Malware Analysis Report

2025-08-06 00:52

Sample ID 230429-t2xpfadd2v
Target ValorantLoading0.exe
SHA256 2db50e843ecb7e518b6dbf29192158e0b2c3bfacdbe2257be98ad45319bba568
Tags
lumma stealer spyware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2db50e843ecb7e518b6dbf29192158e0b2c3bfacdbe2257be98ad45319bba568

Threat Level: Known bad

The file ValorantLoading0.exe was found to be: Known bad.

Malicious Activity Summary

lumma stealer spyware

Lumma Stealer

Executes dropped EXE

Reads user/profile data of web browsers

Loads dropped DLL

Drops startup file

Checks computer location settings

Unsigned PE

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Enumerates processes with tasklist

Kills process with taskkill

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious behavior: LoadsDriver

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-29 16:33

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-29 16:33

Reported

2023-04-29 16:36

Platform

win7-20230220-en

Max time kernel

25s

Max time network

161s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe"

Signatures

Lumma Stealer

stealer lumma

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A

Enumerates physical storage devices

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 872 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 1064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1276 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1276 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1276 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1276 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 1612 wrote to memory of 520 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1612 wrote to memory of 520 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1612 wrote to memory of 520 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1240 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1240 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1240 wrote to memory of 1052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 872 wrote to memory of 2012 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1240 wrote to memory of 2056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1240 wrote to memory of 2056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1240 wrote to memory of 2056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1240 wrote to memory of 2056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1240 wrote to memory of 2056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1240 wrote to memory of 2056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1240 wrote to memory of 2056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1240 wrote to memory of 2056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1240 wrote to memory of 2056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1240 wrote to memory of 2056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1240 wrote to memory of 2056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1240 wrote to memory of 2056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe

"C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5fa9758,0x7fef5fa9768,0x7fef5fa9778

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5fa9758,0x7fef5fa9768,0x7fef5fa9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5fa9758,0x7fef5fa9768,0x7fef5fa9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=1364,i,1929071770762687364,10823359012165618813,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1220 --field-trial-handle=1264,i,9517913687812422292,5433684922195904951,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=1264,i,9517913687812422292,5433684922195904951,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1364,i,1929071770762687364,10823359012165618813,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1364,i,1929071770762687364,10823359012165618813,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2240 --field-trial-handle=1364,i,1929071770762687364,10823359012165618813,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2264 --field-trial-handle=1364,i,1929071770762687364,10823359012165618813,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1208 --field-trial-handle=1252,i,431051597181870794,12755281343275445983,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=1252,i,431051597181870794,12755281343275445983,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=912 --field-trial-handle=1020,i,3379062896062076106,17685055750181938799,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=1196 --field-trial-handle=1020,i,3379062896062076106,17685055750181938799,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1376 --field-trial-handle=1020,i,3379062896062076106,17685055750181938799,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3324 --field-trial-handle=1364,i,1929071770762687364,10823359012165618813,131072 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=912 --field-trial-handle=1020,i,3379062896062076106,17685055750181938799,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1400 --field-trial-handle=1364,i,1929071770762687364,10823359012165618813,131072 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"

C:\Windows\SysWOW64\taskkill.exe

taskkill /IM chrome.exe /F

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3688 --field-trial-handle=1364,i,1929071770762687364,10823359012165618813,131072 /prefetch:1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5fa9758,0x7fef5fa9768,0x7fef5fa9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2292 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2300 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1368 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1368 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3512 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3540 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3796 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.208.110:443 redirector.gvt1.com tcp
GB 216.58.208.110:443 redirector.gvt1.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 r5---sn-5hnednsz.gvt1.com udp
NL 74.125.8.234:443 r5---sn-5hnednsz.gvt1.com udp
NL 74.125.8.234:443 r5---sn-5hnednsz.gvt1.com tcp
US 8.8.8.8:53 bbynetwork.nl udp
US 8.8.8.8:53 bbynetwork.nl udp
US 8.8.8.8:53 discord.gg udp
US 162.159.135.234:443 discord.gg tcp
US 162.159.135.234:443 discord.gg tcp
US 8.8.4.4:443 dns.google udp
US 8.8.8.8:53 viewer.bby.gg udp
US 8.8.8.8:53 stun.l.google.com udp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
GB 51.77.122.237:443 viewer.bby.gg tcp
US 74.125.128.127:19302 stun.l.google.com udp
GB 51.77.122.237:443 viewer.bby.gg tcp
US 8.8.8.8:53 apis.google.com udp
DE 172.217.23.206:443 apis.google.com tcp

Files

\Users\Admin\AppData\Local\Temp\nst391C.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

\Users\Admin\AppData\Local\Temp\nst391C.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\chrome_100_percent.pak

MD5 44a69827d4aa75426f3c577af2f8618e
SHA1 7bdd115425b05414b64dcdb7d980b92ecd3f15b3
SHA256 bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b
SHA512 5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049

C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\chrome_200_percent.pak

MD5 9c379fc04a7bf1a853b14834f58c9f4b
SHA1 c105120fd00001c9ebdf2b3b981ecccb02f8eefb
SHA256 b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48
SHA512 f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13

C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\d3dcompiler_47.dll

MD5 ab3be0c427c6e405fad496db1545bd61
SHA1 76012f31db8618624bc8b563698b2669365e49cb
SHA256 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
SHA512 d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\icudtl.dat

MD5 cf9421b601645bda331c7136a0a9c3f8
SHA1 9950d66df9022f1caa941ab0e9647636f7b7a286
SHA256 8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5
SHA512 bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb

C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\libEGL.dll

MD5 5c70cc094fc6e108a5689c88f1144a51
SHA1 460b668e4301e774b79b182756db25fb0b7c206e
SHA256 c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42
SHA512 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7

C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\libGLESv2.dll

MD5 7b2ce44ad89a57b1183d36e89fd0357f
SHA1 178f7ed96f5c879b08729acff45bc50cd2ed64c7
SHA256 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701
SHA512 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41

C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\snapshot_blob.bin

MD5 c2cf86c9046343131080edf914f69eba
SHA1 10bb7f1a96fdbcd4d5cd7a0ec2477f3c0354eed7
SHA256 7209863f22740b465301ce82919a042df5dbb7a7c50828643c9cd2e1e8802496
SHA512 d78ffcdcc9ca77c1405f3e98ba5b5b7a56c39bd06d923f39a4df9e56aba3af8afd1ebd8f09a85b5f2c71c9c2e5843d9e724ca3475693966dcfab1c7703c6c06d

C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\v8_context_snapshot.bin

MD5 60beed67e605fdbe79d2735f59113a93
SHA1 6cd5625c6dfb8a16b619490890e38c6da902b43e
SHA256 ffc7423ee2a75a420118465181e9307c6b7b2df5e40d7e4018dec07a9c6bab11
SHA512 1f4bff04464fab0c149344529903aa805c7c03b7f8c21b5f959c7c7ff11802d07079e069d3b8e8a63f409a4541b3aac4b695c535228c4a89b15c8033567d645f

C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\vulkan-1.dll

MD5 bb7496239e0f1b44c935df3954c3fc42
SHA1 d063da60766682cf40b690bc03094e5c7ebd8669
SHA256 e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c
SHA512 7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324

C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\vk_swiftshader.dll

MD5 dd3a757828c6cc214fac84486f69ba8e
SHA1 5f79beada6f80c903b5d1c04f0eb30e8acd396a2
SHA256 baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c
SHA512 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e

C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\resources\app.asar

MD5 da5450df07fb87578c50f8eaa285c061
SHA1 449fbd7d4d1bede8e332d23680356c288dc67b29
SHA256 40e5407156eaf70e89d953f39314196c9f0a909ad64a3e511812f2358c697089
SHA512 cb035593dbf7766e0afe8494493069c89c9bd1587124b17449ead9085d0bdefcc069dadd47296fa46f3918f2edfa114e8eac7ad4d7b54c25ef01b08a27bc894e

C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

\Users\Admin\AppData\Local\Temp\nst391C.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 a0dac56ef957c4491da5fb8d2b826207
SHA1 e3b5d8347ef3defa52e46771c55db81008c3e65c
SHA256 bb2d076c1dde53073887c6d5610bedd7f42cb9f38968b4c160ffe4f393193df2
SHA512 2ebd27eede9a8528c87dcf23570bf7b15fe4b5ef4cd34a6e79a455aad99a3e00715916d8846de2a5abd3fff26b3016fbd51cd74f04b5e6c7650505c7c27e03b2

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\v8_context_snapshot.bin

MD5 60beed67e605fdbe79d2735f59113a93
SHA1 6cd5625c6dfb8a16b619490890e38c6da902b43e
SHA256 ffc7423ee2a75a420118465181e9307c6b7b2df5e40d7e4018dec07a9c6bab11
SHA512 1f4bff04464fab0c149344529903aa805c7c03b7f8c21b5f959c7c7ff11802d07079e069d3b8e8a63f409a4541b3aac4b695c535228c4a89b15c8033567d645f

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\icudtl.dat

MD5 cf9421b601645bda331c7136a0a9c3f8
SHA1 9950d66df9022f1caa941ab0e9647636f7b7a286
SHA256 8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5
SHA512 bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 a0dac56ef957c4491da5fb8d2b826207
SHA1 e3b5d8347ef3defa52e46771c55db81008c3e65c
SHA256 bb2d076c1dde53073887c6d5610bedd7f42cb9f38968b4c160ffe4f393193df2
SHA512 2ebd27eede9a8528c87dcf23570bf7b15fe4b5ef4cd34a6e79a455aad99a3e00715916d8846de2a5abd3fff26b3016fbd51cd74f04b5e6c7650505c7c27e03b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar

MD5 da5450df07fb87578c50f8eaa285c061
SHA1 449fbd7d4d1bede8e332d23680356c288dc67b29
SHA256 40e5407156eaf70e89d953f39314196c9f0a909ad64a3e511812f2358c697089
SHA512 cb035593dbf7766e0afe8494493069c89c9bd1587124b17449ead9085d0bdefcc069dadd47296fa46f3918f2edfa114e8eac7ad4d7b54c25ef01b08a27bc894e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 a0dac56ef957c4491da5fb8d2b826207
SHA1 e3b5d8347ef3defa52e46771c55db81008c3e65c
SHA256 bb2d076c1dde53073887c6d5610bedd7f42cb9f38968b4c160ffe4f393193df2
SHA512 2ebd27eede9a8528c87dcf23570bf7b15fe4b5ef4cd34a6e79a455aad99a3e00715916d8846de2a5abd3fff26b3016fbd51cd74f04b5e6c7650505c7c27e03b2

\??\pipe\crashpad_872_EBREADOEZYXOGULE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\Users\Admin\AppData\Local\Temp\14446c6f-0580-43d5-b2d3-50decf8f930b.tmp.node

MD5 aa7eb1ed50471e76e52494e9ecf56e88
SHA1 b5cdfc7ca8fdfae7be282852d206966dcb88700d
SHA256 1544875269095605b5ef42195f86e785972cb6bef187a39fc388f46b6beb2ba2
SHA512 37b5714542b4cafc88646e535f8b55b5a0d0afeb5aa4c39624494d37727c9763f903a24c7844c03736aabede062f226bd90e8c99edfd657742a9f61379d5ecff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 a0dac56ef957c4491da5fb8d2b826207
SHA1 e3b5d8347ef3defa52e46771c55db81008c3e65c
SHA256 bb2d076c1dde53073887c6d5610bedd7f42cb9f38968b4c160ffe4f393193df2
SHA512 2ebd27eede9a8528c87dcf23570bf7b15fe4b5ef4cd34a6e79a455aad99a3e00715916d8846de2a5abd3fff26b3016fbd51cd74f04b5e6c7650505c7c27e03b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 a0dac56ef957c4491da5fb8d2b826207
SHA1 e3b5d8347ef3defa52e46771c55db81008c3e65c
SHA256 bb2d076c1dde53073887c6d5610bedd7f42cb9f38968b4c160ffe4f393193df2
SHA512 2ebd27eede9a8528c87dcf23570bf7b15fe4b5ef4cd34a6e79a455aad99a3e00715916d8846de2a5abd3fff26b3016fbd51cd74f04b5e6c7650505c7c27e03b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 a0dac56ef957c4491da5fb8d2b826207
SHA1 e3b5d8347ef3defa52e46771c55db81008c3e65c
SHA256 bb2d076c1dde53073887c6d5610bedd7f42cb9f38968b4c160ffe4f393193df2
SHA512 2ebd27eede9a8528c87dcf23570bf7b15fe4b5ef4cd34a6e79a455aad99a3e00715916d8846de2a5abd3fff26b3016fbd51cd74f04b5e6c7650505c7c27e03b2

\??\pipe\crashpad_1240_OHTIKFTBUSLTPHOU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\chrome_200_percent.pak

MD5 9c379fc04a7bf1a853b14834f58c9f4b
SHA1 c105120fd00001c9ebdf2b3b981ecccb02f8eefb
SHA256 b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48
SHA512 f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\chrome_100_percent.pak

MD5 44a69827d4aa75426f3c577af2f8618e
SHA1 7bdd115425b05414b64dcdb7d980b92ecd3f15b3
SHA256 bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b
SHA512 5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 a0dac56ef957c4491da5fb8d2b826207
SHA1 e3b5d8347ef3defa52e46771c55db81008c3e65c
SHA256 bb2d076c1dde53073887c6d5610bedd7f42cb9f38968b4c160ffe4f393193df2
SHA512 2ebd27eede9a8528c87dcf23570bf7b15fe4b5ef4cd34a6e79a455aad99a3e00715916d8846de2a5abd3fff26b3016fbd51cd74f04b5e6c7650505c7c27e03b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 a0dac56ef957c4491da5fb8d2b826207
SHA1 e3b5d8347ef3defa52e46771c55db81008c3e65c
SHA256 bb2d076c1dde53073887c6d5610bedd7f42cb9f38968b4c160ffe4f393193df2
SHA512 2ebd27eede9a8528c87dcf23570bf7b15fe4b5ef4cd34a6e79a455aad99a3e00715916d8846de2a5abd3fff26b3016fbd51cd74f04b5e6c7650505c7c27e03b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 8549c255650427d618ef18b14dfd2b56
SHA1 8272585186777b344db3960df62b00f570d247f6
SHA256 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512 e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

\??\pipe\crashpad_1612_LFVVCXIATAMDQDYP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000004.dbtmp

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7e59820af6b739052921594066b12beb
SHA1 9dfb54104f16f865d527fa10bed790940458a410
SHA256 1aeaa593d6ef0259011dfe8cb9f4e600ccb6eab4c439dd264766d8d685e259f6
SHA512 35cdfb98407e070369b90fc7adb980176660e774e64a3f5e92320af27fa33d9c47d0389d03d87fea8400328a86db5ff6ce3fe14690b40804a8814d6887dc3372

memory/2668-266-0x00000000004E0000-0x00000000004E1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c5719486-6c47-4dd1-8876-9f5ab25bf3ea.tmp

MD5 7e59820af6b739052921594066b12beb
SHA1 9dfb54104f16f865d527fa10bed790940458a410
SHA256 1aeaa593d6ef0259011dfe8cb9f4e600ccb6eab4c439dd264766d8d685e259f6
SHA512 35cdfb98407e070369b90fc7adb980176660e774e64a3f5e92320af27fa33d9c47d0389d03d87fea8400328a86db5ff6ce3fe14690b40804a8814d6887dc3372

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d982a4c6-0a57-4fec-b98c-35e3fbac4745.tmp

MD5 6bd1f2beb6ed0499bc9c38c81c9a8780
SHA1 8a9a8cd7cfee8016d6bcf2c90b8f90d16a516264
SHA256 925947d52d90e5a2fa24b8f57f376d3f9d687938590594de0562b828abaf7ae3
SHA512 612027853a735c892dd6c29581cff156b8e0a6bda285b25bfe959e35f677ce1fc5582a4e0184c7fdc085d28e216940614074f9153dcc2ed8ae974600c2f00c85

memory/1572-299-0x0000000000920000-0x0000000000921000-memory.dmp

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Local Storage\leveldb\CURRENT~RF6cba6a.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6bd1f2beb6ed0499bc9c38c81c9a8780
SHA1 8a9a8cd7cfee8016d6bcf2c90b8f90d16a516264
SHA256 925947d52d90e5a2fa24b8f57f376d3f9d687938590594de0562b828abaf7ae3
SHA512 612027853a735c892dd6c29581cff156b8e0a6bda285b25bfe959e35f677ce1fc5582a4e0184c7fdc085d28e216940614074f9153dcc2ed8ae974600c2f00c85

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\debug.log

MD5 38637e76d3c6e34a0475130619344ad5
SHA1 4a311e7a5e2c83f62f5bb46ac086dd5fdde99025
SHA256 24366dc60966247eb48a2e5bb32fa509e878b39e76a25bc669957725672138b5
SHA512 40d4fc5fc32693da2384d4e137b18af8274810531b8523e1356505d4b8469b19ff8654e88e2b3b1d211e0aadf0a4c6ddd9ff671051599c55af3cbb9daf0be4e9

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\D3DCompiler_47.dll

MD5 ab3be0c427c6e405fad496db1545bd61
SHA1 76012f31db8618624bc8b563698b2669365e49cb
SHA256 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
SHA512 d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libEGL.dll

MD5 5c70cc094fc6e108a5689c88f1144a51
SHA1 460b668e4301e774b79b182756db25fb0b7c206e
SHA256 c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42
SHA512 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libegl.dll

MD5 5c70cc094fc6e108a5689c88f1144a51
SHA1 460b668e4301e774b79b182756db25fb0b7c206e
SHA256 c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42
SHA512 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libGLESv2.dll

MD5 7b2ce44ad89a57b1183d36e89fd0357f
SHA1 178f7ed96f5c879b08729acff45bc50cd2ed64c7
SHA256 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701
SHA512 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libglesv2.dll

MD5 7b2ce44ad89a57b1183d36e89fd0357f
SHA1 178f7ed96f5c879b08729acff45bc50cd2ed64c7
SHA256 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701
SHA512 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\d3dcompiler_47.dll

MD5 ab3be0c427c6e405fad496db1545bd61
SHA1 76012f31db8618624bc8b563698b2669365e49cb
SHA256 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
SHA512 d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll

MD5 dd3a757828c6cc214fac84486f69ba8e
SHA1 5f79beada6f80c903b5d1c04f0eb30e8acd396a2
SHA256 baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c
SHA512 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll

MD5 dd3a757828c6cc214fac84486f69ba8e
SHA1 5f79beada6f80c903b5d1c04f0eb30e8acd396a2
SHA256 baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c
SHA512 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll

MD5 dd3a757828c6cc214fac84486f69ba8e
SHA1 5f79beada6f80c903b5d1c04f0eb30e8acd396a2
SHA256 baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c
SHA512 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll

MD5 dd3a757828c6cc214fac84486f69ba8e
SHA1 5f79beada6f80c903b5d1c04f0eb30e8acd396a2
SHA256 baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c
SHA512 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll

MD5 dd3a757828c6cc214fac84486f69ba8e
SHA1 5f79beada6f80c903b5d1c04f0eb30e8acd396a2
SHA256 baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c
SHA512 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vulkan-1.dll

MD5 bb7496239e0f1b44c935df3954c3fc42
SHA1 d063da60766682cf40b690bc03094e5c7ebd8669
SHA256 e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c
SHA512 7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vulkan-1.dll

MD5 bb7496239e0f1b44c935df3954c3fc42
SHA1 d063da60766682cf40b690bc03094e5c7ebd8669
SHA256 e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c
SHA512 7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libEGL.dll

MD5 5c70cc094fc6e108a5689c88f1144a51
SHA1 460b668e4301e774b79b182756db25fb0b7c206e
SHA256 c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42
SHA512 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libGLESv2.dll

MD5 7b2ce44ad89a57b1183d36e89fd0357f
SHA1 178f7ed96f5c879b08729acff45bc50cd2ed64c7
SHA256 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701
SHA512 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41

\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\d3dcompiler_47.dll

MD5 ab3be0c427c6e405fad496db1545bd61
SHA1 76012f31db8618624bc8b563698b2669365e49cb
SHA256 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
SHA512 d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\81a23900-b2fc-4ae1-b22d-fb699e2859c4.tmp

MD5 5d6181809f130d6c396f5a2be8066480
SHA1 bbc7521d0fab2a05821dae0433b9cb99e3f4abcc
SHA256 c961c2d3d0ee7449491d7fd5da3bb7c0ccc8371c5909553d154bdf4e5e0b486a
SHA512 8c2d8157f448006f064245959e1f25898291a686d14ae80d7fcc628084bd0c53b8314dd0c4c21eb31c4b48f4257a8fd27dbb92e601181c4fa86eb3a1d9d91f7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fd2b88f2cd0d96cc5fc2544eca2270fc
SHA1 ecac32977997d40290d1f8430cb882a481f180fd
SHA256 8bd1894b27273ffb811e167f2a0f432d1d8ba8eaf919c3fb30e57d4cfd818aea
SHA512 3701db5e90a954695ca47512aac34c850f90bfa15e0888811fd7479bcdd2660da47272aabb4484d1bce8e5d1a87a131638d0bdd163f1d63200e32edc859bdf92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c42e758abeffb3ffac772eb3ed0bbdb1
SHA1 a2ac67384539cae9effebcbe4186599f4e24eb74
SHA256 c373d8f50242db922e9c1fb4798a0f10fe7bbc70c2ac4c4460075a7110a6f99d
SHA512 61ddb4618a961572aedc2a8e4de35a75a1811bc9f807ab2019c73d6e9716fb189a80a9bfc4833acaf362f5a7b143f942c63f8509405b58e8486fa4e2ef73b036

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-29 16:33

Reported

2023-04-29 16:36

Platform

win10v2004-20230220-en

Max time kernel

151s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe"

Signatures

Lumma Stealer

stealer lumma

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A

Reads user/profile data of web browsers

spyware stealer

Enumerates physical storage devices

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4892 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4892 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4892 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Windows\SysWOW64\cmd.exe
PID 4344 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Windows\SysWOW64\cmd.exe
PID 4344 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Windows\SysWOW64\cmd.exe
PID 1168 wrote to memory of 4740 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 1168 wrote to memory of 4740 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 1168 wrote to memory of 4740 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 4344 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Windows\SysWOW64\cmd.exe
PID 4344 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Windows\SysWOW64\cmd.exe
PID 4344 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Windows\SysWOW64\cmd.exe
PID 384 wrote to memory of 1696 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 384 wrote to memory of 1696 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 384 wrote to memory of 1696 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 4344 wrote to memory of 4244 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4244 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
PID 4344 wrote to memory of 4244 N/A C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe

"C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe"

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1704,i,12366711285107873264,14070169583911649435,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=2052 --field-trial-handle=1704,i,12366711285107873264,14070169583911649435,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2492 --field-trial-handle=1704,i,12366711285107873264,14070169583911649435,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1704,i,12366711285107873264,14070169583911649435,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

Network

Country Destination Domain Proto
US 152.199.43.83:443 tcp
US 152.199.43.83:443 tcp
US 117.18.232.102:443 tcp
US 52.109.13.64:443 tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 93.184.220.29:80 tcp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 40.125.122.151:443 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 dns.google udp
NL 173.223.113.164:443 tcp
NL 173.223.113.131:80 tcp
US 204.79.197.203:80 tcp
US 20.42.65.85:443 tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 93.184.220.29:80 tcp
US 93.184.221.240:80 tcp
NL 173.223.113.131:80 tcp
US 8.8.8.8:53 bbynetwork.nl udp
US 8.8.8.8:53 44.8.109.52.in-addr.arpa udp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 104.21.60.146:443 bbynetwork.nl tcp
US 8.8.8.8:443 dns.google udp
US 74.125.128.127:19302 udp
GB 51.77.122.237:443 tcp
GB 51.77.122.237:443 tcp
US 8.8.8.8:53 146.60.21.104.in-addr.arpa udp
US 8.8.8.8:53 127.128.125.74.in-addr.arpa udp
NL 142.250.179.141:443 tcp
NL 142.250.179.131:443 tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
NL 142.251.36.14:443 tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 254.130.255.8.in-addr.arpa udp
US 104.244.42.133:443 tcp
US 104.244.42.1:443 tcp
US 104.244.42.194:443 tcp

Files

C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\chrome_100_percent.pak

MD5 44a69827d4aa75426f3c577af2f8618e
SHA1 7bdd115425b05414b64dcdb7d980b92ecd3f15b3
SHA256 bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b
SHA512 5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049

C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\chrome_200_percent.pak

MD5 9c379fc04a7bf1a853b14834f58c9f4b
SHA1 c105120fd00001c9ebdf2b3b981ecccb02f8eefb
SHA256 b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48
SHA512 f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13

C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\d3dcompiler_47.dll

MD5 ab3be0c427c6e405fad496db1545bd61
SHA1 76012f31db8618624bc8b563698b2669365e49cb
SHA256 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
SHA512 d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\v8_context_snapshot.bin

MD5 60beed67e605fdbe79d2735f59113a93
SHA1 6cd5625c6dfb8a16b619490890e38c6da902b43e
SHA256 ffc7423ee2a75a420118465181e9307c6b7b2df5e40d7e4018dec07a9c6bab11
SHA512 1f4bff04464fab0c149344529903aa805c7c03b7f8c21b5f959c7c7ff11802d07079e069d3b8e8a63f409a4541b3aac4b695c535228c4a89b15c8033567d645f

C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\snapshot_blob.bin

MD5 c2cf86c9046343131080edf914f69eba
SHA1 10bb7f1a96fdbcd4d5cd7a0ec2477f3c0354eed7
SHA256 7209863f22740b465301ce82919a042df5dbb7a7c50828643c9cd2e1e8802496
SHA512 d78ffcdcc9ca77c1405f3e98ba5b5b7a56c39bd06d923f39a4df9e56aba3af8afd1ebd8f09a85b5f2c71c9c2e5843d9e724ca3475693966dcfab1c7703c6c06d

C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\libGLESv2.dll

MD5 7b2ce44ad89a57b1183d36e89fd0357f
SHA1 178f7ed96f5c879b08729acff45bc50cd2ed64c7
SHA256 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701
SHA512 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41

C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\libEGL.dll

MD5 5c70cc094fc6e108a5689c88f1144a51
SHA1 460b668e4301e774b79b182756db25fb0b7c206e
SHA256 c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42
SHA512 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7

C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\icudtl.dat

MD5 cf9421b601645bda331c7136a0a9c3f8
SHA1 9950d66df9022f1caa941ab0e9647636f7b7a286
SHA256 8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5
SHA512 bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb

C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\vulkan-1.dll

MD5 bb7496239e0f1b44c935df3954c3fc42
SHA1 d063da60766682cf40b690bc03094e5c7ebd8669
SHA256 e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c
SHA512 7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324

C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\vk_swiftshader.dll

MD5 dd3a757828c6cc214fac84486f69ba8e
SHA1 5f79beada6f80c903b5d1c04f0eb30e8acd396a2
SHA256 baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c
SHA512 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e

C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\resources\app.asar

MD5 da5450df07fb87578c50f8eaa285c061
SHA1 449fbd7d4d1bede8e332d23680356c288dc67b29
SHA256 40e5407156eaf70e89d953f39314196c9f0a909ad64a3e511812f2358c697089
SHA512 cb035593dbf7766e0afe8494493069c89c9bd1587124b17449ead9085d0bdefcc069dadd47296fa46f3918f2edfa114e8eac7ad4d7b54c25ef01b08a27bc894e

C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\v8_context_snapshot.bin

MD5 60beed67e605fdbe79d2735f59113a93
SHA1 6cd5625c6dfb8a16b619490890e38c6da902b43e
SHA256 ffc7423ee2a75a420118465181e9307c6b7b2df5e40d7e4018dec07a9c6bab11
SHA512 1f4bff04464fab0c149344529903aa805c7c03b7f8c21b5f959c7c7ff11802d07079e069d3b8e8a63f409a4541b3aac4b695c535228c4a89b15c8033567d645f

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\icudtl.dat

MD5 cf9421b601645bda331c7136a0a9c3f8
SHA1 9950d66df9022f1caa941ab0e9647636f7b7a286
SHA256 8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5
SHA512 bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar

MD5 da5450df07fb87578c50f8eaa285c061
SHA1 449fbd7d4d1bede8e332d23680356c288dc67b29
SHA256 40e5407156eaf70e89d953f39314196c9f0a909ad64a3e511812f2358c697089
SHA512 cb035593dbf7766e0afe8494493069c89c9bd1587124b17449ead9085d0bdefcc069dadd47296fa46f3918f2edfa114e8eac7ad4d7b54c25ef01b08a27bc894e

C:\Users\Admin\AppData\Local\Temp\b47109e8-94c0-4669-9580-4b23d131cf1c.tmp.node

MD5 aa7eb1ed50471e76e52494e9ecf56e88
SHA1 b5cdfc7ca8fdfae7be282852d206966dcb88700d
SHA256 1544875269095605b5ef42195f86e785972cb6bef187a39fc388f46b6beb2ba2
SHA512 37b5714542b4cafc88646e535f8b55b5a0d0afeb5aa4c39624494d37727c9763f903a24c7844c03736aabede062f226bd90e8c99edfd657742a9f61379d5ecff

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\chrome_200_percent.pak

MD5 9c379fc04a7bf1a853b14834f58c9f4b
SHA1 c105120fd00001c9ebdf2b3b981ecccb02f8eefb
SHA256 b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48
SHA512 f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\chrome_100_percent.pak

MD5 44a69827d4aa75426f3c577af2f8618e
SHA1 7bdd115425b05414b64dcdb7d980b92ecd3f15b3
SHA256 bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b
SHA512 5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\d3dcompiler_47.dll

MD5 ab3be0c427c6e405fad496db1545bd61
SHA1 76012f31db8618624bc8b563698b2669365e49cb
SHA256 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
SHA512 d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libglesv2.dll

MD5 7b2ce44ad89a57b1183d36e89fd0357f
SHA1 178f7ed96f5c879b08729acff45bc50cd2ed64c7
SHA256 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701
SHA512 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll

MD5 dd3a757828c6cc214fac84486f69ba8e
SHA1 5f79beada6f80c903b5d1c04f0eb30e8acd396a2
SHA256 baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c
SHA512 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 eddf449b4cb68943b945cd402552da0a
SHA1 7e158b5db7261b7c55d32f7da8c9ae381b16de59
SHA256 cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a
SHA512 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll

MD5 dd3a757828c6cc214fac84486f69ba8e
SHA1 5f79beada6f80c903b5d1c04f0eb30e8acd396a2
SHA256 baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c
SHA512 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vulkan-1.dll

MD5 bb7496239e0f1b44c935df3954c3fc42
SHA1 d063da60766682cf40b690bc03094e5c7ebd8669
SHA256 e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c
SHA512 7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vulkan-1.dll

MD5 bb7496239e0f1b44c935df3954c3fc42
SHA1 d063da60766682cf40b690bc03094e5c7ebd8669
SHA256 e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c
SHA512 7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libEGL.dll

MD5 5c70cc094fc6e108a5689c88f1144a51
SHA1 460b668e4301e774b79b182756db25fb0b7c206e
SHA256 c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42
SHA512 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libegl.dll

MD5 5c70cc094fc6e108a5689c88f1144a51
SHA1 460b668e4301e774b79b182756db25fb0b7c206e
SHA256 c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42
SHA512 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libGLESv2.dll

MD5 7b2ce44ad89a57b1183d36e89fd0357f
SHA1 178f7ed96f5c879b08729acff45bc50cd2ed64c7
SHA256 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701
SHA512 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\D3DCompiler_47.dll

MD5 ab3be0c427c6e405fad496db1545bd61
SHA1 76012f31db8618624bc8b563698b2669365e49cb
SHA256 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
SHA512 d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\debug.log

MD5 780eba0e760835388ce28383807f8505
SHA1 28040b9c69cfd527e5a2ec63701a7e6c777d8149
SHA256 098346dba0efe715c4529768b1a85562989ced6220808c28135eeee12d4c13e7
SHA512 51b212c140077b8f178c31abf6e3fc2d1eb1ed768079c2372777fcea5166d64259b48f9517ab3461f5d39ff499964c04ddb343ebdbc0cbf23e3a1981b799fd8c

C:\Users\Admin\AppData\Local\Temp\5297f945-91a8-4e82-bf1a-9a73ab02874f.tmp.node

MD5 566b70feb8fce14caa4c18c08ce7f5f2
SHA1 f2ebbadcf5914860f0041cae0e0562879d3e8af5
SHA256 66bcc5fb47acb03d1d4e6d37553d80bc087b92e405c4392631d8c5e34d773097
SHA512 35d63d6cd0c1cfe9b58037bc382f84247a762994e2a09eb9e8a2a4c622845c5ada8c7874d3ebc25f3e59faca6f3052897a81394e07e17b71ddc4686e2df9925d

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Preferences

MD5 900285fad35d5c196db1d860d68a7466
SHA1 855c9525d93856a51408d10c06896b0c700b3418
SHA256 a118fa389921f46014264c8ad2ff727f0968e1243f807c0d4eed7983f12e6ad6
SHA512 9a48b5ab6223dc625afd946c8a4f7eacec39b9e118e1db2d6dd670ae57e15a0ace374558ae8cb256c6fd4f7bb7c2c1ea7fcf1a7dc9be4b854aa121dd3c37d283

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Preferences~RFe57a856.TMP

MD5 d11dedf80b85d8d9be3fec6bb292f64b
SHA1 aab8783454819cd66ddf7871e887abdba138aef3
SHA256 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67
SHA512 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State

MD5 71cfff55928da642b385ae2c7a825608
SHA1 5a856e54fcd6f44616746148d216962f23f18a7f
SHA256 12724db5c3079cf4a6cc7f6a0719424f45b701ff852eaaea92f580840cf86ea5
SHA512 ee13b712eb49c881dd02e8392556684e5999d61d73859b833de4b7b3b1a2dc4233dc7293a7ffeb3475f3278e9770f3eae025aa0139b0598d8061ffc052ccbb23

C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State~RFe588b63.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe

MD5 a2e8e6a0a8a8b5cd4f6053a459d746fd
SHA1 3252b68a6e2aea6f0d3ec73a64f4721accabbb3a
SHA256 4c88d959f4594910b0c7e3424a10daa1186765e9da25c20b51c1238fed16823f
SHA512 0017b0869083871365b5497f9c9990003c566f2cdda4e39727f164ccb93935b4ead3218b80f42df28f7f53ea9c858ba4724bf1c44cc503c7113c9cc3b006a294

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll

MD5 2132fad8315a47284cb3ffc75b318b28
SHA1 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a
SHA256 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29
SHA512 f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945

C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll

MD5 dd3a757828c6cc214fac84486f69ba8e
SHA1 5f79beada6f80c903b5d1c04f0eb30e8acd396a2
SHA256 baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c
SHA512 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e