b110d3a1bb9bbb13a6a06ee9d2af75b3fcb100f308c63c4f7260d48407a98e40

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
14/02/2023, 13:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Install VALORANT.exe
Size

65.9MB
MD5

ffeca6b9742f470fb371c7dbb0febffe
SHA1

891faa85c5d2a0fabbbda52107bdb70ba4de6e7d
SHA256

b110d3a1bb9bbb13a6a06ee9d2af75b3fcb100f308c63c4f7260d48407a98e40
SHA512

16a355b07c20b8cb2d26b1d3b39eab302cd0e5e535a73371d4d4087a722e716e1ffd7fae17b1af544d1ed7a03dbcfda4423bf6e791188ed751b15997408757e9
SSDEEP

1572864:eNvwbjSp8K0UNl/Ywrt9E7lzPF5KBBhDIVIbjUp1xDt:xSp8KnAtqBBhDIVNjJ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
1264	RiotClientServices.exe
1452	RiotClientServices.exe
1344	RiotClientCrashHandler.exe
1116	RiotClientUx.exe
1496	RiotClientCrashHandler.exe
1720	RiotClientServices.exe
804	RiotClientUx.exe

Loads dropped DLL 19 IoCs

pid	Process
1332	Install VALORANT.exe
1304	WerFault.exe
1304	WerFault.exe
1304	WerFault.exe
1304	WerFault.exe
1304	WerFault.exe
1304	WerFault.exe
1304	WerFault.exe
1264	RiotClientServices.exe
1264	RiotClientServices.exe
1264	RiotClientServices.exe
1264	RiotClientServices.exe
1264	RiotClientServices.exe
1116	RiotClientUx.exe
1116	RiotClientUx.exe
1116	RiotClientUx.exe
804	RiotClientUx.exe
804	RiotClientUx.exe
804	RiotClientUx.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1304	1452	WerFault.exe	32

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient\shell\open\command	Install VALORANT.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient\shell	Install VALORANT.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient\shell\open	Install VALORANT.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient\ = "URL:Riot Games Protocol"	Install VALORANT.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient\DefaultIcon	Install VALORANT.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient\DefaultIcon\ = "\"C:\\Riot Games\\Riot Client\\RiotClientServices.exe\",0"	Install VALORANT.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient	Install VALORANT.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient\URL Protocol	Install VALORANT.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient\shell\open\command\ = "\"C:\\Riot Games\\Riot Client\\RiotClientServices.exe\" --app-command=\"%1\""	Install VALORANT.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1264	RiotClientServices.exe
1264	RiotClientServices.exe
1496	RiotClientCrashHandler.exe
1496	RiotClientCrashHandler.exe
1264	RiotClientServices.exe
1264	RiotClientServices.exe
1264	RiotClientServices.exe
1264	RiotClientServices.exe
1264	RiotClientServices.exe
1264	RiotClientServices.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	1332	Install VALORANT.exe
Token: SeIncBasePriorityPrivilege	1224	Install VALORANT.exe
Token: SeIncBasePriorityPrivilege	1264	RiotClientServices.exe
Token: SeIncBasePriorityPrivilege	1452	RiotClientServices.exe
Token: SeIncBasePriorityPrivilege	1264	RiotClientServices.exe
Token: SeIncBasePriorityPrivilege	1264	RiotClientServices.exe
Token: SeShutdownPrivilege	1496	RiotClientCrashHandler.exe
Token: SeIncBasePriorityPrivilege	1720	RiotClientServices.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1264	RiotClientServices.exe
1264	RiotClientServices.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1264	RiotClientServices.exe
1264	RiotClientServices.exe

Suspicious use of WriteProcessMemory 31 IoCs

description	pid	Process	procid_target
PID 1332 wrote to memory of 1224	1332	Install VALORANT.exe	28
PID 1332 wrote to memory of 1224	1332	Install VALORANT.exe	28
PID 1332 wrote to memory of 1224	1332	Install VALORANT.exe	28
PID 1332 wrote to memory of 1224	1332	Install VALORANT.exe	28
PID 1332 wrote to memory of 1224	1332	Install VALORANT.exe	28
PID 1332 wrote to memory of 1224	1332	Install VALORANT.exe	28
PID 1332 wrote to memory of 1224	1332	Install VALORANT.exe	28
PID 1332 wrote to memory of 1264	1332	Install VALORANT.exe	30
PID 1332 wrote to memory of 1264	1332	Install VALORANT.exe	30
PID 1332 wrote to memory of 1264	1332	Install VALORANT.exe	30
PID 1332 wrote to memory of 1264	1332	Install VALORANT.exe	30
PID 1264 wrote to memory of 1452	1264	RiotClientServices.exe	32
PID 1264 wrote to memory of 1452	1264	RiotClientServices.exe	32
PID 1264 wrote to memory of 1452	1264	RiotClientServices.exe	32
PID 1264 wrote to memory of 1452	1264	RiotClientServices.exe	32
PID 1452 wrote to memory of 1304	1452	RiotClientServices.exe	33
PID 1452 wrote to memory of 1304	1452	RiotClientServices.exe	33
PID 1452 wrote to memory of 1304	1452	RiotClientServices.exe	33
PID 1452 wrote to memory of 1304	1452	RiotClientServices.exe	33
PID 1264 wrote to memory of 1344	1264	RiotClientServices.exe	34
PID 1264 wrote to memory of 1344	1264	RiotClientServices.exe	34
PID 1264 wrote to memory of 1344	1264	RiotClientServices.exe	34
PID 1264 wrote to memory of 1344	1264	RiotClientServices.exe	34
PID 1116 wrote to memory of 1496	1116	RiotClientUx.exe	36
PID 1116 wrote to memory of 1496	1116	RiotClientUx.exe	36
PID 1116 wrote to memory of 1496	1116	RiotClientUx.exe	36
PID 1116 wrote to memory of 1496	1116	RiotClientUx.exe	36
PID 1264 wrote to memory of 1720	1264	RiotClientServices.exe	37
PID 1264 wrote to memory of 1720	1264	RiotClientServices.exe	37
PID 1264 wrote to memory of 1720	1264	RiotClientServices.exe	37
PID 1264 wrote to memory of 1720	1264	RiotClientServices.exe	37

C:\Users\Admin\AppData\Local\Temp\Install VALORANT.exe
"C:\Users\Admin\AppData\Local\Temp\Install VALORANT.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Users\Admin\AppData\Local\Temp\Install VALORANT.exe
  "C:\Users\Admin\AppData\Local\Temp\Install VALORANT.exe" --agent --riotclient-app-port=49164 --riotclient-auth-token=QvXK-NMfgBE_ctQ6z-vGQQ --app-root=C:/Users/Admin/AppData/Local/Temp "--data-root=C:/ProgramData/Riot Games/Metadata" "--update-root=C:/ProgramData/Riot Games/Metadata/Install VALORANT/Update" "--log-root=C:/Users/Admin/AppData/Local/Riot Games/Install VALORANT/Logs" "--user-data-root=C:/Users/Admin/AppData/Local/Riot Games/Install VALORANT" --session-id=94e47398-0a17-f64e-936e-7ceaee17b4d1
  2⤵
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  PID:1224
- C:\Riot Games\Riot Client\RiotClientServices.exe
  "C:/Riot Games/Riot Client/RiotClientServices.exe" --launch-product=valorant --launch-patchline=live --force-auto-patch --shard=valorant:live:eu --locale=en_US --session-id=94e47398-0a17-f64e-936e-7ceaee17b4d1 --install-flow
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1264
- - C:\Riot Games\Riot Client\RiotClientServices.exe
    "C:\Riot Games\Riot Client\RiotClientServices.exe" --agent --riotclient-app-port=49220 --riotclient-auth-token=ePCC2e4Y9NdqrbkuWVWiRA "--app-root=C:/Riot Games/Riot Client" "--data-root=C:/ProgramData/Riot Games/Metadata" "--update-root=C:/ProgramData/Riot Games/Metadata/Riot Client/Update" "--log-root=C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs" "--user-data-root=C:/Users/Admin/AppData/Local/Riot Games/Riot Client" --session-id=94e47398-0a17-f64e-936e-7ceaee17b4d1
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1452
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 452
      4⤵
      Loads dropped DLL
      Program crash
      PID:1304
- - C:\Riot Games\Riot Client\RiotClientCrashHandler.exe
    "C:\Riot Games\Riot Client\RiotClientCrashHandler.exe" --no-rate-limit "--attachment=2023-02-14T14-25-17_1264_Riot_Client.0.log=C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs/Riot Client Logs/2023-02-14T14-25-17_1264_Riot Client.0.log" "--attachment=2023-02-14T14-25-17_1264_Riot_Client.log=C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs/Riot Client Logs/2023-02-14T14-25-17_1264_Riot Client.log" "--attachment=__sentry-breadcrumb1=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\Riot Client\2d32e095-d51b-4d42-3d0f-a4967a945d82.run\__sentry-breadcrumb1" "--attachment=__sentry-breadcrumb2=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\Riot Client\2d32e095-d51b-4d42-3d0f-a4967a945d82.run\__sentry-breadcrumb2" "--attachment=__sentry-event=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\Riot Client\2d32e095-d51b-4d42-3d0f-a4967a945d82.run\__sentry-event" "--database=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\Riot Client" "--metrics-dir=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\Riot Client" --url=https://sentry.io:443/api/1339107/minidump/?sentry_key=dc54709324504ab18ddf517a83f99e1a --initial-client-data=0x224,0x228,0x22c,0x214,0x230,0x750a1df8,0x750a1e08,0x750a1e18
    3⤵
    - Executes dropped EXE
    PID:1344
- - C:\Riot Games\Riot Client\UX\RiotClientUx.exe
    "C:/Riot Games/Riot Client/UX/RiotClientUx.exe" --app-port=49267 --remoting-auth-token=09zwsT4aJfVwnRadGAPLgg --app-pid=1264 "--log-dir=C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs" "--user-data-root=C:/Users/Admin/AppData/Local/Riot Games/Riot Client" "--app-root=C:/Riot Games/Riot Client" --crashpad-environment=KeystoneFoundationLiveWin
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1116
  - - C:\Riot Games\Riot Client\RiotClientCrashHandler.exe
      "C:\Riot Games\Riot Client\RiotClientCrashHandler.exe" --no-rate-limit "--attachment=2023-02-14T14-25-37_1116_RiotClientUx.0.log=C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs/Riot Client UX Logs/2023-02-14T14-25-37_1116_RiotClientUx.0.log" "--attachment=2023-02-14T14-25-37_1116_RiotClientUx.log=C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs/Riot Client UX Logs/2023-02-14T14-25-37_1116_RiotClientUx.log" "--attachment=__sentry-breadcrumb1=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\RiotClientUx\69360f62-bca5-459a-c3fb-d14eaaa604d6.run\__sentry-breadcrumb1" "--attachment=__sentry-breadcrumb2=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\RiotClientUx\69360f62-bca5-459a-c3fb-d14eaaa604d6.run\__sentry-breadcrumb2" "--attachment=__sentry-event=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\RiotClientUx\69360f62-bca5-459a-c3fb-d14eaaa604d6.run\__sentry-event" "--database=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\RiotClientUx" "--metrics-dir=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\RiotClientUx" --url=https://sentry.io:443/api/1339107/minidump/?sentry_key=dc54709324504ab18ddf517a83f99e1a --initial-client-data=0x1f4,0x1f8,0x1fc,0x1c8,0x200,0x131e0a8,0x131e0b8,0x131e0c8
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1496
- - C:\Riot Games\Riot Client\RiotClientServices.exe
    "C:\Riot Games\Riot Client\RiotClientServices.exe" --agent --riotclient-app-port=49267 --riotclient-auth-token=r035IG0sCzCmbN54xiBXng
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:1720
- - C:\Riot Games\Riot Client\UX\RiotClientUx.exe
    "C:/Riot Games/Riot Client/UX/RiotClientUx.exe" --app-port=49267 --remoting-auth-token=o71nTdOZ2zYXVTqGzwXbGw --app-pid=1264 "--log-dir=C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs" "--user-data-root=C:/Users/Admin/AppData/Local/Riot Games/Riot Client" "--app-root=C:/Riot Games/Riot Client" --crashpad-environment=KeystoneFoundationLiveWin
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:804

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Riot Games\Metadata\Riot Client\Riot Client.db

Filesize
352KB

MD5
8e852488d840852727f0e4e2f1174bf4

SHA1
d1ce5d2fcd6667d52e3451b2ff4c44afed3e2d2d

SHA256
61c5b42ff4b44e83673283bfee98df627d9ce05abeb4fc0460fb7cd5204727c7

SHA512
33c4e4650150f96636c46fdfcedf7c0449f6ae0f1cec21c8c87f326ad3faa87e944d62bb5ba7fbab2cb9dfb46ee4be03dd636b7aafa54e4dc21443a83f746d29

Download Submit
C:\ProgramData\Riot Games\Metadata\Riot Client\Riot Client.ok

Filesize
97B

MD5
7a952a247a6d698c912058739aff13f7

SHA1
175cceafaed59382d094fe4584a4b25c831dd970

SHA256
859fc7fd5de399e60e6fc7ac35403458eaf19f071358a924df41e0e084943b1f

SHA512
44a2da4c1e125c08ecdd9de49022bef128b7233fa1236696ce5918a096767db6d1a6658651c32ef8e7aced696be5469d18907a28fc4cd4b92a340cab01c84ae9

Download Submit
C:\ProgramData\Riot Games\Metadata\valorant.live\valorant.live.ico

Filesize
90KB

MD5
53dc27f05bedcc1dcdb8f04f7b61c5a3

SHA1
3565108d120e92dfcb6a16ed9d62c8c21016fa4e

SHA256
249f3c8b39c364a9ddb2a9a02b4c4d565731066220d07aabc5e70720f6649d56

SHA512
3e4f82d490c221de57979cc13e677de6dfecf0ed2795e2888a9325d5d916f57754404465a0cb81bf2de2f8a858d06037daae250f7a50936fd788af02585942cb

Download Submit
C:\ProgramData\Riot Games\Metadata\valorant.live\valorant.live.product_settings.yaml

Filesize
504B

MD5
3d7bc226d7a1295243cb8cdb8447b435

SHA1
c56a2e66b366f32ad441a6cc53e0a06e68a0d443

SHA256
783ae44df1b08aa2759ba8838c1726482aec045f2d1f75d26a19c09a16a76730

SHA512
ebbbc2b573f1a22f45c2b5356d70b21fa00b3d22971683cb28067109ad9056ac6f86dd7aba90ac1d2b312996de824b87e083b088eca8475bf7e075bd44c50ef4

Download Submit
C:\ProgramData\Riot Games\machine.cfg

Filesize
39B

MD5
7dfcb786f2efab719b9f063cc3f92a5b

SHA1
fdb3c126aa4e5a995b1d2fa5ed08cd6764bddd68

SHA256
1880c0d314fa7ac1b22d8942e3ccf6ba7c02bf2e6290ef6ac41dd169371da9b5

SHA512
455ab5b4327eddf7e2b9c0a34c6bce60a47d80e46a68039934cbf93207e1292338a24d11e25cc0ebcfa856cd6124adaba05f6318b997c9e71490051782c05f2e

Download Submit
C:\Riot Games\Riot Client\RiotClientCrashHandler.exe

Filesize
1.9MB

MD5
e9022af4e5cf995c2f2a9d897af560e9

SHA1
f6a0e432af5a1f87492d936afcadc0fb671b3da2

SHA256
76d2ad3dfa217321475a92b2f7ddf497d69e3c8537b216f83e512e4fa91c332f

SHA512
4c48a505f1d37b319ffdafafef4ca4ac7eab103d32088c3c1dad40b37036f9b73c454d030a3a15c4bbbe4935b583f162434eb6952bee35f3442d471b45932278

Download Submit
C:\Riot Games\Riot Client\RiotClientCrashHandler.exe

Filesize
1.9MB

MD5
e9022af4e5cf995c2f2a9d897af560e9

SHA1
f6a0e432af5a1f87492d936afcadc0fb671b3da2

SHA256
76d2ad3dfa217321475a92b2f7ddf497d69e3c8537b216f83e512e4fa91c332f

SHA512
4c48a505f1d37b319ffdafafef4ca4ac7eab103d32088c3c1dad40b37036f9b73c454d030a3a15c4bbbe4935b583f162434eb6952bee35f3442d471b45932278

Download Submit
C:\Riot Games\Riot Client\RiotClientCrashHandler.exe

Filesize
1.9MB

MD5
e9022af4e5cf995c2f2a9d897af560e9

SHA1
f6a0e432af5a1f87492d936afcadc0fb671b3da2

SHA256
76d2ad3dfa217321475a92b2f7ddf497d69e3c8537b216f83e512e4fa91c332f

SHA512
4c48a505f1d37b319ffdafafef4ca4ac7eab103d32088c3c1dad40b37036f9b73c454d030a3a15c4bbbe4935b583f162434eb6952bee35f3442d471b45932278

Download Submit
C:\Riot Games\Riot Client\RiotClientFoundation.dll

Filesize
9.8MB

MD5
fdcf7d1db07718cacac64d9c7584e91a

SHA1
ac5c6af7fd9521e01f6c8c34e9458d5918eb3fee

SHA256
2796e4a651b434336ee66442a4971d00e9378a2213511fbc258f9a3605097682

SHA512
d7bcd508648ef4d9021b86287716e53802b556d35bbf1ad713d625d209aa9a390a8f22b4cafba7626631122d73cefd9720d1df07b28edd8a8b247a02db79c122

Download Submit
C:\Riot Games\Riot Client\RiotClientServices.exe

Filesize
66.5MB

MD5
0db835872607eed12ed33b731ecb6adc

SHA1
a2cfff06b95c990916fd2f50c4965adc04239f6c

SHA256
8dac39abee4c0c5d21467963f120385a5be91767e14f6a02d34411fe310ef234

SHA512
afc7e7fa686f07ba164af496e025e272f8584be0a2f29d50f86d4477f11525082f9121c68551bc4d64e26c2f5ea636d3ee9ca1814a8005e934ea0fc8fc954156

Download Submit
C:\Riot Games\Riot Client\RiotClientServices.exe

Filesize
66.5MB

MD5
0db835872607eed12ed33b731ecb6adc

SHA1
a2cfff06b95c990916fd2f50c4965adc04239f6c

SHA256
8dac39abee4c0c5d21467963f120385a5be91767e14f6a02d34411fe310ef234

SHA512
afc7e7fa686f07ba164af496e025e272f8584be0a2f29d50f86d4477f11525082f9121c68551bc4d64e26c2f5ea636d3ee9ca1814a8005e934ea0fc8fc954156

Download Submit
C:\Riot Games\Riot Client\RiotClientServices.exe

Filesize
66.5MB

MD5
0db835872607eed12ed33b731ecb6adc

SHA1
a2cfff06b95c990916fd2f50c4965adc04239f6c

SHA256
8dac39abee4c0c5d21467963f120385a5be91767e14f6a02d34411fe310ef234

SHA512
afc7e7fa686f07ba164af496e025e272f8584be0a2f29d50f86d4477f11525082f9121c68551bc4d64e26c2f5ea636d3ee9ca1814a8005e934ea0fc8fc954156

Download Submit
C:\Riot Games\Riot Client\RiotClientServices.exe

Filesize
66.5MB

MD5
0db835872607eed12ed33b731ecb6adc

SHA1
a2cfff06b95c990916fd2f50c4965adc04239f6c

SHA256
8dac39abee4c0c5d21467963f120385a5be91767e14f6a02d34411fe310ef234

SHA512
afc7e7fa686f07ba164af496e025e272f8584be0a2f29d50f86d4477f11525082f9121c68551bc4d64e26c2f5ea636d3ee9ca1814a8005e934ea0fc8fc954156

Download Submit
C:\Riot Games\Riot Client\RiotGamesApi.dll

Filesize
30.8MB

MD5
68e34bb2215cc3e9032429ab40adb652

SHA1
3d6eede19b2af625d0886751b73f02fb0a4bd45f

SHA256
4c7d1c344e2d75bb6460ddf881b12809c84bf1795e7d0808bfa45fa686a454f1

SHA512
21ad6700a2a541f45fdc8409f080863a94d461d8c769df59b85ccf5e07baa1b754199f2d1af71c457561dd810be1d6d87edd933dd1b749f56580a6b37441ce37

Download Submit
C:\Riot Games\Riot Client\UX\RiotClientUx.exe

Filesize
5.3MB

MD5
158653e4f2c93ec090840e945095af15

SHA1
4d2b7d4c2f602ed949c09bc05d15899921da46be

SHA256
8fd11b19f0034341fa42d36c9546f9282d92052dd78b48b07f81a142448be182

SHA512
8f7d81fe94b6436f2db8319a981de0fdee15487d686180964b4699ee50d82a3d2c84889dfc969d185609012cfbc91a34609704e3ca90da9b4d3e2040784af01a

Download Submit
C:\Riot Games\Riot Client\UX\RiotClientUx.exe

Filesize
5.3MB

MD5
158653e4f2c93ec090840e945095af15

SHA1
4d2b7d4c2f602ed949c09bc05d15899921da46be

SHA256
8fd11b19f0034341fa42d36c9546f9282d92052dd78b48b07f81a142448be182

SHA512
8f7d81fe94b6436f2db8319a981de0fdee15487d686180964b4699ee50d82a3d2c84889dfc969d185609012cfbc91a34609704e3ca90da9b4d3e2040784af01a

Download Submit
C:\Riot Games\Riot Client\UX\RiotClientUx.exe

Filesize
5.3MB

MD5
158653e4f2c93ec090840e945095af15

SHA1
4d2b7d4c2f602ed949c09bc05d15899921da46be

SHA256
8fd11b19f0034341fa42d36c9546f9282d92052dd78b48b07f81a142448be182

SHA512
8f7d81fe94b6436f2db8319a981de0fdee15487d686180964b4699ee50d82a3d2c84889dfc969d185609012cfbc91a34609704e3ca90da9b4d3e2040784af01a

Download Submit
C:\Riot Games\Riot Client\UX\cef.pak

Filesize
3.5MB

MD5
52f3fc9f9b84e341e57c4bf337b35b9f

SHA1
42425795baa91001ae79743a9e9023ec0ea5e6ad

SHA256
42b4cd144d1a6e395f9314ddf963ea65ca957a0a813d71b5f6e07ae40513c613

SHA512
4866f01ddc49b59ba44cf13628bdab7129a72cec8563bedc4664bfb2de6c0736afec2960941f17b274a4680fbaa745bde471ce623ed4f589ac31f7fe6bf4dd71

Download Submit
C:\Riot Games\Riot Client\UX\cef_100_percent.pak

Filesize
724KB

MD5
277a53a3922d71cc99626ab835cc8677

SHA1
e711062e5fef4f8c2e6fa2a0e93c0a6aca3a8056

SHA256
dae17c53566d83e24b8dbeb4329ff9a11999b05d30c2fc1d8d6a585535f6d3f8

SHA512
33d8a7843adf6c32cf6940806a0d934d67b8f6236ecbf560d226fe45180eefde35bdde97079a3f85f58188be199905255c51bc0028e4222f1440ebe51c224ba8

Download Submit
C:\Riot Games\Riot Client\UX\cef_200_percent.pak

Filesize
852KB

MD5
1822748dcb06d101954426fe75a62eb3

SHA1
8fd06ab468b681cb2818ac729594357535fbf5ec

SHA256
faded3d34e58c4dd61557f1f4c14c2dc83685a2259fdfa641f5d09eef5bbfbd5

SHA512
1315d155bce36b542d5b65def911e8e6fbb215bb11826bbe2e3f2b34f9e6163d25bbf880a59d8735aa02cd701d16d64d3ac61bb93a63234da0c4bdf22f9d08c8

Download Submit
C:\Riot Games\Riot Client\UX\cef_extensions.pak

Filesize
1.7MB

MD5
597e878419411cc2ce35029b9c44cb72

SHA1
7d2d43b1c87679fcb9f6818ed14bba2d0e330775

SHA256
eb3bfc21fa8561afbb5ce1298797b6b832b02d2b09dff878725a035e19b31da3

SHA512
0b6f29fe03181458f335b440115b8b364b8ce3da554682affa7c2832530d61ec42447a9a7cc85f709ecf93209981133d2c98b150e49486f3227c165f3ce4057b

Download Submit
C:\Riot Games\Riot Client\UX\chrome_elf.dll

Filesize
690KB

MD5
4bc92038a76a457a1c36499bd843aa1a

SHA1
0ec0ab717f116231ee1f120e958aa1876845ffb0

SHA256
6084e9d7bf40c57c141e99fd061671abbf82dda61e8567dab22d4b5fdbc0cc29

SHA512
2ad8b1432bd79879d92e0d64ac0a5f14f554683a123e7fb86622a5263c3844c218d14495f60b4987add2e2d425348b3b63c1c398ae7ab5c59f11f22f7ef3e768

Download Submit
C:\Riot Games\Riot Client\UX\devtools_resources.pak

Filesize
5.7MB

MD5
766eba8610853eb8c8985a3bbe44f6f3

SHA1
41e12e3783b5210735cc8a9f8e4bcf8da43c8e36

SHA256
7e9091666d5253441fe0639d01867450623a4add8fa375a31d09e9d1b0f67026

SHA512
688e5174c931fe0e3661d4a45139b5faea5460efcd30491dd9258ad5f36872ce51646eb638c837e8784785fe1806a63e5f68e796e68eab8a5ecc98b22cfd44e6

Download Submit
C:\Riot Games\Riot Client\UX\ffmpeg.dll

Filesize
1.2MB

MD5
eae2a95bb9404eda67360ebefeb32080

SHA1
a2ba1507a815c54a91f74f3f1965ff1cceb75e13

SHA256
ebdf82bf567ba506879352053d5d670b369a41cfe783f3c177010460146518d3

SHA512
f6a06c3d678195b5c9b091e89b4493cf4012f1cf1f820f2778d28236d9566ed115feacb07f237ec79a8b71ddba3453d57233c63e079a0b498ad09b561a0e472c

Download Submit
C:\Riot Games\Riot Client\UX\icudtl.dat

Filesize
9.8MB

MD5
9705ff0fa594bb28520963db19f5471f

SHA1
0ecbb9512795e2617cf48618dd050dc0f044df3f

SHA256
66f13a0329f46e2d26fb483cb497dbdf7bb6b84d85c2e7c5bc8ea096a8bb8b1a

SHA512
a06dc6b04556692c5fd363d15590d485ce2a8bf4eb7a6a55068aade31c7db0c7b6c15249e2fc037a1b94d6ace3ecd962ad2c9cff21d50c205134189fa928788e

Download Submit
C:\Riot Games\Riot Client\UX\libcef.dll

Filesize
89.2MB

MD5
481df7f01a1b3a6d028790d20f2d97bb

SHA1
2d56b5244ad233e1c9ca727b502d5c54976ba431

SHA256
dc01fa5ca5c750c8c9ac807ae10cafb6edc3ded266d116dbf488c5bd67ee96cd

SHA512
630a7931f7bf23f27580c87dbd9093e78e26a322e708faca6dd79778640e624f7816c84114be28017fb26f53f49a56bba42ecfa96be06b901d6e24a087a4ecc6

Download Submit
C:\Riot Games\Riot Client\UX\locales\en-US.pak

Filesize
180KB

MD5
dc99f78630d32819ebce696dafd26579

SHA1
34e9f3f8be6fba7e0c586cec4aa203422efe281e

SHA256
3e3d563b035609fb2e0dbc9cce32c23fceb4e69db36b9d49ef355515b425ba93

SHA512
460f6a965534f99bc5c5e294bd7571b0e4291bcd226da0c808eb4181984f279edea0325d1816c3d654b78cbd05fb3a5e233c0fb5bb8dfdbcd010ed17f6b4de9f

Download Submit
C:\Riot Games\Riot Client\UX\natives_blob.bin

Filesize
81KB

MD5
d2414b8ae71f3f827b984167054e21a1

SHA1
a1768d8f11596c7e24f702e6b7fcf6b0c45d0506

SHA256
66a747124929695fdf5b74812e15518ee7ed4e1406e53febe064c39931948449

SHA512
e575fc3673d278f7b80625d99c840cda059661b977a37ed738f36c4a260850d92efa2ee567584f58fd57d82d31fcfbf5df4b0769bdf03d796df6326476b4abac

Download Submit
C:\Riot Games\Riot Client\UX\v8_context_snapshot.bin

Filesize
595KB

MD5
4677848facecd448d4360aa079dde2e6

SHA1
d7ecafbbc6605a27b4787851725d16b0036f26b1

SHA256
adf73a975a45763e683a1287914024254e4994947805bd0e528086e93590e66e

SHA512
55c852cf0a4d276ee32c35da00543c42fa1e05ca87294368a4fe7c3b3ced602ee0f47514d355e86127f80510f68c5a51ae3a3a6983b0e717c96c721ec9b235f0

Download Submit
C:\Riot Games\Riot Client\system.yaml

Filesize
16KB

MD5
050fc31c8fcddaed084965562f5dc2b8

SHA1
285a02a573c9359c77b4c8f9e127d331a289c091

SHA256
4f073ca28aacc0bc59b6cf2dd2ec3aa091af803f53174a5d7fcff75f2e9c9edb

SHA512
013b9a32a5f3406a54ddf766e741dbb20619a800a3adb02fb31245830add87f56e0dd5f33e683b373260ff8c217c97bcb7e650c2506243121e7f19e42c0bd695

Download Submit
C:\Riot Games\Riot Client\vgrl.dll

Filesize
3.4MB

MD5
15620a9f1936c028377523116e657b82

SHA1
be2d28d85af3c0e98884b6874f4668d361caf7c4

SHA256
786499d901e9b4f7d5f5d00847fd09ee6ddfebe7ef824c53b49e569a670d6e28

SHA512
1ae0c54dd997aeb9d95a5f78be98ebf66a022545ec6e61422fd8c754030ffec0485aabf3ffa7b9ca9feb7c6f638cde94c7335d56a17d9eb9fea2c179f2326f9a

Download Submit
C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Config\RiotClientSettings.yaml

Filesize
559B

MD5
3ad9bed5774231b42b3cd082b8801dd8

SHA1
ba1ed1984d5433213ec3a29da13748cc6314e65a

SHA256
87b40e8f71d802dc547217545ead4ba37b012424b7c5528b2b599c34c0124b74

SHA512
225d82852096072cef81c5524fd6b1cb3055f6669cc244910b7534ec2c14f8615963f0e87f338b241bd4245732a67202dfee386b4a1fba8201da801b581cdba8

Download Submit
C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\Riot Client\settings.dat

Filesize
40B

MD5
05be28e00b4283c1e4f41c96fc28491c

SHA1
94e28c0aff00b571051e79410c21ea94d1c18dc4

SHA256
98f3a2d5165dcdc11295016b7eb9e2bca190d7e6e70e95ae83d8d664f36867e4

SHA512
86e7e1efa21a75becab5dad44500d0d17b2f341a2e0807eef69846e7b8df810415e40a9be9f49da165a536bcdd0e3c6e437c03795bd3c0f8fbc439d30b53d125

Download Submit
C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\RiotClientUx\69360f62-bca5-459a-c3fb-d14eaaa604d6.run\__sentry-event

Filesize
464B

MD5
ded5a9432d9b066c7d5b609aae4b87b2

SHA1
cd154fb33c8e64733bfdfcff11a0fcd41c8544b3

SHA256
d075fc13debbbdc06770d3213483e7dcf029b920bc7b5232997f7a047d4a8716

SHA512
2c581d5b3a543d00cd059406e520f9fe814c79284467daba272755960ba64293862268a138cffac8ced9d31b6970ad76cd5c2566987a1e33b24345287640f1e7

Download Submit
C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\RiotClientUx\settings.dat

Filesize
40B

MD5
77ba5c254daaf38c1d6866d05c45a689

SHA1
dc8a4ebc1e0ea2f1215f0b4f8761c558ac132b29

SHA256
dc49e89c220c587dc053352dfcfb3efb5f6eaaf1c4e26fcc039131c09e401bb7

SHA512
ec9c0d8db97290aa0a5c811f8da96e5e2404b46846ba92c84a23bcc4bbfb8da252eeefe79de5459deff68b322626f149e37b9529d69de890c866712931a1898e

Download Submit
C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Logs\Riot Client UX Logs\2023-02-14T14-25-37_1116_RiotClientUx.log

Filesize
2KB

MD5
83b90845f76dd7f0f07f385874b248f1

SHA1
4bf4386ac2d1f554afdeef1584806b36778fc52b

SHA256
996ef20cd1bc1c57138d9bdd15db1f509aaa0e822a7650985f48b772709d2f09

SHA512
8e0ef858c01079452dba31687821ff64e3d9cd830a5c42734fa1b2d3ed9f6ce6092f7ee760242bcf18a3b482d15ad94c2c1471ac97afa5834dc2acdc7702e087

Download Submit
\Riot Games\Riot Client\RiotClientCrashHandler.exe

Filesize
1.9MB

MD5
e9022af4e5cf995c2f2a9d897af560e9

SHA1
f6a0e432af5a1f87492d936afcadc0fb671b3da2

SHA256
76d2ad3dfa217321475a92b2f7ddf497d69e3c8537b216f83e512e4fa91c332f

SHA512
4c48a505f1d37b319ffdafafef4ca4ac7eab103d32088c3c1dad40b37036f9b73c454d030a3a15c4bbbe4935b583f162434eb6952bee35f3442d471b45932278

Download Submit
\Riot Games\Riot Client\RiotClientFoundation.dll

Filesize
9.8MB

MD5
fdcf7d1db07718cacac64d9c7584e91a

SHA1
ac5c6af7fd9521e01f6c8c34e9458d5918eb3fee

SHA256
2796e4a651b434336ee66442a4971d00e9378a2213511fbc258f9a3605097682

SHA512
d7bcd508648ef4d9021b86287716e53802b556d35bbf1ad713d625d209aa9a390a8f22b4cafba7626631122d73cefd9720d1df07b28edd8a8b247a02db79c122

Download Submit
\Riot Games\Riot Client\RiotClientServices.exe

Filesize
66.5MB

MD5
0db835872607eed12ed33b731ecb6adc

SHA1
a2cfff06b95c990916fd2f50c4965adc04239f6c

SHA256
8dac39abee4c0c5d21467963f120385a5be91767e14f6a02d34411fe310ef234

SHA512
afc7e7fa686f07ba164af496e025e272f8584be0a2f29d50f86d4477f11525082f9121c68551bc4d64e26c2f5ea636d3ee9ca1814a8005e934ea0fc8fc954156

Download Submit
\Riot Games\Riot Client\RiotClientServices.exe

Filesize
66.5MB

MD5
0db835872607eed12ed33b731ecb6adc

SHA1
a2cfff06b95c990916fd2f50c4965adc04239f6c

SHA256
8dac39abee4c0c5d21467963f120385a5be91767e14f6a02d34411fe310ef234

SHA512
afc7e7fa686f07ba164af496e025e272f8584be0a2f29d50f86d4477f11525082f9121c68551bc4d64e26c2f5ea636d3ee9ca1814a8005e934ea0fc8fc954156

Download Submit
\Riot Games\Riot Client\RiotClientServices.exe

Filesize
66.5MB

MD5
0db835872607eed12ed33b731ecb6adc

SHA1
a2cfff06b95c990916fd2f50c4965adc04239f6c

SHA256
8dac39abee4c0c5d21467963f120385a5be91767e14f6a02d34411fe310ef234

SHA512
afc7e7fa686f07ba164af496e025e272f8584be0a2f29d50f86d4477f11525082f9121c68551bc4d64e26c2f5ea636d3ee9ca1814a8005e934ea0fc8fc954156

Download Submit
\Riot Games\Riot Client\RiotClientServices.exe

Filesize
66.5MB

MD5
0db835872607eed12ed33b731ecb6adc

SHA1
a2cfff06b95c990916fd2f50c4965adc04239f6c

SHA256
8dac39abee4c0c5d21467963f120385a5be91767e14f6a02d34411fe310ef234

SHA512
afc7e7fa686f07ba164af496e025e272f8584be0a2f29d50f86d4477f11525082f9121c68551bc4d64e26c2f5ea636d3ee9ca1814a8005e934ea0fc8fc954156

Download Submit
\Riot Games\Riot Client\RiotClientServices.exe

Filesize
66.5MB

MD5
0db835872607eed12ed33b731ecb6adc

SHA1
a2cfff06b95c990916fd2f50c4965adc04239f6c

SHA256
8dac39abee4c0c5d21467963f120385a5be91767e14f6a02d34411fe310ef234

SHA512
afc7e7fa686f07ba164af496e025e272f8584be0a2f29d50f86d4477f11525082f9121c68551bc4d64e26c2f5ea636d3ee9ca1814a8005e934ea0fc8fc954156

Download Submit
\Riot Games\Riot Client\RiotClientServices.exe

Filesize
66.5MB

MD5
0db835872607eed12ed33b731ecb6adc

SHA1
a2cfff06b95c990916fd2f50c4965adc04239f6c

SHA256
8dac39abee4c0c5d21467963f120385a5be91767e14f6a02d34411fe310ef234

SHA512
afc7e7fa686f07ba164af496e025e272f8584be0a2f29d50f86d4477f11525082f9121c68551bc4d64e26c2f5ea636d3ee9ca1814a8005e934ea0fc8fc954156

Download Submit
\Riot Games\Riot Client\RiotClientServices.exe

Filesize
66.5MB

MD5
0db835872607eed12ed33b731ecb6adc

SHA1
a2cfff06b95c990916fd2f50c4965adc04239f6c

SHA256
8dac39abee4c0c5d21467963f120385a5be91767e14f6a02d34411fe310ef234

SHA512
afc7e7fa686f07ba164af496e025e272f8584be0a2f29d50f86d4477f11525082f9121c68551bc4d64e26c2f5ea636d3ee9ca1814a8005e934ea0fc8fc954156

Download Submit
\Riot Games\Riot Client\RiotClientServices.exe

Filesize
66.5MB

MD5
0db835872607eed12ed33b731ecb6adc

SHA1
a2cfff06b95c990916fd2f50c4965adc04239f6c

SHA256
8dac39abee4c0c5d21467963f120385a5be91767e14f6a02d34411fe310ef234

SHA512
afc7e7fa686f07ba164af496e025e272f8584be0a2f29d50f86d4477f11525082f9121c68551bc4d64e26c2f5ea636d3ee9ca1814a8005e934ea0fc8fc954156

Download Submit
\Riot Games\Riot Client\RiotGamesApi.dll

Filesize
30.8MB

MD5
68e34bb2215cc3e9032429ab40adb652

SHA1
3d6eede19b2af625d0886751b73f02fb0a4bd45f

SHA256
4c7d1c344e2d75bb6460ddf881b12809c84bf1795e7d0808bfa45fa686a454f1

SHA512
21ad6700a2a541f45fdc8409f080863a94d461d8c769df59b85ccf5e07baa1b754199f2d1af71c457561dd810be1d6d87edd933dd1b749f56580a6b37441ce37

Download Submit
\Riot Games\Riot Client\UX\RiotClientUx.exe

Filesize
5.3MB

MD5
158653e4f2c93ec090840e945095af15

SHA1
4d2b7d4c2f602ed949c09bc05d15899921da46be

SHA256
8fd11b19f0034341fa42d36c9546f9282d92052dd78b48b07f81a142448be182

SHA512
8f7d81fe94b6436f2db8319a981de0fdee15487d686180964b4699ee50d82a3d2c84889dfc969d185609012cfbc91a34609704e3ca90da9b4d3e2040784af01a

Download Submit
\Riot Games\Riot Client\UX\chrome_elf.dll

Filesize
690KB

MD5
4bc92038a76a457a1c36499bd843aa1a

SHA1
0ec0ab717f116231ee1f120e958aa1876845ffb0

SHA256
6084e9d7bf40c57c141e99fd061671abbf82dda61e8567dab22d4b5fdbc0cc29

SHA512
2ad8b1432bd79879d92e0d64ac0a5f14f554683a123e7fb86622a5263c3844c218d14495f60b4987add2e2d425348b3b63c1c398ae7ab5c59f11f22f7ef3e768

Download Submit
\Riot Games\Riot Client\UX\chrome_elf.dll

Filesize
690KB

MD5
4bc92038a76a457a1c36499bd843aa1a

SHA1
0ec0ab717f116231ee1f120e958aa1876845ffb0

SHA256
6084e9d7bf40c57c141e99fd061671abbf82dda61e8567dab22d4b5fdbc0cc29

SHA512
2ad8b1432bd79879d92e0d64ac0a5f14f554683a123e7fb86622a5263c3844c218d14495f60b4987add2e2d425348b3b63c1c398ae7ab5c59f11f22f7ef3e768

Download Submit
\Riot Games\Riot Client\UX\ffmpeg.dll

Filesize
1.2MB

MD5
eae2a95bb9404eda67360ebefeb32080

SHA1
a2ba1507a815c54a91f74f3f1965ff1cceb75e13

SHA256
ebdf82bf567ba506879352053d5d670b369a41cfe783f3c177010460146518d3

SHA512
f6a06c3d678195b5c9b091e89b4493cf4012f1cf1f820f2778d28236d9566ed115feacb07f237ec79a8b71ddba3453d57233c63e079a0b498ad09b561a0e472c

Download Submit
\Riot Games\Riot Client\UX\ffmpeg.dll

Filesize
1.2MB

MD5
eae2a95bb9404eda67360ebefeb32080

SHA1
a2ba1507a815c54a91f74f3f1965ff1cceb75e13

SHA256
ebdf82bf567ba506879352053d5d670b369a41cfe783f3c177010460146518d3

SHA512
f6a06c3d678195b5c9b091e89b4493cf4012f1cf1f820f2778d28236d9566ed115feacb07f237ec79a8b71ddba3453d57233c63e079a0b498ad09b561a0e472c

Download Submit
\Riot Games\Riot Client\UX\libcef.dll

Filesize
89.2MB

MD5
481df7f01a1b3a6d028790d20f2d97bb

SHA1
2d56b5244ad233e1c9ca727b502d5c54976ba431

SHA256
dc01fa5ca5c750c8c9ac807ae10cafb6edc3ded266d116dbf488c5bd67ee96cd

SHA512
630a7931f7bf23f27580c87dbd9093e78e26a322e708faca6dd79778640e624f7816c84114be28017fb26f53f49a56bba42ecfa96be06b901d6e24a087a4ecc6

Download Submit
\Riot Games\Riot Client\UX\libcef.dll

Filesize
89.2MB

MD5
481df7f01a1b3a6d028790d20f2d97bb

SHA1
2d56b5244ad233e1c9ca727b502d5c54976ba431

SHA256
dc01fa5ca5c750c8c9ac807ae10cafb6edc3ded266d116dbf488c5bd67ee96cd

SHA512
630a7931f7bf23f27580c87dbd9093e78e26a322e708faca6dd79778640e624f7816c84114be28017fb26f53f49a56bba42ecfa96be06b901d6e24a087a4ecc6

Download Submit
\Riot Games\Riot Client\vgrl.dll

Filesize
3.4MB

MD5
15620a9f1936c028377523116e657b82

SHA1
be2d28d85af3c0e98884b6874f4668d361caf7c4

SHA256
786499d901e9b4f7d5f5d00847fd09ee6ddfebe7ef824c53b49e569a670d6e28

SHA512
1ae0c54dd997aeb9d95a5f78be98ebf66a022545ec6e61422fd8c754030ffec0485aabf3ffa7b9ca9feb7c6f638cde94c7335d56a17d9eb9fea2c179f2326f9a

Download Submit
memory/1264-89-0x0000000071CF0000-0x00000000721F7000-memory.dmp

Filesize
5.0MB

Download
memory/1332-54-0x00000000766F1000-0x00000000766F3000-memory.dmp

Filesize
8KB

Download