cdd1c45b13f7b59558919f2087737b1aeb7f74cddfd689926fffa405ca0961ac

Analysis

max time kernel
126s
max time network
131s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/01/2023, 03:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Install VALORANT.exe
Size

66.0MB
MD5

70d1d4812e3db6bbffc68bf10ad804b5
SHA1

624f3cb87e84b3ff40160803abe5dd0eb1a61378
SHA256

cdd1c45b13f7b59558919f2087737b1aeb7f74cddfd689926fffa405ca0961ac
SHA512

d18ddb0288c121d17617ca77ece5ea62b2353c469fdc746b0e028ca810353e3689c06ce786cc7cb958a085b95b81d7bf945c6425cf4bc26afac8491d25f1d6c1
SSDEEP

1572864:MuK0ySSp8K0UNl/Ywrt9E7lzPF5KBBhDIVIbjUp1xD:BEp8KnAtqBBhDIVNj

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 8 IoCs

pid	Process
1968	RiotClientServices.exe
904	RiotClientServices.exe
1768	RiotClientServices.exe
1184	RiotClientCrashHandler.exe
1760	RiotClientUx.exe
960	RiotClientCrashHandler.exe
1544	RiotClientServices.exe
1632	RiotClientUx.exe

Loads dropped DLL 19 IoCs

pid	Process
1616	Install VALORANT.exe
956	WerFault.exe
956	WerFault.exe
956	WerFault.exe
956	WerFault.exe
956	WerFault.exe
956	WerFault.exe
956	WerFault.exe
904	RiotClientServices.exe
904	RiotClientServices.exe
904	RiotClientServices.exe
904	RiotClientServices.exe
904	RiotClientServices.exe
1760	RiotClientUx.exe
1760	RiotClientUx.exe
1760	RiotClientUx.exe
1632	RiotClientUx.exe
1632	RiotClientUx.exe
1632	RiotClientUx.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
956	1768	WerFault.exe	33

Modifies registry class 9 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient\URL Protocol	Install VALORANT.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient	Install VALORANT.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient\ = "URL:Riot Games Protocol"	Install VALORANT.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient\shell\open\command	Install VALORANT.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient\shell	Install VALORANT.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient\shell\open	Install VALORANT.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient\shell\open\command\ = "\"C:\\Riot Games\\Riot Client\\RiotClientServices.exe\" --app-command=\"%1\""	Install VALORANT.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient\DefaultIcon	Install VALORANT.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient\DefaultIcon\ = "\"C:\\Riot Games\\Riot Client\\RiotClientServices.exe\",0"	Install VALORANT.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
904	RiotClientServices.exe
904	RiotClientServices.exe
904	RiotClientServices.exe
904	RiotClientServices.exe
904	RiotClientServices.exe
904	RiotClientServices.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	1728	Install VALORANT.exe
Token: SeIncBasePriorityPrivilege	1616	Install VALORANT.exe
Token: SeIncBasePriorityPrivilege	1968	RiotClientServices.exe
Token: SeIncBasePriorityPrivilege	904	RiotClientServices.exe
Token: SeIncBasePriorityPrivilege	1768	RiotClientServices.exe
Token: SeIncBasePriorityPrivilege	904	RiotClientServices.exe
Token: SeIncBasePriorityPrivilege	904	RiotClientServices.exe
Token: SeIncBasePriorityPrivilege	1544	RiotClientServices.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
904	RiotClientServices.exe
904	RiotClientServices.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
904	RiotClientServices.exe
904	RiotClientServices.exe

Suspicious use of WriteProcessMemory 35 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 1616	1728	Install VALORANT.exe	28
PID 1728 wrote to memory of 1616	1728	Install VALORANT.exe	28
PID 1728 wrote to memory of 1616	1728	Install VALORANT.exe	28
PID 1728 wrote to memory of 1616	1728	Install VALORANT.exe	28
PID 1728 wrote to memory of 1616	1728	Install VALORANT.exe	28
PID 1728 wrote to memory of 1616	1728	Install VALORANT.exe	28
PID 1728 wrote to memory of 1616	1728	Install VALORANT.exe	28
PID 1616 wrote to memory of 1968	1616	Install VALORANT.exe	30
PID 1616 wrote to memory of 1968	1616	Install VALORANT.exe	30
PID 1616 wrote to memory of 1968	1616	Install VALORANT.exe	30
PID 1616 wrote to memory of 1968	1616	Install VALORANT.exe	30
PID 1728 wrote to memory of 904	1728	Install VALORANT.exe	31
PID 1728 wrote to memory of 904	1728	Install VALORANT.exe	31
PID 1728 wrote to memory of 904	1728	Install VALORANT.exe	31
PID 1728 wrote to memory of 904	1728	Install VALORANT.exe	31
PID 904 wrote to memory of 1768	904	RiotClientServices.exe	33
PID 904 wrote to memory of 1768	904	RiotClientServices.exe	33
PID 904 wrote to memory of 1768	904	RiotClientServices.exe	33
PID 904 wrote to memory of 1768	904	RiotClientServices.exe	33
PID 1768 wrote to memory of 956	1768	RiotClientServices.exe	34
PID 1768 wrote to memory of 956	1768	RiotClientServices.exe	34
PID 1768 wrote to memory of 956	1768	RiotClientServices.exe	34
PID 1768 wrote to memory of 956	1768	RiotClientServices.exe	34
PID 904 wrote to memory of 1184	904	RiotClientServices.exe	35
PID 904 wrote to memory of 1184	904	RiotClientServices.exe	35
PID 904 wrote to memory of 1184	904	RiotClientServices.exe	35
PID 904 wrote to memory of 1184	904	RiotClientServices.exe	35
PID 1760 wrote to memory of 960	1760	RiotClientUx.exe	37
PID 1760 wrote to memory of 960	1760	RiotClientUx.exe	37
PID 1760 wrote to memory of 960	1760	RiotClientUx.exe	37
PID 1760 wrote to memory of 960	1760	RiotClientUx.exe	37
PID 904 wrote to memory of 1544	904	RiotClientServices.exe	38
PID 904 wrote to memory of 1544	904	RiotClientServices.exe	38
PID 904 wrote to memory of 1544	904	RiotClientServices.exe	38
PID 904 wrote to memory of 1544	904	RiotClientServices.exe	38

C:\Users\Admin\AppData\Local\Temp\Install VALORANT.exe
"C:\Users\Admin\AppData\Local\Temp\Install VALORANT.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Users\Admin\AppData\Local\Temp\Install VALORANT.exe
  "C:\Users\Admin\AppData\Local\Temp\Install VALORANT.exe" --agent --riotclient-app-port=49164 --riotclient-auth-token=4B_PsTLFIRll0adf0WFzTA --app-root=C:/Users/Admin/AppData/Local/Temp "--data-root=C:/ProgramData/Riot Games/Metadata" "--update-root=C:/ProgramData/Riot Games/Metadata/Install VALORANT/Update" "--log-root=C:/Users/Admin/AppData/Local/Riot Games/Install VALORANT/Logs" "--user-data-root=C:/Users/Admin/AppData/Local/Riot Games/Install VALORANT" --session-id=6bdcab9f-033a-2e43-8a62-d04305402b4c
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1616
- - C:\Riot Games\Riot Client\RiotClientServices.exe
    "C:/Riot Games/Riot Client/RiotClientServices.exe" --agent --agent-bootstrap --riotclient-app-port=49170 --riotclient-auth-token=SSHIM_C4QDLtF2OnBevXuA --app-root=C:/Users/Admin/AppData/Local/Temp "--data-root=C:/ProgramData/Riot Games/Metadata" "--update-root=C:/ProgramData/Riot Games/Metadata/Install VALORANT/Update" "--log-root=C:/Users/Admin/AppData/Local/Riot Games/Install VALORANT/Logs" "--user-data-root=C:/Users/Admin/AppData/Local/Riot Games/Install VALORANT"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:1968
- C:\Riot Games\Riot Client\RiotClientServices.exe
  "C:/Riot Games/Riot Client/RiotClientServices.exe" --launch-product=valorant --launch-patchline=live --force-auto-patch --shard=valorant:live:latam --locale=en_US --session-id=6bdcab9f-033a-2e43-8a62-d04305402b4c --install-flow --agent-pid=1968 --agent-port=49220 --agent-auth-token=7JZ0fLZQ1vwvBMK-p6A0AA
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:904
- - C:\Riot Games\Riot Client\RiotClientServices.exe
    "C:\Riot Games\Riot Client\RiotClientServices.exe" --agent --riotclient-app-port=49227 --riotclient-auth-token=Ex9_ZYSQ5y7HzLaHq5h1vQ "--app-root=C:/Riot Games/Riot Client" "--data-root=C:/ProgramData/Riot Games/Metadata" "--update-root=C:/ProgramData/Riot Games/Metadata/Riot Client/Update" "--log-root=C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs" "--user-data-root=C:/Users/Admin/AppData/Local/Riot Games/Riot Client" --session-id=6bdcab9f-033a-2e43-8a62-d04305402b4c
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1768
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 456
      4⤵
      Loads dropped DLL
      Program crash
      PID:956
- - C:\Riot Games\Riot Client\RiotClientCrashHandler.exe
    "C:\Riot Games\Riot Client\RiotClientCrashHandler.exe" --no-rate-limit "--attachment=2023-01-02T04-56-38_904_Riot_Client.0.log=C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs/Riot Client Logs/2023-01-02T04-56-38_904_Riot Client.0.log" "--attachment=2023-01-02T04-56-38_904_Riot_Client.log=C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs/Riot Client Logs/2023-01-02T04-56-38_904_Riot Client.log" "--attachment=__sentry-breadcrumb1=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\Riot Client\66ae785c-65f0-4362-22b6-7dc14898a2bc.run\__sentry-breadcrumb1" "--attachment=__sentry-breadcrumb2=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\Riot Client\66ae785c-65f0-4362-22b6-7dc14898a2bc.run\__sentry-breadcrumb2" "--attachment=__sentry-event=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\Riot Client\66ae785c-65f0-4362-22b6-7dc14898a2bc.run\__sentry-event" "--database=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\Riot Client" "--metrics-dir=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\Riot Client" --url=https://sentry.io:443/api/1339107/minidump/?sentry_key=dc54709324504ab18ddf517a83f99e1a --initial-client-data=0x244,0x248,0x24c,0x1bc,0x250,0x742b0db8,0x742b0dc8,0x742b0dd8
    3⤵
    - Executes dropped EXE
    PID:1184
- - C:\Riot Games\Riot Client\UX\RiotClientUx.exe
    "C:/Riot Games/Riot Client/UX/RiotClientUx.exe" --app-port=49278 --remoting-auth-token=TYqC0gRrPowJ3sIbzC_CMw --app-pid=904 "--log-dir=C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs" "--user-data-root=C:/Users/Admin/AppData/Local/Riot Games/Riot Client" "--app-root=C:/Riot Games/Riot Client" --crashpad-environment=KeystoneFoundationLiveWin
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1760
  - - C:\Riot Games\Riot Client\RiotClientCrashHandler.exe
      "C:\Riot Games\Riot Client\RiotClientCrashHandler.exe" --no-rate-limit "--attachment=2023-01-02T04-56-54_1760_RiotClientUx.0.log=C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs/Riot Client UX Logs/2023-01-02T04-56-54_1760_RiotClientUx.0.log" "--attachment=2023-01-02T04-56-54_1760_RiotClientUx.log=C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs/Riot Client UX Logs/2023-01-02T04-56-54_1760_RiotClientUx.log" "--attachment=__sentry-breadcrumb1=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\RiotClientUx\878bdd62-3100-4c4d-aa23-d6d3bb973a32.run\__sentry-breadcrumb1" "--attachment=__sentry-breadcrumb2=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\RiotClientUx\878bdd62-3100-4c4d-aa23-d6d3bb973a32.run\__sentry-breadcrumb2" "--attachment=__sentry-event=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\RiotClientUx\878bdd62-3100-4c4d-aa23-d6d3bb973a32.run\__sentry-event" "--database=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\RiotClientUx" "--metrics-dir=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\RiotClientUx" --url=https://sentry.io:443/api/1339107/minidump/?sentry_key=dc54709324504ab18ddf517a83f99e1a --initial-client-data=0x1f4,0x1f8,0x1fc,0x1c8,0x200,0x186e0a8,0x186e0b8,0x186e0c8
      4⤵
      Executes dropped EXE
      PID:960
- - C:\Riot Games\Riot Client\RiotClientServices.exe
    "C:\Riot Games\Riot Client\RiotClientServices.exe" --agent --riotclient-app-port=49278 --riotclient-auth-token=DEcYBUmLHXFb8W4C_YrMyg
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:1544
- - C:\Riot Games\Riot Client\UX\RiotClientUx.exe
    "C:/Riot Games/Riot Client/UX/RiotClientUx.exe" --app-port=49278 --remoting-auth-token=LzbKsvrEqtp2LIMTn3Ysrg --app-pid=904 "--log-dir=C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs" "--user-data-root=C:/Users/Admin/AppData/Local/Riot Games/Riot Client" "--app-root=C:/Riot Games/Riot Client" --crashpad-environment=KeystoneFoundationLiveWin
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1632

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Riot Games\Metadata\Riot Client\Riot Client.db

Filesize
352KB

MD5
ab7c7cbcf928daad016c6b24f961c804

SHA1
7507d3e4bc6843788abe90251049ac3c5bfc8cfe

SHA256
1dc9180fbf2d64c1b4583101fb56a5cd94ab5cdfc2494b865f9b31b272ef724e

SHA512
e0d160092bbcb90007e64cd570643f8050f8a87b2ef07e8a2433da15537273d5efbcb008d59ad3c96a8ddf6c0c188662fb6e087415459ecae0e03047ab8f9720

Download Submit
C:\ProgramData\Riot Games\Metadata\Riot Client\Riot Client.ok

Filesize
97B

MD5
575f7c3fbc92cfde5a6dbe215e27678a

SHA1
ea074a4e5bbf56f780caff4400be36aacc0de8b0

SHA256
41cbaa93d820233d7f5ddd59c227131ff7f68ca7a11c830a61d98f3fb3c4aa9e

SHA512
7a62f3a224af81f263b9534f7605592bfdf3e4a795dd2ee7c002ee1929f95fe54c288e0439a39b48165c79235468c478e18a3713232da8f7c0187243f13148bf

Download Submit
C:\ProgramData\Riot Games\Metadata\valorant.live\valorant.live.product_settings.yaml

Filesize
504B

MD5
b492ea31761406a3e24d7c33947412e9

SHA1
784266a5ef179b7a29c5b1de3ec65fe7ce696cd9

SHA256
23a89af77baa5eb9f1849766a39d5bae8b58b72e59f756db18bce1f23e65010f

SHA512
0e838b8ab9887dae18914fa98a2d86eb0bc3956f58d00cfde296395b9b7f89b17e23f81019679b68ddb8cbce23eaddc3f93c47ac2e5d80e39a6341392d6ae16c

Download Submit
C:\ProgramData\Riot Games\machine.cfg

Filesize
39B

MD5
efd9b59de500f6a840c99ef0133e7908

SHA1
3c17d43d3d9abc39b09afb640d248b3ce6c97cdc

SHA256
54a143e0deebde9d1437c70a8d3318bf6152085567d57e4a32ea759383d4f65d

SHA512
79b22cba524a2b6f1a8802081f2e313a0e261a0f58dd3a1a434b048da3d67dd787168ef95f6f2a67152c502600b8e057d1d8106aece946a73ae26f65a12259e5

Download Submit
C:\Riot Games\Riot Client\RiotClientCrashHandler.exe

Filesize
1.9MB

MD5
e9022af4e5cf995c2f2a9d897af560e9

SHA1
f6a0e432af5a1f87492d936afcadc0fb671b3da2

SHA256
76d2ad3dfa217321475a92b2f7ddf497d69e3c8537b216f83e512e4fa91c332f

SHA512
4c48a505f1d37b319ffdafafef4ca4ac7eab103d32088c3c1dad40b37036f9b73c454d030a3a15c4bbbe4935b583f162434eb6952bee35f3442d471b45932278

Download Submit
C:\Riot Games\Riot Client\RiotClientCrashHandler.exe

Filesize
1.9MB

MD5
e9022af4e5cf995c2f2a9d897af560e9

SHA1
f6a0e432af5a1f87492d936afcadc0fb671b3da2

SHA256
76d2ad3dfa217321475a92b2f7ddf497d69e3c8537b216f83e512e4fa91c332f

SHA512
4c48a505f1d37b319ffdafafef4ca4ac7eab103d32088c3c1dad40b37036f9b73c454d030a3a15c4bbbe4935b583f162434eb6952bee35f3442d471b45932278

Download Submit
C:\Riot Games\Riot Client\RiotClientCrashHandler.exe

Filesize
1.9MB

MD5
e9022af4e5cf995c2f2a9d897af560e9

SHA1
f6a0e432af5a1f87492d936afcadc0fb671b3da2

SHA256
76d2ad3dfa217321475a92b2f7ddf497d69e3c8537b216f83e512e4fa91c332f

SHA512
4c48a505f1d37b319ffdafafef4ca4ac7eab103d32088c3c1dad40b37036f9b73c454d030a3a15c4bbbe4935b583f162434eb6952bee35f3442d471b45932278

Download Submit
C:\Riot Games\Riot Client\RiotClientFoundation.dll

Filesize
9.8MB

MD5
f1698ba7d7f63fac1a8fdb78d20c68dd

SHA1
a95b1f59ddd447df1c660c9510275d9ca4f5b3d8

SHA256
584e8c618e1b3b255847c39cce3051e3c4c5eedb76a0d3861b33e6ab56b7c27e

SHA512
c902931762b5aa91d40c97cb6aa623b50eaf253281764163ace47d424e33bc0155cab4534a54e7e7adaddb514130b63695cf232c0c94a94a955d9a369457bd38

Download Submit
C:\Riot Games\Riot Client\RiotClientServices.exe

Filesize
66.5MB

MD5
be96e36b038efff397958a0877f06185

SHA1
cacfc58f9510b821ccf97c8bfc23da786041bac9

SHA256
68db34e4450aeac83973e0c36d5479bb4a7e4071fa17f55e44f48a5d194db961

SHA512
6f208bab44a7f99d6ce13f10865ccdedf772ff6a1f22ee921d294b26c0d8827d6af916a2f0047fb3e5bf6e908516f5f5b7bfd851738f347d143bf5ff89d22b84

Download Submit
C:\Riot Games\Riot Client\RiotClientServices.exe

Filesize
66.5MB

MD5
be96e36b038efff397958a0877f06185

SHA1
cacfc58f9510b821ccf97c8bfc23da786041bac9

SHA256
68db34e4450aeac83973e0c36d5479bb4a7e4071fa17f55e44f48a5d194db961

SHA512
6f208bab44a7f99d6ce13f10865ccdedf772ff6a1f22ee921d294b26c0d8827d6af916a2f0047fb3e5bf6e908516f5f5b7bfd851738f347d143bf5ff89d22b84

Download Submit
C:\Riot Games\Riot Client\RiotClientServices.exe

Filesize
66.5MB

MD5
be96e36b038efff397958a0877f06185

SHA1
cacfc58f9510b821ccf97c8bfc23da786041bac9

SHA256
68db34e4450aeac83973e0c36d5479bb4a7e4071fa17f55e44f48a5d194db961

SHA512
6f208bab44a7f99d6ce13f10865ccdedf772ff6a1f22ee921d294b26c0d8827d6af916a2f0047fb3e5bf6e908516f5f5b7bfd851738f347d143bf5ff89d22b84

Download Submit
C:\Riot Games\Riot Client\RiotClientServices.exe

Filesize
66.5MB

MD5
be96e36b038efff397958a0877f06185

SHA1
cacfc58f9510b821ccf97c8bfc23da786041bac9

SHA256
68db34e4450aeac83973e0c36d5479bb4a7e4071fa17f55e44f48a5d194db961

SHA512
6f208bab44a7f99d6ce13f10865ccdedf772ff6a1f22ee921d294b26c0d8827d6af916a2f0047fb3e5bf6e908516f5f5b7bfd851738f347d143bf5ff89d22b84

Download Submit
C:\Riot Games\Riot Client\RiotClientServices.exe

Filesize
66.5MB

MD5
be96e36b038efff397958a0877f06185

SHA1
cacfc58f9510b821ccf97c8bfc23da786041bac9

SHA256
68db34e4450aeac83973e0c36d5479bb4a7e4071fa17f55e44f48a5d194db961

SHA512
6f208bab44a7f99d6ce13f10865ccdedf772ff6a1f22ee921d294b26c0d8827d6af916a2f0047fb3e5bf6e908516f5f5b7bfd851738f347d143bf5ff89d22b84

Download Submit
C:\Riot Games\Riot Client\RiotGamesApi.dll

Filesize
30.8MB

MD5
2fffb2d7b044bb165b7f87dd27d9e969

SHA1
c741871bac89b8d26e6c652df77b40e5a2b3dcaa

SHA256
d9a69c5e56af6eb854e30cebdbd017d9c2565ae652faeda12d2ffbde824c7102

SHA512
170ec853afc7299750cc215ab9a4f09841d6f738853a6fbf88a731da6878e3fe301805eb81d363924e992cf4515c2e6cbf1e617563f86a237f49dbe004e2f0a6

Download Submit
C:\Riot Games\Riot Client\UX\RiotClientUx.exe

Filesize
5.3MB

MD5
53d1fb80e61e0dcda33dfb9f6b1f8ffe

SHA1
368a94d4f13aa73789108ff9b791588aa201b95a

SHA256
d778eb53c0ffeae065852bfcd8439036beecfa05d156a6b2c6d5d7d75510a8db

SHA512
4bef2360756d1d214a0f18f28b7a6a4135f11ac1704ff817bf4d8f0a1c66c4f630739ab585a60c39e51db979683f422d9496ab4d168db9f4ea0fafe0d5884795

Download Submit
C:\Riot Games\Riot Client\UX\RiotClientUx.exe

Filesize
5.3MB

MD5
53d1fb80e61e0dcda33dfb9f6b1f8ffe

SHA1
368a94d4f13aa73789108ff9b791588aa201b95a

SHA256
d778eb53c0ffeae065852bfcd8439036beecfa05d156a6b2c6d5d7d75510a8db

SHA512
4bef2360756d1d214a0f18f28b7a6a4135f11ac1704ff817bf4d8f0a1c66c4f630739ab585a60c39e51db979683f422d9496ab4d168db9f4ea0fafe0d5884795

Download Submit
C:\Riot Games\Riot Client\UX\RiotClientUx.exe

Filesize
5.3MB

MD5
53d1fb80e61e0dcda33dfb9f6b1f8ffe

SHA1
368a94d4f13aa73789108ff9b791588aa201b95a

SHA256
d778eb53c0ffeae065852bfcd8439036beecfa05d156a6b2c6d5d7d75510a8db

SHA512
4bef2360756d1d214a0f18f28b7a6a4135f11ac1704ff817bf4d8f0a1c66c4f630739ab585a60c39e51db979683f422d9496ab4d168db9f4ea0fafe0d5884795

Download Submit
C:\Riot Games\Riot Client\UX\cef.pak

Filesize
3.5MB

MD5
52f3fc9f9b84e341e57c4bf337b35b9f

SHA1
42425795baa91001ae79743a9e9023ec0ea5e6ad

SHA256
42b4cd144d1a6e395f9314ddf963ea65ca957a0a813d71b5f6e07ae40513c613

SHA512
4866f01ddc49b59ba44cf13628bdab7129a72cec8563bedc4664bfb2de6c0736afec2960941f17b274a4680fbaa745bde471ce623ed4f589ac31f7fe6bf4dd71

Download Submit
C:\Riot Games\Riot Client\UX\cef_100_percent.pak

Filesize
724KB

MD5
277a53a3922d71cc99626ab835cc8677

SHA1
e711062e5fef4f8c2e6fa2a0e93c0a6aca3a8056

SHA256
dae17c53566d83e24b8dbeb4329ff9a11999b05d30c2fc1d8d6a585535f6d3f8

SHA512
33d8a7843adf6c32cf6940806a0d934d67b8f6236ecbf560d226fe45180eefde35bdde97079a3f85f58188be199905255c51bc0028e4222f1440ebe51c224ba8

Download Submit
C:\Riot Games\Riot Client\UX\cef_200_percent.pak

Filesize
852KB

MD5
1822748dcb06d101954426fe75a62eb3

SHA1
8fd06ab468b681cb2818ac729594357535fbf5ec

SHA256
faded3d34e58c4dd61557f1f4c14c2dc83685a2259fdfa641f5d09eef5bbfbd5

SHA512
1315d155bce36b542d5b65def911e8e6fbb215bb11826bbe2e3f2b34f9e6163d25bbf880a59d8735aa02cd701d16d64d3ac61bb93a63234da0c4bdf22f9d08c8

Download Submit
C:\Riot Games\Riot Client\UX\cef_extensions.pak

Filesize
1.7MB

MD5
597e878419411cc2ce35029b9c44cb72

SHA1
7d2d43b1c87679fcb9f6818ed14bba2d0e330775

SHA256
eb3bfc21fa8561afbb5ce1298797b6b832b02d2b09dff878725a035e19b31da3

SHA512
0b6f29fe03181458f335b440115b8b364b8ce3da554682affa7c2832530d61ec42447a9a7cc85f709ecf93209981133d2c98b150e49486f3227c165f3ce4057b

Download Submit
C:\Riot Games\Riot Client\UX\chrome_elf.dll

Filesize
690KB

MD5
4bc92038a76a457a1c36499bd843aa1a

SHA1
0ec0ab717f116231ee1f120e958aa1876845ffb0

SHA256
6084e9d7bf40c57c141e99fd061671abbf82dda61e8567dab22d4b5fdbc0cc29

SHA512
2ad8b1432bd79879d92e0d64ac0a5f14f554683a123e7fb86622a5263c3844c218d14495f60b4987add2e2d425348b3b63c1c398ae7ab5c59f11f22f7ef3e768

Download Submit
C:\Riot Games\Riot Client\UX\devtools_resources.pak

Filesize
5.7MB

MD5
766eba8610853eb8c8985a3bbe44f6f3

SHA1
41e12e3783b5210735cc8a9f8e4bcf8da43c8e36

SHA256
7e9091666d5253441fe0639d01867450623a4add8fa375a31d09e9d1b0f67026

SHA512
688e5174c931fe0e3661d4a45139b5faea5460efcd30491dd9258ad5f36872ce51646eb638c837e8784785fe1806a63e5f68e796e68eab8a5ecc98b22cfd44e6

Download Submit
C:\Riot Games\Riot Client\UX\ffmpeg.dll

Filesize
1.2MB

MD5
eae2a95bb9404eda67360ebefeb32080

SHA1
a2ba1507a815c54a91f74f3f1965ff1cceb75e13

SHA256
ebdf82bf567ba506879352053d5d670b369a41cfe783f3c177010460146518d3

SHA512
f6a06c3d678195b5c9b091e89b4493cf4012f1cf1f820f2778d28236d9566ed115feacb07f237ec79a8b71ddba3453d57233c63e079a0b498ad09b561a0e472c

Download Submit
C:\Riot Games\Riot Client\UX\icudtl.dat

Filesize
9.8MB

MD5
9705ff0fa594bb28520963db19f5471f

SHA1
0ecbb9512795e2617cf48618dd050dc0f044df3f

SHA256
66f13a0329f46e2d26fb483cb497dbdf7bb6b84d85c2e7c5bc8ea096a8bb8b1a

SHA512
a06dc6b04556692c5fd363d15590d485ce2a8bf4eb7a6a55068aade31c7db0c7b6c15249e2fc037a1b94d6ace3ecd962ad2c9cff21d50c205134189fa928788e

Download Submit
C:\Riot Games\Riot Client\UX\libcef.dll

Filesize
89.2MB

MD5
481df7f01a1b3a6d028790d20f2d97bb

SHA1
2d56b5244ad233e1c9ca727b502d5c54976ba431

SHA256
dc01fa5ca5c750c8c9ac807ae10cafb6edc3ded266d116dbf488c5bd67ee96cd

SHA512
630a7931f7bf23f27580c87dbd9093e78e26a322e708faca6dd79778640e624f7816c84114be28017fb26f53f49a56bba42ecfa96be06b901d6e24a087a4ecc6

Download Submit
C:\Riot Games\Riot Client\UX\locales\en-US.pak

Filesize
180KB

MD5
dc99f78630d32819ebce696dafd26579

SHA1
34e9f3f8be6fba7e0c586cec4aa203422efe281e

SHA256
3e3d563b035609fb2e0dbc9cce32c23fceb4e69db36b9d49ef355515b425ba93

SHA512
460f6a965534f99bc5c5e294bd7571b0e4291bcd226da0c808eb4181984f279edea0325d1816c3d654b78cbd05fb3a5e233c0fb5bb8dfdbcd010ed17f6b4de9f

Download Submit
C:\Riot Games\Riot Client\UX\natives_blob.bin

Filesize
81KB

MD5
d2414b8ae71f3f827b984167054e21a1

SHA1
a1768d8f11596c7e24f702e6b7fcf6b0c45d0506

SHA256
66a747124929695fdf5b74812e15518ee7ed4e1406e53febe064c39931948449

SHA512
e575fc3673d278f7b80625d99c840cda059661b977a37ed738f36c4a260850d92efa2ee567584f58fd57d82d31fcfbf5df4b0769bdf03d796df6326476b4abac

Download Submit
C:\Riot Games\Riot Client\UX\v8_context_snapshot.bin

Filesize
595KB

MD5
4677848facecd448d4360aa079dde2e6

SHA1
d7ecafbbc6605a27b4787851725d16b0036f26b1

SHA256
adf73a975a45763e683a1287914024254e4994947805bd0e528086e93590e66e

SHA512
55c852cf0a4d276ee32c35da00543c42fa1e05ca87294368a4fe7c3b3ced602ee0f47514d355e86127f80510f68c5a51ae3a3a6983b0e717c96c721ec9b235f0

Download Submit
C:\Riot Games\Riot Client\system.yaml

Filesize
16KB

MD5
050fc31c8fcddaed084965562f5dc2b8

SHA1
285a02a573c9359c77b4c8f9e127d331a289c091

SHA256
4f073ca28aacc0bc59b6cf2dd2ec3aa091af803f53174a5d7fcff75f2e9c9edb

SHA512
013b9a32a5f3406a54ddf766e741dbb20619a800a3adb02fb31245830add87f56e0dd5f33e683b373260ff8c217c97bcb7e650c2506243121e7f19e42c0bd695

Download Submit
C:\Riot Games\Riot Client\vgrl.dll

Filesize
3.4MB

MD5
15620a9f1936c028377523116e657b82

SHA1
be2d28d85af3c0e98884b6874f4668d361caf7c4

SHA256
786499d901e9b4f7d5f5d00847fd09ee6ddfebe7ef824c53b49e569a670d6e28

SHA512
1ae0c54dd997aeb9d95a5f78be98ebf66a022545ec6e61422fd8c754030ffec0485aabf3ffa7b9ca9feb7c6f638cde94c7335d56a17d9eb9fea2c179f2326f9a

Download Submit
C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Config\RiotClientSettings.yaml

Filesize
559B

MD5
9da1809988f0844d4366504e4aa2bc49

SHA1
aeda5d2a18680d84c9dfeb7087f1fbb29aa727eb

SHA256
58358b359aedbe3cf8fedbd2b46e34ba186875245c9a0adfa8cfe41e20b69cb2

SHA512
46c2b76858c2eb68aee15e956459956ad830ec134968564b3b15f1ccac324a0a0628af674d6e64eae2f78d82a257358172aac4ff66378759660158ffe03b51c2

Download Submit
C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\Riot Client\settings.dat

Filesize
40B

MD5
66aeaa690bf2bcf36324ec97909fe383

SHA1
1cd99ec5672daaf13969e1356355c0ff8852e509

SHA256
7be3f727bcf9fa69b83a8a0703af73bea556306c6330c42b0ca0eecf592df5e5

SHA512
19a469e054b6aae1093598b4f6d8225f0bbbfdfe3c22f69089465c61a977cc3a255e6beac4d4e1cadaf4377360a11eba843464431840f491dfc825fa217f1bef

Download Submit
C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\RiotClientUx\settings.dat

Filesize
40B

MD5
82856629799e560469475fdef27f0268

SHA1
dc837662d5411c20850f7e484188e22041dac508

SHA256
cefa7ffe7e4ddc8f78d2d9690e46a0a892cac6c4a2ef72e6fcb5d76b2bba2b49

SHA512
33b07331f3f0ad86e270e89d0ea93b1c72f636076f442c68f7ab3c1e23e88655a283b7ff7d1882589cc5cdbd16bb9cabb2ce274c795b7deb8b885f2106fa169d

Download Submit
\Riot Games\Riot Client\RiotClientCrashHandler.exe

Filesize
1.9MB

MD5
e9022af4e5cf995c2f2a9d897af560e9

SHA1
f6a0e432af5a1f87492d936afcadc0fb671b3da2

SHA256
76d2ad3dfa217321475a92b2f7ddf497d69e3c8537b216f83e512e4fa91c332f

SHA512
4c48a505f1d37b319ffdafafef4ca4ac7eab103d32088c3c1dad40b37036f9b73c454d030a3a15c4bbbe4935b583f162434eb6952bee35f3442d471b45932278

Download Submit
\Riot Games\Riot Client\RiotClientFoundation.dll

Filesize
9.8MB

MD5
f1698ba7d7f63fac1a8fdb78d20c68dd

SHA1
a95b1f59ddd447df1c660c9510275d9ca4f5b3d8

SHA256
584e8c618e1b3b255847c39cce3051e3c4c5eedb76a0d3861b33e6ab56b7c27e

SHA512
c902931762b5aa91d40c97cb6aa623b50eaf253281764163ace47d424e33bc0155cab4534a54e7e7adaddb514130b63695cf232c0c94a94a955d9a369457bd38

Download Submit
\Riot Games\Riot Client\RiotClientServices.exe

Filesize
66.5MB

MD5
be96e36b038efff397958a0877f06185

SHA1
cacfc58f9510b821ccf97c8bfc23da786041bac9

SHA256
68db34e4450aeac83973e0c36d5479bb4a7e4071fa17f55e44f48a5d194db961

SHA512
6f208bab44a7f99d6ce13f10865ccdedf772ff6a1f22ee921d294b26c0d8827d6af916a2f0047fb3e5bf6e908516f5f5b7bfd851738f347d143bf5ff89d22b84

Download Submit
\Riot Games\Riot Client\RiotClientServices.exe

Filesize
66.5MB

MD5
be96e36b038efff397958a0877f06185

SHA1
cacfc58f9510b821ccf97c8bfc23da786041bac9

SHA256
68db34e4450aeac83973e0c36d5479bb4a7e4071fa17f55e44f48a5d194db961

SHA512
6f208bab44a7f99d6ce13f10865ccdedf772ff6a1f22ee921d294b26c0d8827d6af916a2f0047fb3e5bf6e908516f5f5b7bfd851738f347d143bf5ff89d22b84

Download Submit
\Riot Games\Riot Client\RiotClientServices.exe

Filesize
66.5MB

MD5
be96e36b038efff397958a0877f06185

SHA1
cacfc58f9510b821ccf97c8bfc23da786041bac9

SHA256
68db34e4450aeac83973e0c36d5479bb4a7e4071fa17f55e44f48a5d194db961

SHA512
6f208bab44a7f99d6ce13f10865ccdedf772ff6a1f22ee921d294b26c0d8827d6af916a2f0047fb3e5bf6e908516f5f5b7bfd851738f347d143bf5ff89d22b84

Download Submit
\Riot Games\Riot Client\RiotClientServices.exe

Filesize
66.5MB

MD5
be96e36b038efff397958a0877f06185

SHA1
cacfc58f9510b821ccf97c8bfc23da786041bac9

SHA256
68db34e4450aeac83973e0c36d5479bb4a7e4071fa17f55e44f48a5d194db961

SHA512
6f208bab44a7f99d6ce13f10865ccdedf772ff6a1f22ee921d294b26c0d8827d6af916a2f0047fb3e5bf6e908516f5f5b7bfd851738f347d143bf5ff89d22b84

Download Submit
\Riot Games\Riot Client\RiotClientServices.exe

Filesize
66.5MB

MD5
be96e36b038efff397958a0877f06185

SHA1
cacfc58f9510b821ccf97c8bfc23da786041bac9

SHA256
68db34e4450aeac83973e0c36d5479bb4a7e4071fa17f55e44f48a5d194db961

SHA512
6f208bab44a7f99d6ce13f10865ccdedf772ff6a1f22ee921d294b26c0d8827d6af916a2f0047fb3e5bf6e908516f5f5b7bfd851738f347d143bf5ff89d22b84

Download Submit
\Riot Games\Riot Client\RiotClientServices.exe

Filesize
66.5MB

MD5
be96e36b038efff397958a0877f06185

SHA1
cacfc58f9510b821ccf97c8bfc23da786041bac9

SHA256
68db34e4450aeac83973e0c36d5479bb4a7e4071fa17f55e44f48a5d194db961

SHA512
6f208bab44a7f99d6ce13f10865ccdedf772ff6a1f22ee921d294b26c0d8827d6af916a2f0047fb3e5bf6e908516f5f5b7bfd851738f347d143bf5ff89d22b84

Download Submit
\Riot Games\Riot Client\RiotClientServices.exe

Filesize
66.5MB

MD5
be96e36b038efff397958a0877f06185

SHA1
cacfc58f9510b821ccf97c8bfc23da786041bac9

SHA256
68db34e4450aeac83973e0c36d5479bb4a7e4071fa17f55e44f48a5d194db961

SHA512
6f208bab44a7f99d6ce13f10865ccdedf772ff6a1f22ee921d294b26c0d8827d6af916a2f0047fb3e5bf6e908516f5f5b7bfd851738f347d143bf5ff89d22b84

Download Submit
\Riot Games\Riot Client\RiotClientServices.exe

Filesize
66.5MB

MD5
be96e36b038efff397958a0877f06185

SHA1
cacfc58f9510b821ccf97c8bfc23da786041bac9

SHA256
68db34e4450aeac83973e0c36d5479bb4a7e4071fa17f55e44f48a5d194db961

SHA512
6f208bab44a7f99d6ce13f10865ccdedf772ff6a1f22ee921d294b26c0d8827d6af916a2f0047fb3e5bf6e908516f5f5b7bfd851738f347d143bf5ff89d22b84

Download Submit
\Riot Games\Riot Client\RiotGamesApi.dll

Filesize
30.8MB

MD5
2fffb2d7b044bb165b7f87dd27d9e969

SHA1
c741871bac89b8d26e6c652df77b40e5a2b3dcaa

SHA256
d9a69c5e56af6eb854e30cebdbd017d9c2565ae652faeda12d2ffbde824c7102

SHA512
170ec853afc7299750cc215ab9a4f09841d6f738853a6fbf88a731da6878e3fe301805eb81d363924e992cf4515c2e6cbf1e617563f86a237f49dbe004e2f0a6

Download Submit
\Riot Games\Riot Client\UX\RiotClientUx.exe

Filesize
5.3MB

MD5
53d1fb80e61e0dcda33dfb9f6b1f8ffe

SHA1
368a94d4f13aa73789108ff9b791588aa201b95a

SHA256
d778eb53c0ffeae065852bfcd8439036beecfa05d156a6b2c6d5d7d75510a8db

SHA512
4bef2360756d1d214a0f18f28b7a6a4135f11ac1704ff817bf4d8f0a1c66c4f630739ab585a60c39e51db979683f422d9496ab4d168db9f4ea0fafe0d5884795

Download Submit
\Riot Games\Riot Client\UX\chrome_elf.dll

Filesize
690KB

MD5
4bc92038a76a457a1c36499bd843aa1a

SHA1
0ec0ab717f116231ee1f120e958aa1876845ffb0

SHA256
6084e9d7bf40c57c141e99fd061671abbf82dda61e8567dab22d4b5fdbc0cc29

SHA512
2ad8b1432bd79879d92e0d64ac0a5f14f554683a123e7fb86622a5263c3844c218d14495f60b4987add2e2d425348b3b63c1c398ae7ab5c59f11f22f7ef3e768

Download Submit
\Riot Games\Riot Client\UX\chrome_elf.dll

Filesize
690KB

MD5
4bc92038a76a457a1c36499bd843aa1a

SHA1
0ec0ab717f116231ee1f120e958aa1876845ffb0

SHA256
6084e9d7bf40c57c141e99fd061671abbf82dda61e8567dab22d4b5fdbc0cc29

SHA512
2ad8b1432bd79879d92e0d64ac0a5f14f554683a123e7fb86622a5263c3844c218d14495f60b4987add2e2d425348b3b63c1c398ae7ab5c59f11f22f7ef3e768

Download Submit
\Riot Games\Riot Client\UX\ffmpeg.dll

Filesize
1.2MB

MD5
eae2a95bb9404eda67360ebefeb32080

SHA1
a2ba1507a815c54a91f74f3f1965ff1cceb75e13

SHA256
ebdf82bf567ba506879352053d5d670b369a41cfe783f3c177010460146518d3

SHA512
f6a06c3d678195b5c9b091e89b4493cf4012f1cf1f820f2778d28236d9566ed115feacb07f237ec79a8b71ddba3453d57233c63e079a0b498ad09b561a0e472c

Download Submit
\Riot Games\Riot Client\UX\ffmpeg.dll

Filesize
1.2MB

MD5
eae2a95bb9404eda67360ebefeb32080

SHA1
a2ba1507a815c54a91f74f3f1965ff1cceb75e13

SHA256
ebdf82bf567ba506879352053d5d670b369a41cfe783f3c177010460146518d3

SHA512
f6a06c3d678195b5c9b091e89b4493cf4012f1cf1f820f2778d28236d9566ed115feacb07f237ec79a8b71ddba3453d57233c63e079a0b498ad09b561a0e472c

Download Submit
\Riot Games\Riot Client\UX\libcef.dll

Filesize
89.2MB

MD5
481df7f01a1b3a6d028790d20f2d97bb

SHA1
2d56b5244ad233e1c9ca727b502d5c54976ba431

SHA256
dc01fa5ca5c750c8c9ac807ae10cafb6edc3ded266d116dbf488c5bd67ee96cd

SHA512
630a7931f7bf23f27580c87dbd9093e78e26a322e708faca6dd79778640e624f7816c84114be28017fb26f53f49a56bba42ecfa96be06b901d6e24a087a4ecc6

Download Submit
\Riot Games\Riot Client\UX\libcef.dll

Filesize
89.2MB

MD5
481df7f01a1b3a6d028790d20f2d97bb

SHA1
2d56b5244ad233e1c9ca727b502d5c54976ba431

SHA256
dc01fa5ca5c750c8c9ac807ae10cafb6edc3ded266d116dbf488c5bd67ee96cd

SHA512
630a7931f7bf23f27580c87dbd9093e78e26a322e708faca6dd79778640e624f7816c84114be28017fb26f53f49a56bba42ecfa96be06b901d6e24a087a4ecc6

Download Submit
\Riot Games\Riot Client\vgrl.dll

Filesize
3.4MB

MD5
15620a9f1936c028377523116e657b82

SHA1
be2d28d85af3c0e98884b6874f4668d361caf7c4

SHA256
786499d901e9b4f7d5f5d00847fd09ee6ddfebe7ef824c53b49e569a670d6e28

SHA512
1ae0c54dd997aeb9d95a5f78be98ebf66a022545ec6e61422fd8c754030ffec0485aabf3ffa7b9ca9feb7c6f638cde94c7335d56a17d9eb9fea2c179f2326f9a

Download Submit
memory/904-92-0x0000000070F80000-0x0000000071487000-memory.dmp

Filesize
5.0MB

Download
memory/1728-54-0x0000000075DA1000-0x0000000075DA3000-memory.dmp

Filesize
8KB

Download