e5859eb1dfa66e5d40908e0fc6901d7c2f5bd84fb6df5a3b432e34576e04cebd

Analysis

max time kernel
147s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
12/09/2024, 02:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Install VALORANT.exe
Size

68.3MB
MD5

7da818565aa08d22e5950cbe28d5c215
SHA1

82e382af13d7f3f8c5bea56faeeea0566883931c
SHA256

e5859eb1dfa66e5d40908e0fc6901d7c2f5bd84fb6df5a3b432e34576e04cebd
SHA512

afa921057b4953b4fbb88c17d7b2c3cb80c59d4bca9e776d590e2693a5af3d6861592d302f9f349e6bc03f3555e77b6f033d17c33143c8dce104f6a8fc80904a
SSDEEP

1572864:sgs99CzSp8d0UNl/Ywrt9E7lzPFUKBBJDIVIbjSp1xe:/6p8dnAthBBJDIVRj

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Install VALORANT.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Install VALORANT.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133705822504428235"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3007475212-2160282277-2943627620-1000\{CCCC80B9-57A9-4EEB-B91A-4059CFC85171}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1692	chrome.exe
1692	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	244	Install VALORANT.exe
Token: SeIncBasePriorityPrivilege	2136	Install VALORANT.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeCreatePagefilePrivilege	1692	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 4072	1692	chrome.exe	81
PID 1692 wrote to memory of 4072	1692	chrome.exe	81
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 4928	1692	chrome.exe	82
PID 1692 wrote to memory of 2888	1692	chrome.exe	83
PID 1692 wrote to memory of 2888	1692	chrome.exe	83
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84
PID 1692 wrote to memory of 2380	1692	chrome.exe	84

C:\Users\Admin\AppData\Local\Temp\Install VALORANT.exe
"C:\Users\Admin\AppData\Local\Temp\Install VALORANT.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:244
- C:\Users\Admin\AppData\Local\Temp\Install VALORANT.exe
  "C:\Users\Admin\AppData\Local\Temp\Install VALORANT.exe" --agent --riotclient-app-port=49766 --riotclient-auth-token=d9nkzpYjpY-n0aKDpM5U1Q --app-root=C:/Users/Admin/AppData/Local/Temp "--data-root=C:/ProgramData/Riot Games/Metadata" "--update-root=C:/ProgramData/Riot Games/Metadata/Install VALORANT/Update" "--log-root=C:/Users/Admin/AppData/Local/Riot Games/Install VALORANT/Logs" "--user-data-root=C:/Users/Admin/AppData/Local/Riot Games/Install VALORANT" --session-id=e6793fe6-9ae8-d749-a83e-95fef30817ca
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:2136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b67ccc40,0x7ff8b67ccc4c,0x7ff8b67ccc58
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,18399601081253508622,129162711072678497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,18399601081253508622,129162711072678497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,18399601081253508622,129162711072678497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2232 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,18399601081253508622,129162711072678497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,18399601081253508622,129162711072678497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4516,i,18399601081253508622,129162711072678497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3576,i,18399601081253508622,129162711072678497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4964,i,18399601081253508622,129162711072678497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5080,i,18399601081253508622,129162711072678497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5076,i,18399601081253508622,129162711072678497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3128 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3428,i,18399601081253508622,129162711072678497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3440 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3372,i,18399601081253508622,129162711072678497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3336,i,18399601081253508622,129162711072678497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5376,i,18399601081253508622,129162711072678497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=212,i,18399601081253508622,129162711072678497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4272 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3508,i,18399601081253508622,129162711072678497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:896

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:612

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3160

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004F0
1⤵
PID:2836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Riot Games\machine.cfg

Filesize
39B

MD5
a82f12491ebac8c657ea212561bf615e

SHA1
5eea3fb20b4383c1e0f1a73ef0af82a6a8886184

SHA256
f4a01c7f7efb2e87bbb46a31ed25214400aaa8cb7219adfa588d87e2e5ebcab3

SHA512
60385c36764020c49d321b25f281dfdfae254c553e023e0c30722b1a6f075a0d89c0d550314c56b6733555299d3d845d01661eda19e40335f48ebd3002cce27f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2a88feb99bc765e4504fdab48e208c30

SHA1
e4e66669c89fd742b321c67c3226ea68ebb6b67d

SHA256
c9766afb1020f60912599ea83a4e48c7caf25cc819261356fbb82ea3a823e5e1

SHA512
d3abaedc8bb47c8597c8d9813c0ef48cac3e97af3dfbde2a745484a0fecfe14ebba4f400926b019f13c40bb0d6d2f7b809dbbd3492d238abdb61f1a654add04b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
e8abc9d47dffe17ed4158d9fb87a08d2

SHA1
378bb88e17b9742202bef6d4a3a8632f1ad52ecf

SHA256
e228fe71d57ac076d17d937ae3d0b8ee5c236515e0a0c6c49d3e303e1f9514b1

SHA512
77260b0d257cb2d459516ada02ea346dda53c320be55695a2416a0a04054ce4e72fd91d27da22d113d0c5522d5e6e484e760b1f77f8c9e69dbd700a6181a16e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f8b296aa77d86b121635be070a18f342

SHA1
f6acb67b613325ff875b9b2aa4f04f2a96dd4c63

SHA256
7ffc0c7a971665b2bcf794e73710c4de4b42f838dd36bedc0dea4a6176289219

SHA512
d8e246ffe624ec4f261bc63c232be8c1668501a37b56f35a5f7b884537f1dfeec63491478deb29811017f77899f9b7cb939bd3bb007858a8a3f521b1bd1cac7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
ca207ca6f785ef8c722aa622d2e6699e

SHA1
5b47d8363610817575e730894be31030a49278e7

SHA256
bcd5c54d933cbe203aa77005e29436f2fc1e3790674542e77c80014b8977aba7

SHA512
739c41751980fc9a9c41879029fab692876d943b9a5fe892dd628ed1d9601caf969770d7072d1672b991e58cdec3fa98450b9d7a5ac04c7a17cbd5081eb4fd17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b268c8cf8b682f868406b34398daa78f

SHA1
0f7ece05ebc307ab5bd5698b5652e75f0e797858

SHA256
f47bbff4e96fa5bf7824229306a87f33c687f44a1043baac72199fb38ceab6c7

SHA512
9350bf26e54156896234e1ab2ec0c08ed4afe0f34e40c335b57f6533432d88e0620eb684a0c2427411f6eb608c975ab7014e4209b067a8ca51d57293e5fe7e7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
aa3d4e642a3a1b0e404799223cf4702a

SHA1
fbebedcfc7e908ed69fd14274d19bdb661fdbd3a

SHA256
9f3d441df241358a55f89e8637252a4e01fd606c0ee7431663ee0c1731e5c33f

SHA512
e46f5c403e9d616ee062558cdcc81f9a2dbdb24a467134770d675e607e7340a64c80eacc5480067d12f6067546cd5c7f86a4926b5fb02b24c61f968c9dbfa251

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
350B

MD5
36613aa6634fe99a8abe92bea5dbeb90

SHA1
35dbd0185d643a91ecdad55cf2ecd53034d3d970

SHA256
189c7986f3b06b81dbc905cea37e27abc73c974ebe3fdf35de26c04e0bbfb7e7

SHA512
42912ac6118c7a6159706cfa5f030d63598d236e806edc87b9f5bc925ef8e484842a711df97efacf146c634a453a15185c70e9b21ff429bbcce8950c276c8bcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\b4db2c47-540f-4cc7-9fcd-c442fd883649.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a31b219f2b4b2046640874daf799ca85

SHA1
7b9e0aee34a4637bb318bec6c1e74659ae575fb8

SHA256
6b2dce4a9aa87ec6ffebdec0de275548d86d0037d32793cd69400eb3dc59379b

SHA512
82c0f9ee19331b20a0404dc1e330ea311201c71617f1692865d5c5029382a2de3d760298b4dd89989b538f2a0d24f499bb9ece36e1ba3111c1016816b874ef9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b7aeca743acfe04e185d5be214a06146

SHA1
3769a932add3878bbf8d70bdb09d56562e8d297f

SHA256
3e5b00dec153a8ae8d02f3aef1f0f891884cc66f58dce49ad1203e56fe7d36d6

SHA512
9e1f99e7c531fc8c6d7b3b4657dc909a151010250c23f9545d33d108f435d0ef3a2b80d515bbb2905e56ee905cc3bbf471d0c6fa60234ad259b5130ce1f87b4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
679b35d9c53e250b3ad41381ee3cae17

SHA1
a5066c4818d97e9b46a4e9d5517eb1d5aac59348

SHA256
56ab3a1977a546a3061f71206f99dee92d6d753175d34bc68b08ebf7a57c018d

SHA512
1a48065498e34b7b188b736d47b17cf56946457485d5a54c919d6c02727a49d3eadee8bbcf1d29c95caae548555b17fd8d7e1a9145774043cbb6a9df2bcc8f28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a4a88c6bc298310d5c664b4fdef384ca

SHA1
de55f6668e4cafc32534e361a94986fde8c7014c

SHA256
f0010788890ac13ec25846bd6a0e01450beee156885d26bd758fc1ccac43a961

SHA512
2995c43d4b3e8ffdee9001709ba2b8074e5afabda5d93b58a3eb4539e2b66c12be7b0b1cfffd6a4c4d7fb2348f5f133230baa03f2d5c3880d2262cb28b2953fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
e347cd9c715762f794adf9326c7b8b07

SHA1
0f82243699f3cdae83ce0e213337f678e08ffac7

SHA256
c303f2c391302ac918a80b7526fb4795a2d78835f546b47e9619f7f5052f2bd7

SHA512
0394b708579ec8091bddbfcf1d85a443626be3310e4f482be978b60f1d30576f902bc28a6854b20b0663850695a989cb0283398ea9d6547b1026f70cf7fc5f18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
209KB

MD5
d3c1b76f2e64d7b34bf66682f8677926

SHA1
fe7840570a2a214b4f111ea461226a55860f8517

SHA256
c5998f306e294b2ce4557659e9f86f191962c8290ea4ceed820ae8675bd1edc6

SHA512
f04ce11dc6f033468c92b9dfefc475a31984b8e9e1eadf95da6f58f43de81c997d9a49d143d77b118c827c0cca1c4ddf07f0e0aff8cd5d88ad96c6fe1572e210

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
209KB

MD5
15124e3f9a7bb32dea104392f62ba636

SHA1
9ebdc198c1ab6b352e6f004e65f6f6de102d6eef

SHA256
5d9f748bfd620bafe491d316b5069837cd0e49c85da811c55c4b843a7a5e2594

SHA512
a3b5f224007f49d4ce4479f9d6b301b4d26ba6466d858fe4f14173ee7ab320b5d134aa125023e0cfeb0cbd02cceae72a71d062c950bb98933fa309b29949b0ec

Download Submit