Analysis Overview
SHA256
2db50e843ecb7e518b6dbf29192158e0b2c3bfacdbe2257be98ad45319bba568
Threat Level: Known bad
The file ValorantLoading0.exe was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Executes dropped EXE
Reads user/profile data of web browsers
Loads dropped DLL
Drops startup file
Checks computer location settings
Unsigned PE
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Enumerates processes with tasklist
Kills process with taskkill
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious behavior: LoadsDriver
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-04-29 16:33
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-04-29 16:33
Reported
2023-04-29 16:36
Platform
win7-20230220-en
Max time kernel
25s
Max time network
161s
Command Line
Signatures
Lumma Stealer
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe | N/A |
Enumerates physical storage devices
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe
"C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5fa9758,0x7fef5fa9768,0x7fef5fa9778
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5fa9758,0x7fef5fa9768,0x7fef5fa9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5fa9758,0x7fef5fa9768,0x7fef5fa9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=1364,i,1929071770762687364,10823359012165618813,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1220 --field-trial-handle=1264,i,9517913687812422292,5433684922195904951,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=1264,i,9517913687812422292,5433684922195904951,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1364,i,1929071770762687364,10823359012165618813,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1364,i,1929071770762687364,10823359012165618813,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2240 --field-trial-handle=1364,i,1929071770762687364,10823359012165618813,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2264 --field-trial-handle=1364,i,1929071770762687364,10823359012165618813,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1208 --field-trial-handle=1252,i,431051597181870794,12755281343275445983,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=1252,i,431051597181870794,12755281343275445983,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=912 --field-trial-handle=1020,i,3379062896062076106,17685055750181938799,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=1196 --field-trial-handle=1020,i,3379062896062076106,17685055750181938799,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1376 --field-trial-handle=1020,i,3379062896062076106,17685055750181938799,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3324 --field-trial-handle=1364,i,1929071770762687364,10823359012165618813,131072 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=912 --field-trial-handle=1020,i,3379062896062076106,17685055750181938799,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1400 --field-trial-handle=1364,i,1929071770762687364,10823359012165618813,131072 /prefetch:2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM chrome.exe /F
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3688 --field-trial-handle=1364,i,1929071770762687364,10823359012165618813,131072 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5fa9758,0x7fef5fa9768,0x7fef5fa9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2292 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2300 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1368 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1368 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3512 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3540 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3796 --field-trial-handle=1356,i,8761816877291921043,15074265940747392726,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.208.110:443 | redirector.gvt1.com | tcp |
| GB | 216.58.208.110:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | r5---sn-5hnednsz.gvt1.com | udp |
| NL | 74.125.8.234:443 | r5---sn-5hnednsz.gvt1.com | udp |
| NL | 74.125.8.234:443 | r5---sn-5hnednsz.gvt1.com | tcp |
| US | 8.8.8.8:53 | bbynetwork.nl | udp |
| US | 8.8.8.8:53 | bbynetwork.nl | udp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 162.159.135.234:443 | discord.gg | tcp |
| US | 162.159.135.234:443 | discord.gg | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.8.8:53 | viewer.bby.gg | udp |
| US | 8.8.8.8:53 | stun.l.google.com | udp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| GB | 51.77.122.237:443 | viewer.bby.gg | tcp |
| US | 74.125.128.127:19302 | stun.l.google.com | udp |
| GB | 51.77.122.237:443 | viewer.bby.gg | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| DE | 172.217.23.206:443 | apis.google.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\nst391C.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nst391C.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\chrome_100_percent.pak
| MD5 | 44a69827d4aa75426f3c577af2f8618e |
| SHA1 | 7bdd115425b05414b64dcdb7d980b92ecd3f15b3 |
| SHA256 | bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b |
| SHA512 | 5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049 |
C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\chrome_200_percent.pak
| MD5 | 9c379fc04a7bf1a853b14834f58c9f4b |
| SHA1 | c105120fd00001c9ebdf2b3b981ecccb02f8eefb |
| SHA256 | b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48 |
| SHA512 | f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13 |
C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\d3dcompiler_47.dll
| MD5 | ab3be0c427c6e405fad496db1545bd61 |
| SHA1 | 76012f31db8618624bc8b563698b2669365e49cb |
| SHA256 | 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6 |
| SHA512 | d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba |
C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\icudtl.dat
| MD5 | cf9421b601645bda331c7136a0a9c3f8 |
| SHA1 | 9950d66df9022f1caa941ab0e9647636f7b7a286 |
| SHA256 | 8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5 |
| SHA512 | bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb |
C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\libEGL.dll
| MD5 | 5c70cc094fc6e108a5689c88f1144a51 |
| SHA1 | 460b668e4301e774b79b182756db25fb0b7c206e |
| SHA256 | c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42 |
| SHA512 | 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7 |
C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\libGLESv2.dll
| MD5 | 7b2ce44ad89a57b1183d36e89fd0357f |
| SHA1 | 178f7ed96f5c879b08729acff45bc50cd2ed64c7 |
| SHA256 | 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701 |
| SHA512 | 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41 |
C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\snapshot_blob.bin
| MD5 | c2cf86c9046343131080edf914f69eba |
| SHA1 | 10bb7f1a96fdbcd4d5cd7a0ec2477f3c0354eed7 |
| SHA256 | 7209863f22740b465301ce82919a042df5dbb7a7c50828643c9cd2e1e8802496 |
| SHA512 | d78ffcdcc9ca77c1405f3e98ba5b5b7a56c39bd06d923f39a4df9e56aba3af8afd1ebd8f09a85b5f2c71c9c2e5843d9e724ca3475693966dcfab1c7703c6c06d |
C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 60beed67e605fdbe79d2735f59113a93 |
| SHA1 | 6cd5625c6dfb8a16b619490890e38c6da902b43e |
| SHA256 | ffc7423ee2a75a420118465181e9307c6b7b2df5e40d7e4018dec07a9c6bab11 |
| SHA512 | 1f4bff04464fab0c149344529903aa805c7c03b7f8c21b5f959c7c7ff11802d07079e069d3b8e8a63f409a4541b3aac4b695c535228c4a89b15c8033567d645f |
C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\vulkan-1.dll
| MD5 | bb7496239e0f1b44c935df3954c3fc42 |
| SHA1 | d063da60766682cf40b690bc03094e5c7ebd8669 |
| SHA256 | e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c |
| SHA512 | 7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324 |
C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\vk_swiftshader.dll
| MD5 | dd3a757828c6cc214fac84486f69ba8e |
| SHA1 | 5f79beada6f80c903b5d1c04f0eb30e8acd396a2 |
| SHA256 | baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c |
| SHA512 | 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e |
C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\7z-out\resources\app.asar
| MD5 | da5450df07fb87578c50f8eaa285c061 |
| SHA1 | 449fbd7d4d1bede8e332d23680356c288dc67b29 |
| SHA256 | 40e5407156eaf70e89d953f39314196c9f0a909ad64a3e511812f2358c697089 |
| SHA512 | cb035593dbf7766e0afe8494493069c89c9bd1587124b17449ead9085d0bdefcc069dadd47296fa46f3918f2edfa114e8eac7ad4d7b54c25ef01b08a27bc894e |
C:\Users\Admin\AppData\Local\Temp\nst391C.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
\Users\Admin\AppData\Local\Temp\nst391C.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | a0dac56ef957c4491da5fb8d2b826207 |
| SHA1 | e3b5d8347ef3defa52e46771c55db81008c3e65c |
| SHA256 | bb2d076c1dde53073887c6d5610bedd7f42cb9f38968b4c160ffe4f393193df2 |
| SHA512 | 2ebd27eede9a8528c87dcf23570bf7b15fe4b5ef4cd34a6e79a455aad99a3e00715916d8846de2a5abd3fff26b3016fbd51cd74f04b5e6c7650505c7c27e03b2 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\v8_context_snapshot.bin
| MD5 | 60beed67e605fdbe79d2735f59113a93 |
| SHA1 | 6cd5625c6dfb8a16b619490890e38c6da902b43e |
| SHA256 | ffc7423ee2a75a420118465181e9307c6b7b2df5e40d7e4018dec07a9c6bab11 |
| SHA512 | 1f4bff04464fab0c149344529903aa805c7c03b7f8c21b5f959c7c7ff11802d07079e069d3b8e8a63f409a4541b3aac4b695c535228c4a89b15c8033567d645f |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\icudtl.dat
| MD5 | cf9421b601645bda331c7136a0a9c3f8 |
| SHA1 | 9950d66df9022f1caa941ab0e9647636f7b7a286 |
| SHA256 | 8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5 |
| SHA512 | bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | f732dbed9289177d15e236d0f8f2ddd3 |
| SHA1 | 53f822af51b014bc3d4b575865d9c3ef0e4debde |
| SHA256 | 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93 |
| SHA512 | b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | a0dac56ef957c4491da5fb8d2b826207 |
| SHA1 | e3b5d8347ef3defa52e46771c55db81008c3e65c |
| SHA256 | bb2d076c1dde53073887c6d5610bedd7f42cb9f38968b4c160ffe4f393193df2 |
| SHA512 | 2ebd27eede9a8528c87dcf23570bf7b15fe4b5ef4cd34a6e79a455aad99a3e00715916d8846de2a5abd3fff26b3016fbd51cd74f04b5e6c7650505c7c27e03b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 16b7586b9eba5296ea04b791fc3d675e |
| SHA1 | 8890767dd7eb4d1beab829324ba8b9599051f0b0 |
| SHA256 | 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680 |
| SHA512 | 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar
| MD5 | da5450df07fb87578c50f8eaa285c061 |
| SHA1 | 449fbd7d4d1bede8e332d23680356c288dc67b29 |
| SHA256 | 40e5407156eaf70e89d953f39314196c9f0a909ad64a3e511812f2358c697089 |
| SHA512 | cb035593dbf7766e0afe8494493069c89c9bd1587124b17449ead9085d0bdefcc069dadd47296fa46f3918f2edfa114e8eac7ad4d7b54c25ef01b08a27bc894e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | a0dac56ef957c4491da5fb8d2b826207 |
| SHA1 | e3b5d8347ef3defa52e46771c55db81008c3e65c |
| SHA256 | bb2d076c1dde53073887c6d5610bedd7f42cb9f38968b4c160ffe4f393193df2 |
| SHA512 | 2ebd27eede9a8528c87dcf23570bf7b15fe4b5ef4cd34a6e79a455aad99a3e00715916d8846de2a5abd3fff26b3016fbd51cd74f04b5e6c7650505c7c27e03b2 |
\??\pipe\crashpad_872_EBREADOEZYXOGULE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\Users\Admin\AppData\Local\Temp\14446c6f-0580-43d5-b2d3-50decf8f930b.tmp.node
| MD5 | aa7eb1ed50471e76e52494e9ecf56e88 |
| SHA1 | b5cdfc7ca8fdfae7be282852d206966dcb88700d |
| SHA256 | 1544875269095605b5ef42195f86e785972cb6bef187a39fc388f46b6beb2ba2 |
| SHA512 | 37b5714542b4cafc88646e535f8b55b5a0d0afeb5aa4c39624494d37727c9763f903a24c7844c03736aabede062f226bd90e8c99edfd657742a9f61379d5ecff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | a0dac56ef957c4491da5fb8d2b826207 |
| SHA1 | e3b5d8347ef3defa52e46771c55db81008c3e65c |
| SHA256 | bb2d076c1dde53073887c6d5610bedd7f42cb9f38968b4c160ffe4f393193df2 |
| SHA512 | 2ebd27eede9a8528c87dcf23570bf7b15fe4b5ef4cd34a6e79a455aad99a3e00715916d8846de2a5abd3fff26b3016fbd51cd74f04b5e6c7650505c7c27e03b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | a0dac56ef957c4491da5fb8d2b826207 |
| SHA1 | e3b5d8347ef3defa52e46771c55db81008c3e65c |
| SHA256 | bb2d076c1dde53073887c6d5610bedd7f42cb9f38968b4c160ffe4f393193df2 |
| SHA512 | 2ebd27eede9a8528c87dcf23570bf7b15fe4b5ef4cd34a6e79a455aad99a3e00715916d8846de2a5abd3fff26b3016fbd51cd74f04b5e6c7650505c7c27e03b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | a0dac56ef957c4491da5fb8d2b826207 |
| SHA1 | e3b5d8347ef3defa52e46771c55db81008c3e65c |
| SHA256 | bb2d076c1dde53073887c6d5610bedd7f42cb9f38968b4c160ffe4f393193df2 |
| SHA512 | 2ebd27eede9a8528c87dcf23570bf7b15fe4b5ef4cd34a6e79a455aad99a3e00715916d8846de2a5abd3fff26b3016fbd51cd74f04b5e6c7650505c7c27e03b2 |
\??\pipe\crashpad_1240_OHTIKFTBUSLTPHOU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\chrome_200_percent.pak
| MD5 | 9c379fc04a7bf1a853b14834f58c9f4b |
| SHA1 | c105120fd00001c9ebdf2b3b981ecccb02f8eefb |
| SHA256 | b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48 |
| SHA512 | f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\chrome_100_percent.pak
| MD5 | 44a69827d4aa75426f3c577af2f8618e |
| SHA1 | 7bdd115425b05414b64dcdb7d980b92ecd3f15b3 |
| SHA256 | bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b |
| SHA512 | 5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | a0dac56ef957c4491da5fb8d2b826207 |
| SHA1 | e3b5d8347ef3defa52e46771c55db81008c3e65c |
| SHA256 | bb2d076c1dde53073887c6d5610bedd7f42cb9f38968b4c160ffe4f393193df2 |
| SHA512 | 2ebd27eede9a8528c87dcf23570bf7b15fe4b5ef4cd34a6e79a455aad99a3e00715916d8846de2a5abd3fff26b3016fbd51cd74f04b5e6c7650505c7c27e03b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | a0dac56ef957c4491da5fb8d2b826207 |
| SHA1 | e3b5d8347ef3defa52e46771c55db81008c3e65c |
| SHA256 | bb2d076c1dde53073887c6d5610bedd7f42cb9f38968b4c160ffe4f393193df2 |
| SHA512 | 2ebd27eede9a8528c87dcf23570bf7b15fe4b5ef4cd34a6e79a455aad99a3e00715916d8846de2a5abd3fff26b3016fbd51cd74f04b5e6c7650505c7c27e03b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 8549c255650427d618ef18b14dfd2b56 |
| SHA1 | 8272585186777b344db3960df62b00f570d247f6 |
| SHA256 | 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13 |
| SHA512 | e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
\??\pipe\crashpad_1612_LFVVCXIATAMDQDYP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000004.dbtmp
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7e59820af6b739052921594066b12beb |
| SHA1 | 9dfb54104f16f865d527fa10bed790940458a410 |
| SHA256 | 1aeaa593d6ef0259011dfe8cb9f4e600ccb6eab4c439dd264766d8d685e259f6 |
| SHA512 | 35cdfb98407e070369b90fc7adb980176660e774e64a3f5e92320af27fa33d9c47d0389d03d87fea8400328a86db5ff6ce3fe14690b40804a8814d6887dc3372 |
memory/2668-266-0x00000000004E0000-0x00000000004E1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c5719486-6c47-4dd1-8876-9f5ab25bf3ea.tmp
| MD5 | 7e59820af6b739052921594066b12beb |
| SHA1 | 9dfb54104f16f865d527fa10bed790940458a410 |
| SHA256 | 1aeaa593d6ef0259011dfe8cb9f4e600ccb6eab4c439dd264766d8d685e259f6 |
| SHA512 | 35cdfb98407e070369b90fc7adb980176660e774e64a3f5e92320af27fa33d9c47d0389d03d87fea8400328a86db5ff6ce3fe14690b40804a8814d6887dc3372 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d982a4c6-0a57-4fec-b98c-35e3fbac4745.tmp
| MD5 | 6bd1f2beb6ed0499bc9c38c81c9a8780 |
| SHA1 | 8a9a8cd7cfee8016d6bcf2c90b8f90d16a516264 |
| SHA256 | 925947d52d90e5a2fa24b8f57f376d3f9d687938590594de0562b828abaf7ae3 |
| SHA512 | 612027853a735c892dd6c29581cff156b8e0a6bda285b25bfe959e35f677ce1fc5582a4e0184c7fdc085d28e216940614074f9153dcc2ed8ae974600c2f00c85 |
memory/1572-299-0x0000000000920000-0x0000000000921000-memory.dmp
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Local Storage\leveldb\CURRENT~RF6cba6a.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6bd1f2beb6ed0499bc9c38c81c9a8780 |
| SHA1 | 8a9a8cd7cfee8016d6bcf2c90b8f90d16a516264 |
| SHA256 | 925947d52d90e5a2fa24b8f57f376d3f9d687938590594de0562b828abaf7ae3 |
| SHA512 | 612027853a735c892dd6c29581cff156b8e0a6bda285b25bfe959e35f677ce1fc5582a4e0184c7fdc085d28e216940614074f9153dcc2ed8ae974600c2f00c85 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\debug.log
| MD5 | 38637e76d3c6e34a0475130619344ad5 |
| SHA1 | 4a311e7a5e2c83f62f5bb46ac086dd5fdde99025 |
| SHA256 | 24366dc60966247eb48a2e5bb32fa509e878b39e76a25bc669957725672138b5 |
| SHA512 | 40d4fc5fc32693da2384d4e137b18af8274810531b8523e1356505d4b8469b19ff8654e88e2b3b1d211e0aadf0a4c6ddd9ff671051599c55af3cbb9daf0be4e9 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\D3DCompiler_47.dll
| MD5 | ab3be0c427c6e405fad496db1545bd61 |
| SHA1 | 76012f31db8618624bc8b563698b2669365e49cb |
| SHA256 | 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6 |
| SHA512 | d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libEGL.dll
| MD5 | 5c70cc094fc6e108a5689c88f1144a51 |
| SHA1 | 460b668e4301e774b79b182756db25fb0b7c206e |
| SHA256 | c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42 |
| SHA512 | 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libegl.dll
| MD5 | 5c70cc094fc6e108a5689c88f1144a51 |
| SHA1 | 460b668e4301e774b79b182756db25fb0b7c206e |
| SHA256 | c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42 |
| SHA512 | 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7 |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libGLESv2.dll
| MD5 | 7b2ce44ad89a57b1183d36e89fd0357f |
| SHA1 | 178f7ed96f5c879b08729acff45bc50cd2ed64c7 |
| SHA256 | 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701 |
| SHA512 | 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libglesv2.dll
| MD5 | 7b2ce44ad89a57b1183d36e89fd0357f |
| SHA1 | 178f7ed96f5c879b08729acff45bc50cd2ed64c7 |
| SHA256 | 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701 |
| SHA512 | 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41 |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\d3dcompiler_47.dll
| MD5 | ab3be0c427c6e405fad496db1545bd61 |
| SHA1 | 76012f31db8618624bc8b563698b2669365e49cb |
| SHA256 | 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6 |
| SHA512 | d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\DawnCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\DawnCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\DawnCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll
| MD5 | dd3a757828c6cc214fac84486f69ba8e |
| SHA1 | 5f79beada6f80c903b5d1c04f0eb30e8acd396a2 |
| SHA256 | baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c |
| SHA512 | 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll
| MD5 | dd3a757828c6cc214fac84486f69ba8e |
| SHA1 | 5f79beada6f80c903b5d1c04f0eb30e8acd396a2 |
| SHA256 | baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c |
| SHA512 | 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll
| MD5 | dd3a757828c6cc214fac84486f69ba8e |
| SHA1 | 5f79beada6f80c903b5d1c04f0eb30e8acd396a2 |
| SHA256 | baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c |
| SHA512 | 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll
| MD5 | dd3a757828c6cc214fac84486f69ba8e |
| SHA1 | 5f79beada6f80c903b5d1c04f0eb30e8acd396a2 |
| SHA256 | baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c |
| SHA512 | 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll
| MD5 | dd3a757828c6cc214fac84486f69ba8e |
| SHA1 | 5f79beada6f80c903b5d1c04f0eb30e8acd396a2 |
| SHA256 | baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c |
| SHA512 | 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vulkan-1.dll
| MD5 | bb7496239e0f1b44c935df3954c3fc42 |
| SHA1 | d063da60766682cf40b690bc03094e5c7ebd8669 |
| SHA256 | e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c |
| SHA512 | 7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vulkan-1.dll
| MD5 | bb7496239e0f1b44c935df3954c3fc42 |
| SHA1 | d063da60766682cf40b690bc03094e5c7ebd8669 |
| SHA256 | e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c |
| SHA512 | 7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324 |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libEGL.dll
| MD5 | 5c70cc094fc6e108a5689c88f1144a51 |
| SHA1 | 460b668e4301e774b79b182756db25fb0b7c206e |
| SHA256 | c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42 |
| SHA512 | 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7 |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libGLESv2.dll
| MD5 | 7b2ce44ad89a57b1183d36e89fd0357f |
| SHA1 | 178f7ed96f5c879b08729acff45bc50cd2ed64c7 |
| SHA256 | 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701 |
| SHA512 | 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41 |
\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\d3dcompiler_47.dll
| MD5 | ab3be0c427c6e405fad496db1545bd61 |
| SHA1 | 76012f31db8618624bc8b563698b2669365e49cb |
| SHA256 | 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6 |
| SHA512 | d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\81a23900-b2fc-4ae1-b22d-fb699e2859c4.tmp
| MD5 | 5d6181809f130d6c396f5a2be8066480 |
| SHA1 | bbc7521d0fab2a05821dae0433b9cb99e3f4abcc |
| SHA256 | c961c2d3d0ee7449491d7fd5da3bb7c0ccc8371c5909553d154bdf4e5e0b486a |
| SHA512 | 8c2d8157f448006f064245959e1f25898291a686d14ae80d7fcc628084bd0c53b8314dd0c4c21eb31c4b48f4257a8fd27dbb92e601181c4fa86eb3a1d9d91f7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | fd2b88f2cd0d96cc5fc2544eca2270fc |
| SHA1 | ecac32977997d40290d1f8430cb882a481f180fd |
| SHA256 | 8bd1894b27273ffb811e167f2a0f432d1d8ba8eaf919c3fb30e57d4cfd818aea |
| SHA512 | 3701db5e90a954695ca47512aac34c850f90bfa15e0888811fd7479bcdd2660da47272aabb4484d1bce8e5d1a87a131638d0bdd163f1d63200e32edc859bdf92 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c42e758abeffb3ffac772eb3ed0bbdb1 |
| SHA1 | a2ac67384539cae9effebcbe4186599f4e24eb74 |
| SHA256 | c373d8f50242db922e9c1fb4798a0f10fe7bbc70c2ac4c4460075a7110a6f99d |
| SHA512 | 61ddb4618a961572aedc2a8e4de35a75a1811bc9f807ab2019c73d6e9716fb189a80a9bfc4833acaf362f5a7b143f942c63f8509405b58e8486fa4e2ef73b036 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-04-29 16:33
Reported
2023-04-29 16:36
Platform
win10v2004-20230220-en
Max time kernel
151s
Max time network
155s
Command Line
Signatures
Lumma Stealer
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe | C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Enumerates physical storage devices
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe
"C:\Users\Admin\AppData\Local\Temp\ValorantLoading0.exe"
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1704,i,12366711285107873264,14070169583911649435,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --mojo-platform-channel-handle=2052 --field-trial-handle=1704,i,12366711285107873264,14070169583911649435,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --app-path="C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2492 --field-trial-handle=1704,i,12366711285107873264,14070169583911649435,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
"C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1704,i,12366711285107873264,14070169583911649435,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 152.199.43.83:443 | tcp | |
| US | 152.199.43.83:443 | tcp | |
| US | 117.18.232.102:443 | tcp | |
| US | 52.109.13.64:443 | tcp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 93.184.220.29:80 | tcp | |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 40.125.122.151:443 | tcp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 173.223.113.164:443 | tcp | |
| NL | 173.223.113.131:80 | tcp | |
| US | 204.79.197.203:80 | tcp | |
| US | 20.42.65.85:443 | tcp | |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 93.184.220.29:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| NL | 173.223.113.131:80 | tcp | |
| US | 8.8.8.8:53 | bbynetwork.nl | udp |
| US | 8.8.8.8:53 | 44.8.109.52.in-addr.arpa | udp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 104.21.60.146:443 | bbynetwork.nl | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 74.125.128.127:19302 | udp | |
| GB | 51.77.122.237:443 | tcp | |
| GB | 51.77.122.237:443 | tcp | |
| US | 8.8.8.8:53 | 146.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.128.125.74.in-addr.arpa | udp |
| NL | 142.250.179.141:443 | tcp | |
| NL | 142.250.179.131:443 | tcp | |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| NL | 142.251.36.14:443 | tcp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.130.255.8.in-addr.arpa | udp |
| US | 104.244.42.133:443 | tcp | |
| US | 104.244.42.1:443 | tcp | |
| US | 104.244.42.194:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\chrome_100_percent.pak
| MD5 | 44a69827d4aa75426f3c577af2f8618e |
| SHA1 | 7bdd115425b05414b64dcdb7d980b92ecd3f15b3 |
| SHA256 | bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b |
| SHA512 | 5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049 |
C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\chrome_200_percent.pak
| MD5 | 9c379fc04a7bf1a853b14834f58c9f4b |
| SHA1 | c105120fd00001c9ebdf2b3b981ecccb02f8eefb |
| SHA256 | b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48 |
| SHA512 | f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13 |
C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\d3dcompiler_47.dll
| MD5 | ab3be0c427c6e405fad496db1545bd61 |
| SHA1 | 76012f31db8618624bc8b563698b2669365e49cb |
| SHA256 | 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6 |
| SHA512 | d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba |
C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 60beed67e605fdbe79d2735f59113a93 |
| SHA1 | 6cd5625c6dfb8a16b619490890e38c6da902b43e |
| SHA256 | ffc7423ee2a75a420118465181e9307c6b7b2df5e40d7e4018dec07a9c6bab11 |
| SHA512 | 1f4bff04464fab0c149344529903aa805c7c03b7f8c21b5f959c7c7ff11802d07079e069d3b8e8a63f409a4541b3aac4b695c535228c4a89b15c8033567d645f |
C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\snapshot_blob.bin
| MD5 | c2cf86c9046343131080edf914f69eba |
| SHA1 | 10bb7f1a96fdbcd4d5cd7a0ec2477f3c0354eed7 |
| SHA256 | 7209863f22740b465301ce82919a042df5dbb7a7c50828643c9cd2e1e8802496 |
| SHA512 | d78ffcdcc9ca77c1405f3e98ba5b5b7a56c39bd06d923f39a4df9e56aba3af8afd1ebd8f09a85b5f2c71c9c2e5843d9e724ca3475693966dcfab1c7703c6c06d |
C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\libGLESv2.dll
| MD5 | 7b2ce44ad89a57b1183d36e89fd0357f |
| SHA1 | 178f7ed96f5c879b08729acff45bc50cd2ed64c7 |
| SHA256 | 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701 |
| SHA512 | 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41 |
C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\libEGL.dll
| MD5 | 5c70cc094fc6e108a5689c88f1144a51 |
| SHA1 | 460b668e4301e774b79b182756db25fb0b7c206e |
| SHA256 | c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42 |
| SHA512 | 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7 |
C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\icudtl.dat
| MD5 | cf9421b601645bda331c7136a0a9c3f8 |
| SHA1 | 9950d66df9022f1caa941ab0e9647636f7b7a286 |
| SHA256 | 8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5 |
| SHA512 | bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb |
C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\vulkan-1.dll
| MD5 | bb7496239e0f1b44c935df3954c3fc42 |
| SHA1 | d063da60766682cf40b690bc03094e5c7ebd8669 |
| SHA256 | e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c |
| SHA512 | 7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324 |
C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\vk_swiftshader.dll
| MD5 | dd3a757828c6cc214fac84486f69ba8e |
| SHA1 | 5f79beada6f80c903b5d1c04f0eb30e8acd396a2 |
| SHA256 | baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c |
| SHA512 | 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e |
C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\resources\app.asar
| MD5 | da5450df07fb87578c50f8eaa285c061 |
| SHA1 | 449fbd7d4d1bede8e332d23680356c288dc67b29 |
| SHA256 | 40e5407156eaf70e89d953f39314196c9f0a909ad64a3e511812f2358c697089 |
| SHA512 | cb035593dbf7766e0afe8494493069c89c9bd1587124b17449ead9085d0bdefcc069dadd47296fa46f3918f2edfa114e8eac7ad4d7b54c25ef01b08a27bc894e |
C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsp7AB4.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\v8_context_snapshot.bin
| MD5 | 60beed67e605fdbe79d2735f59113a93 |
| SHA1 | 6cd5625c6dfb8a16b619490890e38c6da902b43e |
| SHA256 | ffc7423ee2a75a420118465181e9307c6b7b2df5e40d7e4018dec07a9c6bab11 |
| SHA512 | 1f4bff04464fab0c149344529903aa805c7c03b7f8c21b5f959c7c7ff11802d07079e069d3b8e8a63f409a4541b3aac4b695c535228c4a89b15c8033567d645f |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\icudtl.dat
| MD5 | cf9421b601645bda331c7136a0a9c3f8 |
| SHA1 | 9950d66df9022f1caa941ab0e9647636f7b7a286 |
| SHA256 | 8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5 |
| SHA512 | bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\resources\app.asar
| MD5 | da5450df07fb87578c50f8eaa285c061 |
| SHA1 | 449fbd7d4d1bede8e332d23680356c288dc67b29 |
| SHA256 | 40e5407156eaf70e89d953f39314196c9f0a909ad64a3e511812f2358c697089 |
| SHA512 | cb035593dbf7766e0afe8494493069c89c9bd1587124b17449ead9085d0bdefcc069dadd47296fa46f3918f2edfa114e8eac7ad4d7b54c25ef01b08a27bc894e |
C:\Users\Admin\AppData\Local\Temp\b47109e8-94c0-4669-9580-4b23d131cf1c.tmp.node
| MD5 | aa7eb1ed50471e76e52494e9ecf56e88 |
| SHA1 | b5cdfc7ca8fdfae7be282852d206966dcb88700d |
| SHA256 | 1544875269095605b5ef42195f86e785972cb6bef187a39fc388f46b6beb2ba2 |
| SHA512 | 37b5714542b4cafc88646e535f8b55b5a0d0afeb5aa4c39624494d37727c9763f903a24c7844c03736aabede062f226bd90e8c99edfd657742a9f61379d5ecff |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\chrome_200_percent.pak
| MD5 | 9c379fc04a7bf1a853b14834f58c9f4b |
| SHA1 | c105120fd00001c9ebdf2b3b981ecccb02f8eefb |
| SHA256 | b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48 |
| SHA512 | f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\chrome_100_percent.pak
| MD5 | 44a69827d4aa75426f3c577af2f8618e |
| SHA1 | 7bdd115425b05414b64dcdb7d980b92ecd3f15b3 |
| SHA256 | bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b |
| SHA512 | 5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\d3dcompiler_47.dll
| MD5 | ab3be0c427c6e405fad496db1545bd61 |
| SHA1 | 76012f31db8618624bc8b563698b2669365e49cb |
| SHA256 | 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6 |
| SHA512 | d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libglesv2.dll
| MD5 | 7b2ce44ad89a57b1183d36e89fd0357f |
| SHA1 | 178f7ed96f5c879b08729acff45bc50cd2ed64c7 |
| SHA256 | 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701 |
| SHA512 | 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll
| MD5 | dd3a757828c6cc214fac84486f69ba8e |
| SHA1 | 5f79beada6f80c903b5d1c04f0eb30e8acd396a2 |
| SHA256 | baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c |
| SHA512 | 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | eddf449b4cb68943b945cd402552da0a |
| SHA1 | 7e158b5db7261b7c55d32f7da8c9ae381b16de59 |
| SHA256 | cfa4bf7177f97325c0147721b41d9a946905a774849f3778bcb62d0b7bd9d13a |
| SHA512 | 33d15a92795e671864b7fa4ceb2dfeef5d129aba62b3e968e6cb13c518a0a2a13b48f7504ffde5aad0298ee047dec20abc4135b20ae05d7476eea7777778ecc7 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll
| MD5 | dd3a757828c6cc214fac84486f69ba8e |
| SHA1 | 5f79beada6f80c903b5d1c04f0eb30e8acd396a2 |
| SHA256 | baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c |
| SHA512 | 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vulkan-1.dll
| MD5 | bb7496239e0f1b44c935df3954c3fc42 |
| SHA1 | d063da60766682cf40b690bc03094e5c7ebd8669 |
| SHA256 | e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c |
| SHA512 | 7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vulkan-1.dll
| MD5 | bb7496239e0f1b44c935df3954c3fc42 |
| SHA1 | d063da60766682cf40b690bc03094e5c7ebd8669 |
| SHA256 | e125930a96f0bcb36287932ceb3676d44e5c5e6a9e8ab6ca6ca60faa833f3d9c |
| SHA512 | 7b8fecee987d1f551f1d66446348c62601784977ccdca302f5173f049972271f341ec05a0de6c1eee4f2e8cb761538dd7cea03d1364920a5b1dddf02a397a324 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libEGL.dll
| MD5 | 5c70cc094fc6e108a5689c88f1144a51 |
| SHA1 | 460b668e4301e774b79b182756db25fb0b7c206e |
| SHA256 | c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42 |
| SHA512 | 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libegl.dll
| MD5 | 5c70cc094fc6e108a5689c88f1144a51 |
| SHA1 | 460b668e4301e774b79b182756db25fb0b7c206e |
| SHA256 | c99a051b9d73bc638d593561ea7ed499db689420b51d5945a618579a26cb0b42 |
| SHA512 | 3943bb1bbbe683a4d2a43609d78dec9b70b58f542f88aa783080732201650b38bd0a3e6936439cfadc211c51512da9680999d6e4f7deb077096988b6878124e7 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\libGLESv2.dll
| MD5 | 7b2ce44ad89a57b1183d36e89fd0357f |
| SHA1 | 178f7ed96f5c879b08729acff45bc50cd2ed64c7 |
| SHA256 | 9072dc08a094f4669e50ac1d062e1e0ee53714eec67a2e7fc0dd2de832239701 |
| SHA512 | 9d2909023d60564c8ab65cb1668e52b715c37df22bef480e5efa3218b1fad8777acaeae7a17b385e2dda2f3dc0e051ec157ec73b56cef1aff2b8a2281ef7ba41 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\D3DCompiler_47.dll
| MD5 | ab3be0c427c6e405fad496db1545bd61 |
| SHA1 | 76012f31db8618624bc8b563698b2669365e49cb |
| SHA256 | 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6 |
| SHA512 | d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\debug.log
| MD5 | 780eba0e760835388ce28383807f8505 |
| SHA1 | 28040b9c69cfd527e5a2ec63701a7e6c777d8149 |
| SHA256 | 098346dba0efe715c4529768b1a85562989ced6220808c28135eeee12d4c13e7 |
| SHA512 | 51b212c140077b8f178c31abf6e3fc2d1eb1ed768079c2372777fcea5166d64259b48f9517ab3461f5d39ff499964c04ddb343ebdbc0cbf23e3a1981b799fd8c |
C:\Users\Admin\AppData\Local\Temp\5297f945-91a8-4e82-bf1a-9a73ab02874f.tmp.node
| MD5 | 566b70feb8fce14caa4c18c08ce7f5f2 |
| SHA1 | f2ebbadcf5914860f0041cae0e0562879d3e8af5 |
| SHA256 | 66bcc5fb47acb03d1d4e6d37553d80bc087b92e405c4392631d8c5e34d773097 |
| SHA512 | 35d63d6cd0c1cfe9b58037bc382f84247a762994e2a09eb9e8a2a4c622845c5ada8c7874d3ebc25f3e59faca6f3052897a81394e07e17b71ddc4686e2df9925d |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Preferences
| MD5 | 900285fad35d5c196db1d860d68a7466 |
| SHA1 | 855c9525d93856a51408d10c06896b0c700b3418 |
| SHA256 | a118fa389921f46014264c8ad2ff727f0968e1243f807c0d4eed7983f12e6ad6 |
| SHA512 | 9a48b5ab6223dc625afd946c8a4f7eacec39b9e118e1db2d6dd670ae57e15a0ace374558ae8cb256c6fd4f7bb7c2c1ea7fcf1a7dc9be4b854aa121dd3c37d283 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Preferences~RFe57a856.TMP
| MD5 | d11dedf80b85d8d9be3fec6bb292f64b |
| SHA1 | aab8783454819cd66ddf7871e887abdba138aef3 |
| SHA256 | 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67 |
| SHA512 | 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State
| MD5 | 71cfff55928da642b385ae2c7a825608 |
| SHA1 | 5a856e54fcd6f44616746148d216962f23f18a7f |
| SHA256 | 12724db5c3079cf4a6cc7f6a0719424f45b701ff852eaaea92f580840cf86ea5 |
| SHA512 | ee13b712eb49c881dd02e8392556684e5999d61d73859b833de4b7b3b1a2dc4233dc7293a7ffeb3475f3278e9770f3eae025aa0139b0598d8061ffc052ccbb23 |
C:\Users\Admin\AppData\Roaming\xxxxxxxxxxxxxxxx\Network\Network Persistent State~RFe588b63.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ValorantLoading0%.exe
| MD5 | a2e8e6a0a8a8b5cd4f6053a459d746fd |
| SHA1 | 3252b68a6e2aea6f0d3ec73a64f4721accabbb3a |
| SHA256 | 4c88d959f4594910b0c7e3424a10daa1186765e9da25c20b51c1238fed16823f |
| SHA512 | 0017b0869083871365b5497f9c9990003c566f2cdda4e39727f164ccb93935b4ead3218b80f42df28f7f53ea9c858ba4724bf1c44cc503c7113c9cc3b006a294 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\ffmpeg.dll
| MD5 | 2132fad8315a47284cb3ffc75b318b28 |
| SHA1 | 1f41e3b2dbb2dd2f59f3a278bdae715c15a5948a |
| SHA256 | 5923c9159b33f5645741afef4550a7c3a57283cb6c22b95b677c8d4799d3db29 |
| SHA512 | f5eeabda49d1938a24a5c8859ca2707368ce874bcee57c658d8b1013572b92687de92159df6b3db0f19e46ae9809873103beba50233b2925ef6ae76855011945 |
C:\Users\Admin\AppData\Local\Temp\2OIDCWpUM44eIF3n6HMYG8tBkzz\vk_swiftshader.dll
| MD5 | dd3a757828c6cc214fac84486f69ba8e |
| SHA1 | 5f79beada6f80c903b5d1c04f0eb30e8acd396a2 |
| SHA256 | baf14a4d3a28ac7ceab2a750a49bbc5d3259856c16ee160a444b92b8de908e9c |
| SHA512 | 9d4943c76f828bb61162517acc50cb34cb181f155e8ddcaa293f493354789fa3ace21eabca833d407aa0c83b89fa7661cb6739f147c3002972d1db364ab4828e |