  a0dac56ef957c4491da5fb8d2b826207

                                                                                  SHA1

                                                                                  e3b5d8347ef3defa52e46771c55db81008c3e65c

                                                                                  SHA256

                                                                                  bb2d076c1dde53073887c6d5610bedd7f42cb9f38968b4c160ffe4f393193df2

                                                                                  SHA512

                                                                                  2ebd27eede9a8528c87dcf23570bf7b15fe4b5ef4cd34a6e79a455aad99a3e00715916d8846de2a5abd3fff26b3016fbd51cd74f04b5e6c7650505c7c27e03b2

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                  Filesize

                                                                                  40B

                                                                                  MD5

                                                                                  a0dac56ef957c4491da5fb8d2b826207

                                                                                  SHA1

                                                                                  e3b5d8347ef3defa52e46771c55db81008c3e65c

                                                                                  SHA256

                                                                                  bb2d076c1dde53073887c6d5610bedd7f42cb9f38968b4c160ffe4f393193df2

                                                                                  SHA512

                                                                                  2ebd27eede9a8528c87dcf23570bf7b15fe4b5ef4cd34a6e79a455aad99a3e00715916d8846de2a5abd3fff26b3016fbd51cd74f04b5e6c7650505c7c27e03b2

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                  Filesize

                                                                                  40B

                                                                                  MD5

                                                                                  a0dac56ef957c4491da5fb8d2b826207

                                                                                  SHA1

                                                                                  e3b5d8347ef3defa52e46771c55db81008c3e65c

                                                                                  SHA256

                                                                                  bb2d076c1dde53073887c6d5610bedd7f42cb9f38968b4c160ffe4f393193df2

                                                                                  SHA512

                                                                                  2ebd27eede9a8528c87dcf23570bf7b15fe4b5ef4cd34a6e79a455aad99a3e00715916d8846de2a5abd3fff26b3016fbd51cd74f04b5e6c7650505c7c27e03b2

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                  Filesize

                                                                                  40B

                                                                                  MD5

                                                                                  a0dac56ef957c4491da5fb8d2b826207

                                                                                  SHA1

                                                                                  e3b5d8347ef3defa52e46771c55db81008c3e65c

                                                                                  SHA256

                                                                                  bb2d076c1dde53073887c6d5610bedd7f42cb9f38968b4c160ffe4f393193df2

                                                                                  SHA512

                                                                                  2ebd27eede9a8528c87dcf23570bf7b15fe4b5ef4cd34a6e79a455aad99a3e00715916d8846de2a5abd3fff26b3016fbd51cd74f04b5e6c7650505c7c27e03b2

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                  Filesize

                                                                                  40B

                                                                                  MD5

                                                                                  a0dac56ef957c4491da5fb8d2b826207

                                                                                  SHA1

                                                                                  e3b5d8347ef3defa52e46771c55db81008c3e65c

                                                                                  SHA256

                                                                                  bb2d076c1dde53073887c6d5610bedd7f42cb9f38968b4c160ffe4f393193df2

                                                                                  SHA512

                                                                                  2ebd27eede9a8528c87dcf23570bf7b15fe4b5ef4cd34a6e79a455aad99a3e00715916d8846de2a5abd3fff26b3016fbd51cd74f04b5e6c7650505c7c27e03b2

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                  Filesize

                                                                                  40B

                                                                                  MD5

                                                                                  a0dac56ef957c4491da5fb8d2b826207

                                                                                  SHA1

                                                                                  e3b5d8347ef3defa52e46771c55db81008c3e65c

                                                                                  SHA256

                                                                                  bb2d076c1dde53073887c6d5610bedd7f42cb9f38968b4c160ffe4f393193df2

                                                                                  SHA512

                                                                                  2ebd27eede9a8528c87dcf23570bf7b15fe4b5ef4cd34a6e79a455aad99a3e00715916d8846de2a5abd3fff26b3016fbd51cd74f04b5e6c7650505c7c27e03b2

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                  Filesize

                                                                                  40B

                                                                                  MD5

                                                                                  a0dac56ef957c4491da5fb8d2b826207

                                                                                  SHA1

                                                                                  e3b5d8347ef3defa52e46771c55db81008c3e65c

                                                                                  SHA256

                                                                                  bb2d076c1dde53073887c6d5610bedd7f42cb9f38968b4c160ffe4f393193df2

                                                                                  SHA512

                                                                                  2ebd27eede9a8528c87dcf23570bf7b15fe4b5ef4cd34a6e79a455aad99a3e00715916d8846de2a5abd3fff26b3016fbd51cd74f04b5e6c7650505c7c27e03b2

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                  Filesize

                                                                                  40B

                                                                                  MD5

                                                                                  a0dac56ef957c4491da5fb8d2b826207

                                                                                  SHA1

                                                                                  e3b5d8347ef3defa52e46771c55db81008c3e65c

                                                                                  SHA256

                                                                                  bb2d076c1dde53073887c6d5610bedd7f42cb9f38968b4c160ffe4f393193df2

                                                                                  SHA512

                                                                                  2ebd27eede9a8528c87dcf23570bf7b15fe4b5ef4cd34a6e79a455aad99a3e00715916d8846de2a5abd3fff26b3016fbd51cd74f04b5e6c7650505c7c27e03b2

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\81a23900-b2fc-4ae1-b22d-fb699e2859c4.tmp

                                                                                  Filesize

                                                                                  4KB

                                                                                  MD5

                                                                                  5d6181809f130d6c396f5a2be8066480

                                                                                  SHA1

                                                                                  bbc7521d0fab2a05821dae0433b9cb99e3f4abcc

                                                                                  SHA256

                                                                                  c961c2d3d0ee7449491d7fd5da3bb7c0ccc8371c5909553d154bdf4e5e0b486a

                                                                                  SHA512

                                                                                  8c2d8157f448006f064245959e1f25898291a686d14ae80d7fcc628084bd0c53b8314dd0c4c21eb31c4b48f4257a8fd27dbb92e601181c4fa86eb3a1d9d91f7a

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

                                                                                  Filesize

                                                                                  264KB

                                                                                  MD5

                                                                                  f50f89a0a91564d0b8a211f8921aa7de

                                                                                  SHA1

                                                                                  112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                  SHA256

                                                                                  b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                  SHA512

                                                                                  bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                  Filesize

                                                                                  4KB

                                                                                  MD5

                                                                                  c42e758abeffb3ffac772eb3ed0bbdb1

                                                                                  SHA1

                                                                                  a2ac67384539cae9effebcbe4186599f4e24eb74

                                                                                  SHA256

                                                                                  c373d8f50242db922e9c1fb4798a0f10fe7bbc70c2ac4c4460075a7110a6f99d

                                                                                  SHA512

                                                                                  61ddb4618a961572aedc2a8e4de35a75a1811bc9f807ab2019c73d6e9716fb189a80a9bfc4833acaf362f5a7b143f942c63f8509405b58e8486fa4e2ef73b036

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

                                                                                  Filesize

                                                                                  16B

                                                                                  MD5

                                                                                  18e723571b00fb1694a3bad6c78e4054

                                                                                  SHA1

                                                                                  afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                                                                                  SHA256

                                                                                  8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                                                                                  SHA512

                                                                                  43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000004.dbtmp

                                                                                  Filesize

                                                                                  16B

                                                                                  MD5

                                                                                  6752a1d65b201c13b62ea44016eb221f

                                                                                  SHA1

                                                                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                  SHA256

                                                                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                  SHA512

                                                                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                  Filesize

                                                                                  71KB

                                                                                  MD5

                                                                                  fd2b88f2cd0d96cc5fc2544eca2270fc

                                                                                  SHA1

                                                                                  ecac32977997d40290d1f8430cb882a481f180fd

                                                                                  SHA256

                                                                                  8bd1894b27273ffb811e167f2a0f432d1d8ba8eaf919c3fb30e57d4cfd818aea

                                                                                  SHA512

                                                                                  3701db5e90a954695ca47512aac34c850f90bfa15e0888811fd7479bcdd2660da47272aabb4484d1bce8e5d1a87a131638d0bdd163f1d63200e32edc859bdf92

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                  Filesize

                                                                                  71KB

                                                                                  MD5

                                                                                  7e59820af6b739052921594066b12beb

                                                                                  SHA1

                                                                                  9dfb54104f16f865d527fa10bed790940458a410

                                                                                  SHA256

                                                                                  1aeaa593d6ef0259011dfe8cb9f4e600ccb6eab4c439dd264766d8d685e259f6

                                                                                  SHA512

                                                                                  35cdfb98407e070369b90fc7adb980176660e774e64a3f5e92320af27fa33d9c47d0389d03d87fea8400328a86db5ff6ce3fe14690b40804a8814d6887dc3372

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                  Filesize

                                                                                  71KB

                                                                                  MD5

                                                                                  6bd1f2beb6ed0499bc9c38c81c9a8780

                                                                                  SHA1

                                                                                  8a9a8cd7cfee8016d6bcf2c90b8f90d16a516264

                                                                                  SHA256

                                                                                  925947d52d90e5a2fa24b8f57f376d3f9d687938590594de0562b828abaf7ae3

                                                                                  SHA512

                                                                                  612027853a735c892dd6c29581cff156b8e0a6bda285b25bfe959e35f677ce1fc5582a4e0184c7fdc085d28e216940614074f9153dcc2ed8ae974600c2f00c85

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

                                                                                  Filesize

                                                                                  86B

                                                                                  MD5

                                                                                  f732dbed9289177d15e236d0f8f2ddd3

                                                                                  SHA1

                                                                                  53f822af51b014bc3d4b575865d9c3ef0e4debde

                                                                                  SHA256

                                                                                  2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

                                                                                  SHA512

                                                                                  b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

                                                                                  Filesize

                                                                                  86B

                                                                                  MD5

                                                                                  16b7586b9eba5296ea04b791fc3d675e

                                                                                  SHA1

                                                                                  8890767dd7eb4d1beab829324ba8b9599051f0b0

                                                                                  SHA256

                                                                                  474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680

                                                                                  SHA512

                                                                                  58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

                                                                                  Filesize

                                                                                  85B

                                                                                  MD5

                                                                                  8549c255650427d618ef18b14dfd2b56

                                                                                  SHA1

                                                                                  8272585186777b344db3960df62b00f570d247f6

                                                                                  SHA256

                                                                                  40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13

                                                                                  SHA512

                                                                                  e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c5719486-6c47-4dd1-8876-9f5ab25bf3ea.tmp

                                                                                  Filesize

                                                                                  71KB

                                                                                  MD5

                                                                                  7e59820af6b739052921594066b12beb

                                                                                  SHA1

                                                                                  9dfb54104f16f865d527fa10bed790940458a410

                                                                                  SHA256

                                                                                  1aeaa593d6ef0259011dfe8cb9f4e600ccb6eab4c439dd264766d8d685e259f6

                                                                                  SHA512

                                                                                  35cdfb98407e070369b90fc7adb980176660e774e64a3f5e92320af27fa33d9c47d0389d03d87fea8400328a86db5ff6ce3fe14690b40804a8814d6887dc3372

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d982a4c6-0a57-4fec-b98c-35e3fbac4745.tmp

                                                                                  Filesize

                                                                                  71KB

                                                                                  MD5

                                                                                  6bd1f2beb6ed0499bc9c38c81c9a8780

                                                                                  SHA1

                                                                                  8a9a8cd7cfee8016d6bcf2c90b8f90d16a516264

                                                                                  SHA256

                                                                                  925947d52d90e5a2fa24b8f57f376d3f9d687938590594de0562b828abaf7ae3

                                                                                  SHA512

                                                                                  612027853a735c892dd6c29581cff156b8e0a6bda285b25bfe959e35f677ce1fc5582a4e0184c7fdc085d28e216940614074f9153dcc2ed8ae974600c2f00c85

                                                                                • C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\D3DCompiler_47.dll

                                                                                  Filesize

                                                                                  3.9MB

                                                                                  MD5

                                                                                  ab3be0c427c6e405fad496db1545bd61

                                                                                  SHA1

                                                                                  76012f31db8618624bc8b563698b2669365e49cb

                                                                                  SHA256

                                                                                  827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

                                                                                  SHA512

                                                                                  d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

                                                                                • C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

                                                                                  Filesize

                                                                                  127.7MB

                                                                                  MD5

                                                                                  eddf449b4cb68943b945cd402552da0a

                                                                                  SHA1

                                                                                  7e158b5db7261b7c55d32f7da8c9ae381b16de59

                                                                                  SHA256

                                                                                  cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a

                                                                                  SHA512

                                                                                  33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

                                                                                • C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

                                                                                  Filesize

                                                                                  127.7MB

                                                                                  MD5

                                                                                  eddf449b4cb68943b945cd402552da0a

                                                                                  SHA1

                                                                                  7e158b5db7261b7c55d32f7da8c9ae381b16de59

                                                                                  SHA256

                                                                                  cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a

                                                                                  SHA512

                                                                                  33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

                                                                                • C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

                                                                                  Filesize

                                                                                  127.7MB

                                                                                  MD5

                                                                                  eddf449b4cb68943b945cd402552da0a

                                                                                  SHA1

                                                                                  7e158b5db7261b7c55d32f7da8c9ae381b16de59

                                                                                  SHA256

                                                                                  cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a

                                                                                  SHA512

                                                                                  33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

                                                                                • C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

                                                                                  Filesize

                                                                                  127.7MB

                                                                                  MD5

                                                                                  eddf449b4cb68943b945cd402552da0a

                                                                                  SHA1

                                                                                  7e158b5db7261b7c55d32f7da8c9ae381b16de59

                                                                                  SHA256

                                                                                  cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a

                                                                                  SHA512

                                                                                  33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

                                                                                • C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

                                                                                  Filesize

                                                                                  127.7MB

                                                                                  MD5

                                                                                  eddf449b4cb68943b945cd402552da0a

                                                                                  SHA1

                                                                                  7e158b5db7261b7c55d32f7da8c9ae381b16de59

                                                                                  SHA256

                                                                                  cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a

                                                                                  SHA512

                                                                                  33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

                                                                                • C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

                                                                                  Filesize

                                                                                  127.7MB

                                                                                  MD5

                                                                                  eddf449b4cb68943b945cd402552da0a

                                                                                  SHA1

                                                                                  7e158b5db7261b7c55d32f7da8c9ae381b16de59

                                                                                  SHA256

                                                                                  cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a

                                                                                  SHA512

                                                                                  33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

                                                                                • C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\chrome_100_percent.pak

                                                                                  Filesize

                                                                                  126KB

                                                                                  MD5

                                                                                  44a69827d4aa75426f3c577af2f8618e

                                                                                  SHA1

                                                                                  7bdd115425b05414b64dcdb7d980b92ecd3f15b3

                                                                                  SHA256

                                                                                  bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b

                                                                                  SHA512

                                                                                  5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049

                                                                                • C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\chrome_200_percent.pak

                                                                                  Filesize

                                                                                  175KB

                                                                                  MD5

                                                                                  9c379fc04a7bf1a853b14834f58c9f4b

                                                                                  SHA1

                                                                                  c105120fd00001c9ebdf2b3b981ecccb02f8eefb

                                                                                  SHA256

                                                                                  b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48

                                                                                  SHA512

                                                                                  f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13

                                                                                • C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\debug.log

                                                                                  Filesize

                                                                                  524B

                                                                                  MD5

                                                                                  38637e76d3c6e34a0475130619344ad5

                                                                                  SHA1

                                                                                  4a311e7a5e2c83f62f5bb46ac086dd5fdde99025

                                                                                  SHA256

                                                                                  24366dc60966247eb48a2e5bb32fa509e878b39e76a25bc669957725672138b5

                                                                                  SHA512

                                                                                  40d4fc5fc32693da2384d4e137b18af8274810531b8523e1356505d4b8469b19ff8654e88e2b3b1d211e0aadf0a4c6ddd9ff671051599c55af3cbb9daf0be4e9

                                                                                • C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

                                                                                  Filesize

                                                                                  2.4MB

                                                                                  MD5

                                                                                  2132fad8315a47284cb3ffc75b318b28

                                                                                  SHA1

                                                                                  1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a

                                                                                  SHA256

                                                                                  5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29

                                                                                  SHA512

                                                                                  f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

                                                                                • C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\icudtl.dat

                                                                                  Filesize

                                                                                  10.0MB

                                                                                  MD5

                                                                                  cf9421b601645bda331c7136a0a9c3f8

                                                                                  SHA1

                                                                                  9950d66df9022f1caa941ab0e9647636f7b7a286

                                                                                  SHA256

                                                                                  8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5

                                                                                  SHA512

                                                                                  bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb

                                                                                • C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libegl.dll

                                                                                  Filesize

                                                                                  367KB

                                                                                  MD5

                                                                                  5c70cc094fc6e108a5689c88f1144a51

                                                                                  SHA1

                                                                                  460b668e4301e774b79b182756db25fb0b7c206e

                                                                                  SHA256

                                                                                  c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42

                                                                                  SHA512

                                                                                  3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7

                                                                                • C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libglesv2.dll

                                                                                  Filesize

                                                                                  6.2MB

                                                                                  MD5

                                                                                  7b2ce44ad89a57b1183d36e89fd0357f

                                                                                  SHA1

                                                                                  178f7ed96f5c879b08729acff45bc50cd2ed64c7

                                                                                  SHA256

                                                                                  9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701

                                                                                  SHA512

                                                                                  9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41

                                                                                • C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar

                                                                                  Filesize

                                                                                  51.2MB

                                                                                  MD5

                                                                                  da5450df07fb87578c50f8eaa285c061

                                                                                  SHA1

                                                                                  449fbd7d4d1bede8e332d23680356c288dc67b29

                                                                                  SHA256

                                                                                  40e5407156eaf70e89d953f39314196c9f0a909ad64a3e511812f2358c697089

                                                                                  SHA512

                                                                                  cb035593dbf7766e0afe8494493069c89c9bd1587124b17449ead9085d0bdefcc069dadd47296fa46f3918f2edfa114e8eac7ad4d7b54c25ef01b08a27bc894e

                                                                                • C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\v8_context_snapshot.bin

                                                                                  Filesize

                                                                                  590KB

                                                                                  MD5

                                                                                  60beed67e605fdbe79d2735f59113a93

                                                                                  SHA1

                                                                                  6cd5625c6dfb8a16b619490890e38c6da902b43e

                                                                                  SHA256

                                                                                  ffc7423ee2a75a420118465181e9307c6b7b2df5e40d7e4018dec07a9c6bab11

                                                                                  SHA512

                                                                                  1f4bff04464fab0c149344529903aa805c7c03b7f8c21b5f959c7c7ff11802d07079e069d3b8e8a63f409a4541b3aac4b695c535228c4a89b15c8033567d645f

                                                                                • C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll

                                                                                  Filesize

                                                                                  4.2MB

                                                                                  MD5

                                                                                  dd3a757828c6cc214fac84486f69ba8e

                                                                                  SHA1

                                                                                  5f79beada6f80c903b5d1c04f0eb30e8acd396a2

                                                                                  SHA256

                                                                                  baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c

                                                                                  SHA512

                                                                                  9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e

                                                                                • C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader_icd.json

                                                                                  Filesize

                                                                                  106B

                                                                                  MD5

                                                                                  8642dd3a87e2de6e991fae08458e302b

                                                                                  SHA1

                                                                                  9c06735c31cec00600fd763a92f8112d085bd12a

                                                                                  SHA256

                                                                                  32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

                                                                                  SHA512

                                                                                  f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

                                                                                • C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vulkan-1.dll

                                                                                  Filesize

                                                                                  744KB

                                                                                  MD5

                                                                                  bb7496239e0f1b44c935df3954c3fc42

                                                                                  SHA1

                                                                                  d063da60766682cf40b690bc03094e5c7ebd8669

                                                                                  SHA256

                                                                                  e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c

                                                                                  SHA512

                                                                                  7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324

                                                                                • C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\ValorantLoading0%.exe

                                                                                  Filesize

                                                                                  127.7MB

                                                                                  MD5

                                                                                  eddf449b4cb68943b945cd402552da0a

                                                                                  SHA1

                                                                                  7e158b5db7261b7c55d32f7da8c9ae381b16de59

                                                                                  SHA256

                                                                                  cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a

                                                                                  SHA512

                                                                                  33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

                                                                                • C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\chrome_100_percent.pak

                                                                                  Filesize

                                                                                  126KB

                                                                                  MD5

                                                                                  44a69827d4aa75426f3c577af2f8618e

                                                                                  SHA1

                                                                                  7bdd115425b05414b64dcdb7d980b92ecd3f15b3

                                                                                  SHA256

                                                                                  bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b

                                                                                  SHA512

                                                                                  5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049

                                                                                • C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\chrome_200_percent.pak

                                                                                  Filesize

                                                                                  175KB

                                                                                  MD5

                                                                                  9c379fc04a7bf1a853b14834f58c9f4b

                                                                                  SHA1

                                                                                  c105120fd00001c9ebdf2b3b981ecccb02f8eefb

                                                                                  SHA256

                                                                                  b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48

                                                                                  SHA512

                                                                                  f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13

                                                                                • C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\d3dcompiler_47.dll

                                                                                  Filesize

                                                                                  3.9MB

                                                                                  MD5

                                                                                  ab3be0c427c6e405fad496db1545bd61

                                                                                  SHA1

                                                                                  76012f31db8618624bc8b563698b2669365e49cb

                                                                                  SHA256

                                                                                  827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

                                                                                  SHA512

                                                                                  d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

                                                                                • C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\ffmpeg.dll

                                                                                  Filesize

                                                                                  2.4MB

                                                                                  MD5

                                                                                  2132fad8315a47284cb3ffc75b318b28

                                                                                  SHA1

                                                                                  1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a

                                                                                  SHA256

                                                                                  5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29

                                                                                  SHA512

                                                                                  f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

                                                                                • C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\icudtl.dat

                                                                                  Filesize

                                                                                  10.0MB

                                                                                  MD5

                                                                                  cf9421b601645bda331c7136a0a9c3f8

                                                                                  SHA1

                                                                                  9950d66df9022f1caa941ab0e9647636f7b7a286

                                                                                  SHA256

                                                                                  8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5

                                                                                  SHA512

                                                                                  bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb

                                                                                • C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\libEGL.dll

                                                                                  Filesize

                                                                                  367KB

                                                                                  MD5

                                                                                  5c70cc094fc6e108a5689c88f1144a51

                                                                                  SHA1

                                                                                  460b668e4301e774b79b182756db25fb0b7c206e

                                                                                  SHA256

                                                                                  c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42

                                                                                  SHA512

                                                                                  3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7

                                                                                • C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\libGLESv2.dll

                                                                                  Filesize

                                                                                  6.2MB

                                                                                  MD5

                                                                                  7b2ce44ad89a57b1183d36e89fd0357f

                                                                                  SHA1

                                                                                  178f7ed96f5c879b08729acff45bc50cd2ed64c7

                                                                                  SHA256

                                                                                  9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701

                                                                                  SHA512

                                                                                  9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41

                                                                                • C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\resources\app.asar

                                                                                  Filesize

                                                                                  51.2MB

                                                                                  MD5

                                                                                  da5450df07fb87578c50f8eaa285c061

                                                                                  SHA1

                                                                                  449fbd7d4d1bede8e332d23680356c288dc67b29

                                                                                  SHA256

                                                                                  40e5407156eaf70e89d953f39314196c9f0a909ad64a3e511812f2358c697089

                                                                                  SHA512

                                                                                  cb035593dbf7766e0afe8494493069c89c9bd1587124b17449ead9085d0bdefcc069dadd47296fa46f3918f2edfa114e8eac7ad4d7b54c25ef01b08a27bc894e

                                                                                • C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\resources\elevate.exe

                                                                                  Filesize

                                                                                  105KB

                                                                                  MD5

                                                                                  792b92c8ad13c46f27c7ced0810694df

                                                                                  SHA1

                                                                                  d8d449b92de20a57df722df46435ba4553ecc802

                                                                                  SHA256

                                                                                  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

                                                                                  SHA512

                                                                                  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

                                                                                • C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\snapshot_blob.bin

                                                                                  Filesize

                                                                                  290KB

                                                                                  MD5

                                                                                  c2cf86c9046343131080edf914f69eba

                                                                                  SHA1

                                                                                  10bb7f1a96fdbcd4d5cd7a0ec2477f3c0354eed7

                                                                                  SHA256

                                                                                  7209863f22740b465301ce82919a042df5dbb7a7c50828643c9cd2e1e8802496

                                                                                  SHA512

                                                                                  d78ffcdcc9ca77c1405f3e98ba5b5b7a56c39bd06d923f39a4df9e56aba3af8afd1ebd8f09a85b5f2c71c9c2e5843d9e724ca3475693966dcfab1c7703c6c06d

                                                                                • C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\v8_context_snapshot.bin

                                                                                  Filesize

                                                                                  590KB

                                                                                  MD5

                                                                                  60beed67e605fdbe79d2735f59113a93

                                                                                  SHA1

                                                                                  6cd5625c6dfb8a16b619490890e38c6da902b43e

                                                                                  SHA256

                                                                                  ffc7423ee2a75a420118465181e9307c6b7b2df5e40d7e4018dec07a9c6bab11

                                                                                  SHA512

                                                                                  1f4bff04464fab0c149344529903aa805c7c03b7f8c21b5f959c7c7ff11802d07079e069d3b8e8a63f409a4541b3aac4b695c535228c4a89b15c8033567d645f

                                                                                • C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\vk_swiftshader.dll

                                                                                  Filesize

                                                                                  4.2MB

                                                                                  MD5

                                                                                  dd3a757828c6cc214fac84486f69ba8e

                                                                                  SHA1

                                                                                  5f79beada6f80c903b5d1c04f0eb30e8acd396a2

                                                                                  SHA256

                                                                                  baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c

                                                                                  SHA512

                                                                                  9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e

                                                                                • C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\vk_swiftshader_icd.json

                                                                                  Filesize

                                                                                  106B

                                                                                  MD5

                                                                                  8642dd3a87e2de6e991fae08458e302b

                                                                                  SHA1

                                                                                  9c06735c31cec00600fd763a92f8112d085bd12a

                                                                                  SHA256

                                                                                  32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

                                                                                  SHA512

                                                                                  f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

                                                                                • C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\vulkan-1.dll

                                                                                  Filesize

                                                                                  744KB

                                                                                  MD5

                                                                                  bb7496239e0f1b44c935df3954c3fc42

                                                                                  SHA1

                                                                                  d063da60766682cf40b690bc03094e5c7ebd8669

                                                                                  SHA256

                                                                                  e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c

                                                                                  SHA512

                                                                                  7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324

                                                                                • C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\StdUtils.dll

                                                                                  Filesize

                                                                                  100KB

                                                                                  MD5

                                                                                  c6a6e03f77c313b267498515488c5740

                                                                                  SHA1

                                                                                  3d49fc2784b9450962ed6b82b46e9c3c957d7c15

                                                                                  SHA256

                                                                                  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

                                                                                  SHA512

                                                                                  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

                                                                                • C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\DawnCache\data_0

                                                                                  Filesize

                                                                                  8KB

                                                                                  MD5

                                                                                  cf89d16bb9107c631daabf0c0ee58efb

                                                                                  SHA1

                                                                                  3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                                                                  SHA256

                                                                                  d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                                                                  SHA512

                                                                                  8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                                                                • C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\DawnCache\data_2

                                                                                  Filesize

                                                                                  8KB

                                                                                  MD5

                                                                                  0962291d6d367570bee5454721c17e11

                                                                                  SHA1

                                                                                  59d10a893ef321a706a9255176761366115bedcb

                                                                                  SHA256

                                                                                  ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                                                  SHA512

                                                                                  f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                                                • C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\DawnCache\data_3

                                                                                  Filesize

                                                                                  8KB

                                                                                  MD5

                                                                                  41876349cb12d6db992f1309f22df3f0

                                                                                  SHA1

                                                                                  5cf26b3420fc0302cd0a71e8d029739b8765be27

                                                                                  SHA256

                                                                                  e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                                                                  SHA512

                                                                                  e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                                                                • C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Local Storage\leveldb\CURRENT~RF6cba6a.TMP

                                                                                  Filesize

                                                                                  16B

                                                                                  MD5

                                                                                  46295cac801e5d4857d09837238a6394

                                                                                  SHA1

                                                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                  SHA256

                                                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                  SHA512

                                                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                • \Users\Admin\AppData\Local\Temp\14446c6f-0580-43d5-b2d3-50decf8f930b.tmp.node

                                                                                  Filesize

                                                                                  120KB

                                                                                  MD5

                                                                                  aa7eb1ed50471e76e52494e9ecf56e88

                                                                                  SHA1

                                                                                  b5cdfc7ca8fdfae7be282852d206966dcb88700d

                                                                                  SHA256

                                                                                  1544875269095605b5ef42195f86e785972cb6bef187a39fc388f46b6beb2ba2

                                                                                  SHA512

                                                                                  37b5714542b4cafc88646e535f8b55b5a0d0afeb5aa4c39624494d37727c9763f903a24c7844c03736aabede062f226bd90e8c99edfd657742a9f61379d5ecff

                                                                                • \Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

                                                                                  Filesize

                                                                                  127.7MB

                                                                                  MD5

                                                                                  eddf449b4cb68943b945cd402552da0a

                                                                                  SHA1

                                                                                  7e158b5db7261b7c55d32f7da8c9ae381b16de59

                                                                                  SHA256

                                                                                  cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a

                                                                                  SHA512

                                                                                  33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

                                                                                • \Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

                                                                                  Filesize

                                                                                  127.7MB

                                                                                  MD5

                                                                                  eddf449b4cb68943b945cd402552da0a

                                                                                  SHA1

                                                                                  7e158b5db7261b7c55d32f7da8c9ae381b16de59

                                                                                  SHA256

                                                                                  cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a

                                                                                  SHA512

                                                                                  33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

                                                                                • \Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

                                                                                  Filesize

                                                                                  127.7MB

                                                                                  MD5

                                                                                  eddf449b4cb68943b945cd402552da0a

                                                                                  SHA1

                                                                                  7e158b5db7261b7c55d32f7da8c9ae381b16de59

                                                                                  SHA256

                                                                                  cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a

                                                                                  SHA512

                                                                                  33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

                                                                                • \Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

                                                                                  Filesize

                                                                                  127.7MB

                                                                                  MD5

                                                                                  eddf449b4cb68943b945cd402552da0a

                                                                                  SHA1

                                                                                  7e158b5db7261b7c55d32f7da8c9ae381b16de59

                                                                                  SHA256

                                                                                  cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a

                                                                                  SHA512

                                                                                  33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

                                                                                • \Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

                                                                                  Filesize

                                                                                  127.7MB

                                                                                  MD5

                                                                                  eddf449b4cb68943b945cd402552da0a

                                                                                  SHA1

                                                                                  7e158b5db7261b7c55d32f7da8c9ae381b16de59

                                                                                  SHA256

                                                                                  cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a

                                                                                  SHA512

                                                                                  33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

                                                                                • \Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\d3dcompiler_47.dll

                                                                                  Filesize

                                                                                  3.9MB

                                                                                  MD5

                                                                                  ab3be0c427c6e405fad496db1545bd61

                                                                                  SHA1

                                                                                  76012f31db8618624bc8b563698b2669365e49cb

                                                                                  SHA256

                                                                                  827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

                                                                                  SHA512

                                                                                  d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

                                                                                • \Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\d3dcompiler_47.dll

                                                                                  Filesize

                                                                                  3.9MB

                                                                                  MD5

                                                                                  ab3be0c427c6e405fad496db1545bd61

                                                                                  SHA1

                                                                                  76012f31db8618624bc8b563698b2669365e49cb

                                                                                  SHA256

                                                                                  827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

                                                                                  SHA512

                                                                                  d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

                                                                                • \Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

                                                                                  Filesize

                                                                                  2.4MB

                                                                                  MD5

                                                                                  2132fad8315a47284cb3ffc75b318b28

                                                                                  SHA1

                                                                                  1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a

                                                                                  SHA256

                                                                                  5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29

                                                                                  SHA512

                                                                                  f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

                                                                                • \Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

                                                                                  Filesize

                                                                                  2.4MB

                                                                                  MD5

                                                                                  2132fad8315a47284cb3ffc75b318b28

                                                                                  SHA1

                                                                                  1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a

                                                                                  SHA256

                                                                                  5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29

                                                                                  SHA512

                                                                                  f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

                                                                                • \Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

                                                                                  Filesize

                                                                                  2.4MB

                                                                                  MD5

                                                                                  2132fad8315a47284cb3ffc75b318b28

                                                                                  SHA1

                                                                                  1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a

                                                                                  SHA256

                                                                                  5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29

                                                                                  SHA512

                                                                                  f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

                                                                                • \Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

                                                                                  Filesize

                                                                                  2.4MB

                                                                                  MD5

                                                                                  2132fad8315a47284cb3ffc75b318b28

                                                                                  SHA1

                                                                                  1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a

                                                                                  SHA256

                                                                                  5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29

                                                                                  SHA512

                                                                                  f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

                                                                                • \Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

                                                                                  Filesize

                                                                                  2.4MB

                                                                                  MD5

                                                                                  2132fad8315a47284cb3ffc75b318b28

                                                                                  SHA1

                                                                                  1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a

                                                                                  SHA256

                                                                                  5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29

                                                                                  SHA512

                                                                                  f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

                                                                                • \Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libEGL.dll

                                                                                  Filesize

                                                                                  367KB

                                                                                  MD5

                                                                                  5c70cc094fc6e108a5689c88f1144a51

                                                                                  SHA1

                                                                                  460b668e4301e774b79b182756db25fb0b7c206e

                                                                                  SHA256

                                                                                  c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42

                                                                                  SHA512

                                                                                  3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7

                                                                                • \Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libEGL.dll

                                                                                  Filesize

                                                                                  367KB

                                                                                  MD5

                                                                                  5c70cc094fc6e108a5689c88f1144a51

                                                                                  SHA1

                                                                                  460b668e4301e774b79b182756db25fb0b7c206e

                                                                                  SHA256

                                                                                  c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42

                                                                                  SHA512

                                                                                  3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7

                                                                                • \Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libGLESv2.dll

                                                                                  Filesize

                                                                                  6.2MB

                                                                                  MD5

                                                                                  7b2ce44ad89a57b1183d36e89fd0357f

                                                                                  SHA1

                                                                                  178f7ed96f5c879b08729acff45bc50cd2ed64c7

                                                                                  SHA256

                                                                                  9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701

                                                                                  SHA512

                                                                                  9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41

                                                                                • \Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libGLESv2.dll

                                                                                  Filesize

                                                                                  6.2MB

                                                                                  MD5

                                                                                  7b2ce44ad89a57b1183d36e89fd0357f

                                                                                  SHA1

                                                                                  178f7ed96f5c879b08729acff45bc50cd2ed64c7

                                                                                  SHA256

                                                                                  9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701

                                                                                  SHA512

                                                                                  9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41

                                                                                • \Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll

                                                                                  Filesize

                                                                                  4.2MB

                                                                                  MD5

                                                                                  dd3a757828c6cc214fac84486f69ba8e

                                                                                  SHA1

                                                                                  5f79beada6f80c903b5d1c04f0eb30e8acd396a2

                                                                                  SHA256

                                                                                  baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c

                                                                                  SHA512

                                                                                  9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e

                                                                                • \Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll

                                                                                  Filesize

                                                                                  4.2MB

                                                                                  MD5

                                                                                  dd3a757828c6cc214fac84486f69ba8e

                                                                                  SHA1

                                                                                  5f79beada6f80c903b5d1c04f0eb30e8acd396a2

                                                                                  SHA256

                                                                                  baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c

                                                                                  SHA512

                                                                                  9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e

                                                                                • \Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll

                                                                                  Filesize

                                                                                  4.2MB

                                                                                  MD5

                                                                                  dd3a757828c6cc214fac84486f69ba8e

                                                                                  SHA1

                                                                                  5f79beada6f80c903b5d1c04f0eb30e8acd396a2

                                                                                  SHA256

                                                                                  baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c

                                                                                  SHA512

                                                                                  9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e

                                                                                • \Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll

                                                                                  Filesize

                                                                                  4.2MB

                                                                                  MD5

                                                                                  dd3a757828c6cc214fac84486f69ba8e

                                                                                  SHA1

                                                                                  5f79beada6f80c903b5d1c04f0eb30e8acd396a2

                                                                                  SHA256

                                                                                  baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c

                                                                                  SHA512

                                                                                  9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e

                                                                                • \Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vulkan-1.dll

                                                                                  Filesize

                                                                                  744KB

                                                                                  MD5

                                                                                  bb7496239e0f1b44c935df3954c3fc42

                                                                                  SHA1

                                                                                  d063da60766682cf40b690bc03094e5c7ebd8669

                                                                                  SHA256

                                                                                  e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c

                                                                                  SHA512

                                                                                  7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324

                                                                                • \Users\Admin\AppData\Local\Temp\nst391C.tmp\StdUtils.dll

                                                                                  Filesize

                                                                                  100KB

                                                                                  MD5

                                                                                  c6a6e03f77c313b267498515488c5740

                                                                                  SHA1

                                                                                  3d49fc2784b9450962ed6b82b46e9c3c957d7c15

                                                                                  SHA256

                                                                                  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

                                                                                  SHA512

                                                                                  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

                                                                                • \Users\Admin\AppData\Local\Temp\nst391C.tmp\System.dll

                                                                                  Filesize

                                                                                  12KB

                                                                                  MD5

                                                                                  0d7ad4f45dc6f5aa87f606d0331c6901

                                                                                  SHA1

                                                                                  48df0911f0484cbe2a8cdd5362140b63c41ee457

                                                                                  SHA256

                                                                                  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

                                                                                  SHA512

                                                                                  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

                                                                                • \Users\Admin\AppData\Local\Temp\nst391C.tmp\nsis7z.dll

                                                                                  Filesize

                                                                                  424KB

                                                                                  MD5

                                                                                  80e44ce4895304c6a3a831310fbf8cd0

                                                                                  SHA1

                                                                                  36bd49ae21c460be5753a904b4501f1abca53508

                                                                                  SHA256

                                                                                  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

                                                                                  SHA512

                                                                                  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

                                                                                • memory/1572-299-0x0000000000920000-0x0000000000921000-memory.dmp

                                                                                  Filesize

                                                                                  4KB

                                                                                • memory/2668-266-0x00000000004E0000-0x00000000004E1000-memory.dmp

                                                                                  Filesize

                                                                                  4KB