ab792b2d3d017df1c0765e01e5d21eebbf604f29bdec78e682630073cc1036dd

Analysis

max time kernel
1747s
max time network
2058s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
25/12/2023, 00:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

loader (1).exe
Size

2.9MB
MD5

da9f135120717eb29471a1e55237ff60
SHA1

5115a2202f29af5b8272be527403913809cae7f9
SHA256

ab792b2d3d017df1c0765e01e5d21eebbf604f29bdec78e682630073cc1036dd
SHA512

21845e7a9ebf37b158a9331425d7edc65bb5771f122360a7129db62dbbbc249c23b6476de181cdf5e866abc4936a0306761ea96f794250caeaea008345394f57
SSDEEP

49152:neJvs1aPvkO4lhfJRboq3gSwQVGGnIO2JTAWrrBcUg0EEWk:KjB4lS3SwQ022JTAWrrBcUg0EE

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 13 IoCs

pid	Process
4888	Install League of Legends euw.exe
660	Install League of Legends euw.exe
476	RiotClientServices.exe
1640	RiotClientServices.exe
3152	RiotClientCrashHandler.exe
4000	RiotClientUx.exe
4344	RiotClientCrashHandler.exe
3804	RiotClientUxRender.exe
4644	RiotClientServices.exe
420	RiotClientUxRender.exe
868	DirectX_9_SDK_Install.exe
3508	DXSETUP.exe
2952	RiotClientUxRender.exe

Loads dropped DLL 23 IoCs

pid	Process
476	RiotClientServices.exe
476	RiotClientServices.exe
476	RiotClientServices.exe
4000	RiotClientUx.exe
4000	RiotClientUx.exe
4000	RiotClientUx.exe
3804	RiotClientUxRender.exe
3804	RiotClientUxRender.exe
3804	RiotClientUxRender.exe
3804	RiotClientUxRender.exe
3804	RiotClientUxRender.exe
3804	RiotClientUxRender.exe
420	RiotClientUxRender.exe
420	RiotClientUxRender.exe
420	RiotClientUxRender.exe
3508	DXSETUP.exe
3508	DXSETUP.exe
2952	RiotClientUxRender.exe
2952	RiotClientUxRender.exe
2952	RiotClientUxRender.exe
3508	DXSETUP.exe
3508	DXSETUP.exe
3508	DXSETUP.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-175642277-3213633112-3688900201-1000\Software\Microsoft\Windows\CurrentVersion\Run\RiotClient = "C:\\Riot Games\\Riot Client\\RiotClientServices.exe --launch-background-mode"	RiotClientServices.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 15 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\SETBA7E.tmp	DXSETUP.exe
File created	C:\Windows\SysWOW64\SETBABE.tmp	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\SETBABF.tmp	DXSETUP.exe
File created	C:\Windows\SysWOW64\SETBABF.tmp	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\D3DX9_39.dll	DXSETUP.exe
File created	C:\Windows\SysWOW64\SETBBCB.tmp	DXSETUP.exe
File created	C:\Windows\SysWOW64\SETBA7E.tmp	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\SETBABE.tmp	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\SETBBBA.tmp	DXSETUP.exe
File created	C:\Windows\SysWOW64\SETBBBA.tmp	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\XAudio2_2.dll	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\SETBBCB.tmp	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\XAPOFX1_1.dll	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\d3dx10_39.dll	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\D3DCompiler_39.dll	DXSETUP.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Logs\DirectX.log	DXSETUP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000b3208ec6c7545fa70000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000b3208ec60000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900b3208ec6000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1db3208ec6000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000b3208ec600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133479429032234898"	chrome.exe

Modifies registry class 47 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{05516190-a2c3-4596-9505-66d0e7913e44}\AppId = "{05516190-a2c3-4596-9505-66d0e7913e44}"	Install League of Legends euw.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{05516190-a2c3-4596-9505-66d0e7913e44}\AccessPermission = 0100148094000000a0000000140000003000000002001c000100000011001400040000000101000000000010001000000200640003000000000014000b000000010100000000000100000000000018000b000000010200000000000f0200000001000000000030000b000000010800000000000f0200000076c8b566b196b8807bdf0386522d4758fa9855746bd04da4099286d401010000000000050a00000001020000000000052000000021020000	Install League of Legends euw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient	Install League of Legends euw.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{05516190-a2c3-4596-9505-66d0e7913e44}\AppIdFlags = "8"	RiotClientServices.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{05516190-a2c3-4596-9505-66d0e7913e44}\LaunchPermission = 0100148094000000a0000000140000003000000002001c000100000011001400040000000101000000000010001000000200640003000000000014000b000000010100000000000100000000000018000b000000010200000000000f0200000001000000000030000b000000010800000000000f0200000076c8b566b196b8807bdf0386522d4758fa9855746bd04da4099286d401010000000000050a00000001020000000000052000000021020000	RiotClientServices.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-175642277-3213633112-3688900201-1000\{53874770-9681-4B3A-9FE4-7F7E0EEE5757}	RiotClientUxRender.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{629cf0de-3ecc-41e7-9926-f7e43eebec51}\ = "AudioReverb"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{05516190-a2c3-4596-9505-66d0e7913e44}\RunAs = "Interactive User"	RiotClientServices.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{05516190-a2c3-4596-9505-66d0e7913e44}\AccessPermission = 0100148094000000a0000000140000003000000002001c000100000011001400040000000101000000000010001000000200640003000000000014000b000000010100000000000100000000000018000b000000010200000000000f0200000001000000000030000b000000010800000000000f0200000076c8b566b196b8807bdf0386522d4758fa9855746bd04da4099286d401010000000000050a00000001020000000000052000000021020000	RiotClientServices.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{b802058a-464a-42db-bc10-b650d6f2586a}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_2.dll"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{05516190-a2c3-4596-9505-66d0e7913e44}\ = "ExtServer"	Install League of Legends euw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient\URL Protocol	Install League of Legends euw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient\shell\open\command\ = "\"C:\\Riot Games\\Riot Client\\RiotClientServices.exe\" --app-command=\"%1\""	Install League of Legends euw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{05516190-a2c3-4596-9505-66d0e7913e44}\ = "ExtServer"	RiotClientServices.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{f5ca7b34-8055-42c0-b836-216129eb7e30}\ = "AudioVolumeMeter"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{629cf0de-3ecc-41e7-9926-f7e43eebec51}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_2.dll"	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{05516190-a2c3-4596-9505-66d0e7913e44}\LocalServer32	Install League of Legends euw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient\ = "URL:Riot Games Protocol"	Install League of Legends euw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient\shell\open	Install League of Legends euw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{05516190-a2c3-4596-9505-66d0e7913e44}\AppId = "{05516190-a2c3-4596-9505-66d0e7913e44}"	RiotClientServices.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{05516190-a2c3-4596-9505-66d0e7913e44}	RiotClientServices.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{b802058a-464a-42db-bc10-b650d6f2586a}\InProcServer32\ThreadingModel = "Both"	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{629cf0de-3ecc-41e7-9926-f7e43eebec51}\InProcServer32	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{05516190-a2c3-4596-9505-66d0e7913e44}\LocalServer32\ = "\"C:/Riot Games/Riot Client/RiotClientServices.exe\" --launch-background-mode"	Install League of Legends euw.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{05516190-a2c3-4596-9505-66d0e7913e44}\AppIdFlags = "8"	Install League of Legends euw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient\DefaultIcon	Install League of Legends euw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{05516190-a2c3-4596-9505-66d0e7913e44}	RiotClientServices.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{05516190-a2c3-4596-9505-66d0e7913e44}\LocalServer32	RiotClientServices.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{b802058a-464a-42db-bc10-b650d6f2586a}	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{b802058a-464a-42db-bc10-b650d6f2586a}\ = "XAudio2"	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{b802058a-464a-42db-bc10-b650d6f2586a}\InProcServer32	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{05516190-a2c3-4596-9505-66d0e7913e44}\ = "ExtServer"	Install League of Legends euw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{05516190-a2c3-4596-9505-66d0e7913e44}\ = "ExtServer"	RiotClientServices.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{f5ca7b34-8055-42c0-b836-216129eb7e30}	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{f5ca7b34-8055-42c0-b836-216129eb7e30}\InProcServer32	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{629cf0de-3ecc-41e7-9926-f7e43eebec51}	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{05516190-a2c3-4596-9505-66d0e7913e44}\RunAs = "Interactive User"	Install League of Legends euw.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{05516190-a2c3-4596-9505-66d0e7913e44}\LaunchPermission = 0100148094000000a0000000140000003000000002001c000100000011001400040000000101000000000010001000000200640003000000000014000b000000010100000000000100000000000018000b000000010200000000000f0200000001000000000030000b000000010800000000000f0200000076c8b566b196b8807bdf0386522d4758fa9855746bd04da4099286d401010000000000050a00000001020000000000052000000021020000	Install League of Legends euw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{05516190-a2c3-4596-9505-66d0e7913e44}\LocalServer32\ = "\"C:/Riot Games/Riot Client/RiotClientServices.exe\" --launch-background-mode"	RiotClientServices.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{f5ca7b34-8055-42c0-b836-216129eb7e30}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_2.dll"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{f5ca7b34-8055-42c0-b836-216129eb7e30}\InProcServer32\ThreadingModel = "Both"	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{05516190-a2c3-4596-9505-66d0e7913e44}	Install League of Legends euw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{05516190-a2c3-4596-9505-66d0e7913e44}	Install League of Legends euw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient\DefaultIcon\ = "\"C:\\Riot Games\\Riot Client\\RiotClientServices.exe\",0"	Install League of Legends euw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient\shell\open\command	Install League of Legends euw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\riotclient\shell	Install League of Legends euw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{629cf0de-3ecc-41e7-9926-f7e43eebec51}\InProcServer32\ThreadingModel = "Both"	DXSETUP.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	RiotClientUx.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	RiotClientUx.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	RiotClientUx.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3312	chrome.exe
3312	chrome.exe
3776	chrome.exe
3776	chrome.exe
476	RiotClientServices.exe
476	RiotClientServices.exe
476	RiotClientServices.exe
476	RiotClientServices.exe
3804	RiotClientUxRender.exe
3804	RiotClientUxRender.exe
420	RiotClientUxRender.exe
420	RiotClientUxRender.exe
476	RiotClientServices.exe
476	RiotClientServices.exe
2952	RiotClientUxRender.exe
2952	RiotClientUxRender.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4000	RiotClientUx.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe
Token: SeShutdownPrivilege	3312	chrome.exe
Token: SeCreatePagefilePrivilege	3312	chrome.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
476	RiotClientServices.exe

Suspicious use of SendNotifyMessage 13 IoCs

pid	Process
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
3312	chrome.exe
476	RiotClientServices.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4000	RiotClientUx.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3312 wrote to memory of 3768	3312	chrome.exe	94
PID 3312 wrote to memory of 3768	3312	chrome.exe	94
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 1336	3312	chrome.exe	96
PID 3312 wrote to memory of 2340	3312	chrome.exe	97
PID 3312 wrote to memory of 2340	3312	chrome.exe	97
PID 3312 wrote to memory of 2872	3312	chrome.exe	98
PID 3312 wrote to memory of 2872	3312	chrome.exe	98
PID 3312 wrote to memory of 2872	3312	chrome.exe	98
PID 3312 wrote to memory of 2872	3312	chrome.exe	98
PID 3312 wrote to memory of 2872	3312	chrome.exe	98
PID 3312 wrote to memory of 2872	3312	chrome.exe	98
PID 3312 wrote to memory of 2872	3312	chrome.exe	98
PID 3312 wrote to memory of 2872	3312	chrome.exe	98
PID 3312 wrote to memory of 2872	3312	chrome.exe	98
PID 3312 wrote to memory of 2872	3312	chrome.exe	98
PID 3312 wrote to memory of 2872	3312	chrome.exe	98
PID 3312 wrote to memory of 2872	3312	chrome.exe	98
PID 3312 wrote to memory of 2872	3312	chrome.exe	98
PID 3312 wrote to memory of 2872	3312	chrome.exe	98
PID 3312 wrote to memory of 2872	3312	chrome.exe	98
PID 3312 wrote to memory of 2872	3312	chrome.exe	98
PID 3312 wrote to memory of 2872	3312	chrome.exe	98
PID 3312 wrote to memory of 2872	3312	chrome.exe	98
PID 3312 wrote to memory of 2872	3312	chrome.exe	98
PID 3312 wrote to memory of 2872	3312	chrome.exe	98
PID 3312 wrote to memory of 2872	3312	chrome.exe	98
PID 3312 wrote to memory of 2872	3312	chrome.exe	98

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\loader (1).exe
"C:\Users\Admin\AppData\Local\Temp\loader (1).exe"
1⤵
PID:5096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xe8,0x104,0x108,0x8c,0x10c,0x7ffb1d849758,0x7ffb1d849768,0x7ffb1d849778
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:2
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:1
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4492 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:8
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4800 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4668 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4944 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5092 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5392 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3860 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5212 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3648 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5928 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5964 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6036 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2104 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5588 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:1
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6088 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4956 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:1
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5864 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:8
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4956 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5712 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=228 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6372 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:8
  2⤵
  PID:480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6384 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:8
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6792 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6716 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:8
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3948 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:8
  2⤵
  PID:1340
- C:\Users\Admin\Downloads\Install League of Legends euw.exe
  "C:\Users\Admin\Downloads\Install League of Legends euw.exe"
  2⤵
  - Executes dropped EXE
  PID:4888
- - C:\Users\Admin\Downloads\Install League of Legends euw.exe
    "C:\Users\Admin\Downloads\Install League of Legends euw.exe" --agent --riotclient-app-port=50395 --riotclient-auth-token=7UgAFVZECk7Usbi0uNdERg --app-root=C:/Users/Admin/Downloads "--data-root=C:/ProgramData/Riot Games/Metadata" "--update-root=C:/ProgramData/Riot Games/Metadata/Install League of Legends euw/Update" "--log-root=C:/Users/Admin/AppData/Local/Riot Games/Install League of Legends euw/Logs" "--user-data-root=C:/Users/Admin/AppData/Local/Riot Games/Install League of Legends euw" --session-id=a5497347-2ca5-974b-a7a3-39bb0f43c92d
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    PID:660
- - C:\Riot Games\Riot Client\RiotClientServices.exe
    "C:/Riot Games/Riot Client/RiotClientServices.exe" --launch-product=league_of_legends --launch-patchline=live --force-auto-patch --region=EUW --locale=en_GB --session-id=a5497347-2ca5-974b-a7a3-39bb0f43c92d --install-flow
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:476
  - - C:\Riot Games\Riot Client\RiotClientServices.exe
      "C:\Riot Games\Riot Client\RiotClientServices.exe" --agent --riotclient-app-port=50724 --riotclient-auth-token=1VLNXuWPF2PNHTIPftP45Q "--app-root=C:/Riot Games/Riot Client" "--data-root=C:/ProgramData/Riot Games/Metadata" "--update-root=C:/ProgramData/Riot Games/Metadata/Riot Client/Update" "--log-root=C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs" "--user-data-root=C:/Users/Admin/AppData/Local/Riot Games/Riot Client" --session-id=a5497347-2ca5-974b-a7a3-39bb0f43c92d
      4⤵
      Executes dropped EXE
      Modifies registry class
      PID:1640
  - - C:\Riot Games\Riot Client\RiotClientCrashHandler.exe
      "C:\Riot Games\Riot Client\RiotClientCrashHandler.exe" --no-rate-limit "--attachment=2023-12-25T01-59-26_476_Riot_Client.0.log=C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs/Riot Client Logs/2023-12-25T01-59-26_476_Riot Client.0.log" "--attachment=2023-12-25T01-59-26_476_Riot_Client.log=C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs/Riot Client Logs/2023-12-25T01-59-26_476_Riot Client.log" "--attachment=__sentry-breadcrumb1=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\Riot Client\786c7fa4-852c-4c65-92de-04aa89e720c2.run\__sentry-breadcrumb1" "--attachment=__sentry-breadcrumb2=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\Riot Client\786c7fa4-852c-4c65-92de-04aa89e720c2.run\__sentry-breadcrumb2" "--attachment=__sentry-event=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\Riot Client\786c7fa4-852c-4c65-92de-04aa89e720c2.run\__sentry-event" "--database=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\Riot Client" "--metrics-dir=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\Riot Client" --url=https://sentry.io:443/api/1339107/minidump/?sentry_key=dc54709324504ab18ddf517a83f99e1a --initial-client-data=0x3c4,0x3b0,0x430,0x3a8,0x3ac,0x747800c8,0x747800d8,0x747800e8
      4⤵
      Executes dropped EXE
      PID:3152
  - - C:\Riot Games\Riot Client\UX\RiotClientUx.exe
      "C:/Riot Games/Riot Client/UX/RiotClientUx.exe" --app-port=50770 --remoting-auth-token=APFQQ_TnsrbpCNzlon92xg --app-pid=476 "--log-dir=C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs" "--user-data-root=C:/Users/Admin/AppData/Local/Riot Games/Riot Client" "--app-root=C:/Riot Games/Riot Client" --crashpad-environment=KeystoneFoundationLiveWin
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies system certificate store
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      PID:4000
    - - C:\Riot Games\Riot Client\RiotClientCrashHandler.exe
        
        "C:\Riot Games\Riot Client\RiotClientCrashHandler.exe" --no-rate-limit "--attachment=2023-12-25T01-59-30_4000_RiotClientUx.0.log=C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs/Riot Client UX Logs/2023-12-25T01-59-30_4000_RiotClientUx.0.log" "--attachment=2023-12-25T01-59-30_4000_RiotClientUx.log=C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs/Riot Client UX Logs/2023-12-25T01-59-30_4000_RiotClientUx.log" "--attachment=__sentry-breadcrumb1=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\RiotClientUx\0042d45b-f0e9-4109-2e5c-61bf13cc98e2.run\__sentry-breadcrumb1" "--attachment=__sentry-breadcrumb2=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\RiotClientUx\0042d45b-f0e9-4109-2e5c-61bf13cc98e2.run\__sentry-breadcrumb2" "--attachment=__sentry-event=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\RiotClientUx\0042d45b-f0e9-4109-2e5c-61bf13cc98e2.run\__sentry-event" "--database=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\RiotClientUx" "--metrics-dir=C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\RiotClientUx" --url=https://sentry.io:443/api/1339107/minidump/?sentry_key=dc54709324504ab18ddf517a83f99e1a --initial-client-data=0x384,0x388,0x38c,0x360,0x390,0x93e0c0,0x93e0d0,0x93e0e0
        5⤵
        Executes dropped EXE
        
        PID:4344
    - - C:\Riot Games\Riot Client\UX\RiotClientUxRender.exe
        
        "C:\Riot Games\Riot Client\UX\RiotClientUxRender.exe" --type=gpu-process --field-trial-handle=1488,6296274929102420806,11749819955416126633,131072 --disable-features=HardwareMediaKeyHandling,NetworkService --no-sandbox --log-file="C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs/Riot Client UX Logs/debug.log" --product-version="RiotClient/77.0.1 (CEF 74)" --lang=en-US --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --log-file="C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs/Riot Client UX Logs/debug.log" --service-request-channel-token=6867232172158766662 --mojo-platform-channel-handle=1508 /prefetch:2 --app-name=RiotClient --ux-name=RiotClientUx --ux-helper-name=RiotClientUxHelper --log-dir="C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs/Riot Client UX Logs/" --app-port=50770 --crashpad-environment=KeystoneFoundationLiveWin --user-data-root="C:/Users/Admin/AppData/Local/Riot Games/Riot Client" --app-root="C:/Riot Games/Riot Client"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:3804
    - - C:\Riot Games\Riot Client\UX\RiotClientUxRender.exe
        
        "C:\Riot Games\Riot Client\UX\RiotClientUxRender.exe" --type=renderer --no-sandbox --autoplay-policy=no-user-gesture-required --enable-experimental-web-platform-features --force-device-scale-factor=1 --log-file="C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs/Riot Client UX Logs/debug.log" --field-trial-handle=1488,6296274929102420806,11749819955416126633,131072 --disable-features=HardwareMediaKeyHandling,NetworkService --lang=en-US --log-file="C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs/Riot Client UX Logs/debug.log" --product-version="RiotClient/77.0.1 (CEF 74)" --disable-extensions --disable-spell-checking --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=15605882492688540155 --renderer-client-id=3 --mojo-platform-channel-handle=2236 /prefetch:1 --app-name=RiotClient --ux-name=RiotClientUx --ux-helper-name=RiotClientUxHelper --log-dir="C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs/Riot Client UX Logs/" --app-port=50770 --crashpad-environment=KeystoneFoundationLiveWin --user-data-root="C:/Users/Admin/AppData/Local/Riot Games/Riot Client" --app-root="C:/Riot Games/Riot Client"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:420
    - - C:\Riot Games\Riot Client\UX\RiotClientUxRender.exe
        
        "C:\Riot Games\Riot Client\UX\RiotClientUxRender.exe" --type=gpu-process --field-trial-handle=1488,6296274929102420806,11749819955416126633,131072 --disable-features=HardwareMediaKeyHandling,NetworkService --disable-gpu-sandbox --use-gl=disabled --no-sandbox --log-file="C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs/Riot Client UX Logs/debug.log" --product-version="RiotClient/77.0.1 (CEF 74)" --lang=en-US --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --log-file="C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs/Riot Client UX Logs/debug.log" --service-request-channel-token=12685060904719499101 --mojo-platform-channel-handle=3264 /prefetch:2 --app-name=RiotClient --ux-name=RiotClientUx --ux-helper-name=RiotClientUxHelper --log-dir="C:/Users/Admin/AppData/Local/Riot Games/Riot Client/Logs/Riot Client UX Logs/" --app-port=50770 --crashpad-environment=KeystoneFoundationLiveWin --user-data-root="C:/Users/Admin/AppData/Local/Riot Games/Riot Client" --app-root="C:/Riot Games/Riot Client"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2952
  - - C:\Riot Games\Riot Client\RiotClientServices.exe
      "C:\Riot Games\Riot Client\RiotClientServices.exe" --agent --riotclient-app-port=50770 --riotclient-auth-token=XWflQCt6Fd3jgf88ooDdOw
      4⤵
      Executes dropped EXE
      PID:4644
    - - C:\ProgramData\Riot Games\Metadata\Direct X 9\DirectX_9_SDK_Install.exe
        
        "C:/ProgramData/Riot Games/Metadata/Direct X 9/DirectX_9_SDK_Install.exe" /silent
        5⤵
        Executes dropped EXE
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DXSETUP.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DXSETUP.exe" /silent
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Drops file in Windows directory
        Modifies registry class
        
        PID:3508
  - - C:\Riot Games\League of Legends\LeagueClient.exe
      "C:/Riot Games/League of Legends/LeagueClient.exe" --riotclient-auth-token=PaG3vKbIiShTT6pxRlWDng --riotclient-app-port=50770 --no-rads --disable-self-update --region=EUW --locale=en_GB --riotgamesapi-standalone --riotgamesapi-settings=eyJjbGllbnQtY29uZmlnIjp7InVybCI6Imh0dHBzOi8vY2xpZW50Y29uZmlnLnJwZy5yaW90Z2FtZXMuY29tIn0sImRlZmF1bHRfcmVnaW9uIjoiRVVXIiwiZ2xvYmFscyI6eyJzZXNzaW9uLWlkIjoiYTU0OTczNDctMmNhNS05NzRiLWE3YTMtMzliYjBmNDNjOTJkIn0sInBhdGNobGluZV9pZCI6ImxpdmUiLCJwcm9kdWN0LWludGVncmF0aW9uIjp7ImFwcC11cGRhdGUtc3RhdHVzIjoiQzovUHJvZ3JhbURhdGEvUmlvdCBHYW1lcy9NZXRhZGF0YS9sZWFndWVfb2ZfbGVnZW5kcy5saXZlL2xlYWd1ZV9vZl9sZWdlbmRzLmxpdmUudXBkYXRlLXN0YXR1cy5qc29uIiwiaGVhcnRiZWF0IjoiQzovVXNlcnMvQWRtaW4vQXBwRGF0YS9Mb2NhbC9SaW90IEdhbWVzL1Jpb3QgQ2xpZW50L0RhdGEvU2Vzc2lvbnMvYTU0OTczNDctMmNhNS05NzRiLWE3YTMtMzliYjBmNDNjOTJkL1BhRzN2S2JJaVNoVFQ2cHhSbFdEbmcuaGVhcnRiZWF0Lmpzb24iLCJsb2NrZmlsZSI6IkM6L1Byb2dyYW1EYXRhL1Jpb3QgR2FtZXMvTWV0YWRhdGEvbGVhZ3VlX29mX2xlZ2VuZHMubGl2ZS9sZWFndWVfb2ZfbGVnZW5kcy5saXZlLmxvY2tmaWxlIiwic2V0dGluZ3MiOiJDOi9Qcm9ncmFtRGF0YS9SaW90IEdhbWVzL01ldGFkYXRhL2xlYWd1ZV9vZl9sZWdlbmRzLmxpdmUvbGVhZ3VlX29mX2xlZ2VuZHMubGl2ZS5wcm9kdWN0X3NldHRpbmdzLnlhbWwifSwicHJvZHVjdF9pZCI6ImxlYWd1ZV9vZl9sZWdlbmRzIiwicHVibGlzaGVyIjoicmlvdCIsInJlZ2lvbl9kYXRhIjp7IkVVVyI6eyJhdmFpbGFibGVfbG9jYWxlcyI6WyJjc19DWiIsImRlX0RFIiwiZWxfR1IiLCJlbl9BVSIsImVuX0dCIiwiZW5fUEgiLCJlbl9TRyIsImVuX1VTIiwiZXNfQVIiLCJlc19FUyIsImVzX01YIiwiZnJfRlIiLCJodV9IVSIsIml0X0lUIiwiamFfSlAiLCJrb19LUiIsInBsX1BMIiwicHRfQlIiLCJyb19STyIsInJ1X1JVIiwidGhfVEgiLCJ0cl9UUiIsInZpX1ZOIiwiemhfTVkiLCJ6aF9UVyJdLCJkZWZhdWx0X2xvY2FsZSI6ImVuX1VTIiwicnNvIjp7ImNsaWVudCI6ImxvbCJ9fX0sInJpb3RjbGllbnQiOnsiYXBwLXBvcnQiOiI1MDc3MCIsImF1dGgtdG9rZW4iOiJQYUczdktiSWlTaFRUNnB4UmxXRG5nIn0sInJpb3RnYW1lc2FwaSI6eyJwZXJzaXN0ZW5jZS1wYXRoIjoiQzovVXNlcnMvQWRtaW4vQXBwRGF0YS9Mb2NhbC9SaW90IEdhbWVzL0xlYWd1ZSBvZiBMZWdlbmRzIn0sInJzb19hdXRoIjp7ImF1dGhvcml6YXRpb24ta2V5IjoiZXcwS0lDQWdJQ0pqYjJSbElqb2dJbHBYVFhoUGFrSktZak5vZUdKR1pGbFZWbWN6VEZSV1ZXTlhXbHBOYTJONFZWWkZkVkpYZUdsV1NFNHhWREpTTTFONlpFUlhSWGg0WVZjNU5XUkdVbFJhZHowOUlpd05DaUFnSUNBaVkyOWtaVjkyWlhKcFptbGxjaUk2SUNKUFNWUTNkM3BKTUhKWFZsbzFWeTFsY0V4blpVb3liRXBDZVRSbldUbG9ORUpLTUVWM09XOXRkbXcwZUVKTUxVRTRWRmhoVmsxTE1HczJhREZIU1V0VlQxbFRaM3BDVlZob1YwdDZWM1ZHVVVwNGVsaDZRU0lOQ24wPSJ9fQ== --rga-lite
      4⤵
      PID:1100
    - - C:\Riot Games\League of Legends\LeagueClientUx.exe
        
        "C:/Riot Games/League of Legends/LeagueClientUx.exe" "--riotclient-auth-token=PaG3vKbIiShTT6pxRlWDng" "--riotclient-app-port=50770" "--no-rads" "--disable-self-update" "--region=EUW" "--locale=en_GB" "--riotgamesapi-standalone" "--riotgamesapi-settings=eyJjbGllbnQtY29uZmlnIjp7InVybCI6Imh0dHBzOi8vY2xpZW50Y29uZmlnLnJwZy5yaW90Z2FtZXMuY29tIn0sImRlZmF1bHRfcmVnaW9uIjoiRVVXIiwiZ2xvYmFscyI6eyJzZXNzaW9uLWlkIjoiYTU0OTczNDctMmNhNS05NzRiLWE3YTMtMzliYjBmNDNjOTJkIn0sInBhdGNobGluZV9pZCI6ImxpdmUiLCJwcm9kdWN0LWludGVncmF0aW9uIjp7ImFwcC11cGRhdGUtc3RhdHVzIjoiQzovUHJvZ3JhbURhdGEvUmlvdCBHYW1lcy9NZXRhZGF0YS9sZWFndWVfb2ZfbGVnZW5kcy5saXZlL2xlYWd1ZV9vZl9sZWdlbmRzLmxpdmUudXBkYXRlLXN0YXR1cy5qc29uIiwiaGVhcnRiZWF0IjoiQzovVXNlcnMvQWRtaW4vQXBwRGF0YS9Mb2NhbC9SaW90IEdhbWVzL1Jpb3QgQ2xpZW50L0RhdGEvU2Vzc2lvbnMvYTU0OTczNDctMmNhNS05NzRiLWE3YTMtMzliYjBmNDNjOTJkL1BhRzN2S2JJaVNoVFQ2cHhSbFdEbmcuaGVhcnRiZWF0Lmpzb24iLCJsb2NrZmlsZSI6IkM6L1Byb2dyYW1EYXRhL1Jpb3QgR2FtZXMvTWV0YWRhdGEvbGVhZ3VlX29mX2xlZ2VuZHMubGl2ZS9sZWFndWVfb2ZfbGVnZW5kcy5saXZlLmxvY2tmaWxlIiwic2V0dGluZ3MiOiJDOi9Qcm9ncmFtRGF0YS9SaW90IEdhbWVzL01ldGFkYXRhL2xlYWd1ZV9vZl9sZWdlbmRzLmxpdmUvbGVhZ3VlX29mX2xlZ2VuZHMubGl2ZS5wcm9kdWN0X3NldHRpbmdzLnlhbWwifSwicHJvZHVjdF9pZCI6ImxlYWd1ZV9vZl9sZWdlbmRzIiwicHVibGlzaGVyIjoicmlvdCIsInJlZ2lvbl9kYXRhIjp7IkVVVyI6eyJhdmFpbGFibGVfbG9jYWxlcyI6WyJjc19DWiIsImRlX0RFIiwiZWxfR1IiLCJlbl9BVSIsImVuX0dCIiwiZW5fUEgiLCJlbl9TRyIsImVuX1VTIiwiZXNfQVIiLCJlc19FUyIsImVzX01YIiwiZnJfRlIiLCJodV9IVSIsIml0X0lUIiwiamFfSlAiLCJrb19LUiIsInBsX1BMIiwicHRfQlIiLCJyb19STyIsInJ1X1JVIiwidGhfVEgiLCJ0cl9UUiIsInZpX1ZOIiwiemhfTVkiLCJ6aF9UVyJdLCJkZWZhdWx0X2xvY2FsZSI6ImVuX1VTIiwicnNvIjp7ImNsaWVudCI6ImxvbCJ9fX0sInJpb3RjbGllbnQiOnsiYXBwLXBvcnQiOiI1MDc3MCIsImF1dGgtdG9rZW4iOiJQYUczdktiSWlTaFRUNnB4UmxXRG5nIn0sInJpb3RnYW1lc2FwaSI6eyJwZXJzaXN0ZW5jZS1wYXRoIjoiQzovVXNlcnMvQWRtaW4vQXBwRGF0YS9Mb2NhbC9SaW90IEdhbWVzL0xlYWd1ZSBvZiBMZWdlbmRzIn0sInJzb19hdXRoIjp7ImF1dGhvcml6YXRpb24ta2V5IjoiZXcwS0lDQWdJQ0pqYjJSbElqb2dJbHBYVFhoUGFrSktZak5vZUdKR1pGbFZWbWN6VEZSV1ZXTlhXbHBOYTJONFZWWkZkVkpYZUdsV1NFNHhWREpTTTFONlpFUlhSWGg0WVZjNU5XUkdVbFJhZHowOUlpd05DaUFnSUNBaVkyOWtaVjkyWlhKcFptbGxjaUk2SUNKUFNWUTNkM3BKTUhKWFZsbzFWeTFsY0V4blpVb3liRXBDZVRSbldUbG9ORUpLTUVWM09XOXRkbXcwZUVKTUxVRTRWRmhoVmsxTE1HczJhREZIU1V0VlQxbFRaM3BDVlZob1YwdDZWM1ZHVVVwNGVsaDZRU0lOQ24wPSJ9fQ==" "--rga-lite" "--remoting-auth-token=tCAWqxgws471EfIxjyFobA" "--respawn-command=LeagueClient.exe" "--respawn-display-name=League of Legends" "--app-port=57933" "--install-directory=C:\Riot Games\League of Legends" "--app-name=LeagueClient" "--ux-name=LeagueClientUx" "--ux-helper-name=LeagueClientUxHelper" "--log-dir=LeagueClient Logs" "--crash-reporting=" "--crash-environment=EUW1" "--app-log-file-path=C:/Riot Games/League of Legends/Logs/LeagueClient Logs/2023-12-25T02-09-58_1100_LeagueClient.log" "--app-pid=1100" "--output-base-dir=C:\Riot Games\League of Legends" "--no-proxy-server" "--ignore-certificate-errors"
        5⤵
        
        PID:3156
      - C:\Riot Games\League of Legends\LeagueClientUxRender.exe
        
        "C:\Riot Games\League of Legends\LeagueClientUxRender.exe" --type=gpu-process --field-trial-handle=1556,14619289893623861134,5029820550611701465,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,SameSiteByDefaultCookies --no-sandbox --log-file="C:\Riot Games\League of Legends\debug.log" --user-agent-product="LeagueOfLegendsClient/13.24.547.5912 (CEF 91)" --lang=en-US --gpu-preferences=SAAAAAAAAADgACgwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --log-file="C:\Riot Games\League of Legends\debug.log" --mojo-platform-channel-handle=1560 /prefetch:2 --app-name=LeagueClient --ux-name=LeagueClientUx --ux-helper-name=LeagueClientUxHelper --log-dir="LeagueClient Logs" --app-port=57933 --output-base-dir="C:\Riot Games\League of Legends" --crash-reporting --crash-environment=EUW1 --app-log-file-path="C:/Riot Games/League of Legends/Logs/LeagueClient Logs/2023-12-25T02-09-58_1100_LeagueClient.log" --primary-ux-log-file-path="C:/Riot Games/League of Legends/Logs/LeagueClient Logs/2023-12-25T02-10-00_3156_LeagueClientUx.log"
        6⤵
        
        PID:5680
        
        C:\Riot Games\League of Legends\LeagueCrashHandler64.exe
        
        "C:\Riot Games\League of Legends\LeagueCrashHandler64.exe" "--database=C:/Users/Admin/AppData/Local/Riot Games/League of Legends/LeagueClientUxHelper/Crashes" "--metrics-dir=C:/Users/Admin/AppData/Local/Riot Games/League of Legends/LeagueClientUxHelper/Crashes" --url=https://sentry.io/api/1442968/minidump/?sentry_key=819c51f9b27f4f4b8cf6811c04fda544 --initial-client-data=0x320,0x324,0x344,0x32c,0x340,0x7ff76a984208,0x7ff76a984220,0x7ff76a984238
        7⤵
        
        PID:2728
      - C:\Riot Games\League of Legends\LeagueClientUxRender.exe
        
        "C:\Riot Games\League of Legends\LeagueClientUxRender.exe" --type=renderer --no-sandbox --autoplay-policy=no-user-gesture-required --force-device-scale-factor=1 --log-file="C:\Riot Games\League of Legends\debug.log" --field-trial-handle=1556,14619289893623861134,5029820550611701465,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,SameSiteByDefaultCookies --lang=en-US --log-file="C:\Riot Games\League of Legends\debug.log" --user-agent-product="LeagueOfLegendsClient/13.24.547.5912 (CEF 91)" --disable-extensions --disable-spell-checking --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2380 /prefetch:1 --app-name=LeagueClient --ux-name=LeagueClientUx --ux-helper-name=LeagueClientUxHelper --log-dir="LeagueClient Logs" --app-port=57933 --output-base-dir="C:\Riot Games\League of Legends" --crash-reporting --crash-environment=EUW1 --app-log-file-path="C:/Riot Games/League of Legends/Logs/LeagueClient Logs/2023-12-25T02-09-58_1100_LeagueClient.log" --primary-ux-log-file-path="C:/Riot Games/League of Legends/Logs/LeagueClient Logs/2023-12-25T02-10-00_3156_LeagueClientUx.log"
        6⤵
        
        PID:1292
        
        C:\Riot Games\League of Legends\LeagueCrashHandler64.exe
        
        "C:\Riot Games\League of Legends\LeagueCrashHandler64.exe" "--database=C:/Users/Admin/AppData/Local/Riot Games/League of Legends/LeagueClientUxHelper/Crashes" "--metrics-dir=C:/Users/Admin/AppData/Local/Riot Games/League of Legends/LeagueClientUxHelper/Crashes" --url=https://sentry.io/api/1442968/minidump/?sentry_key=819c51f9b27f4f4b8cf6811c04fda544 --initial-client-data=0x334,0x33c,0x330,0x338,0x340,0x7ff76a984208,0x7ff76a984220,0x7ff76a984238
        7⤵
        
        PID:1640
      - C:\Riot Games\League of Legends\LeagueClientUxRender.exe
        
        "C:\Riot Games\League of Legends\LeagueClientUxRender.exe" --type=renderer --no-sandbox --autoplay-policy=no-user-gesture-required --force-device-scale-factor=1 --log-file="C:\Riot Games\League of Legends\debug.log" --field-trial-handle=1556,14619289893623861134,5029820550611701465,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,SameSiteByDefaultCookies --lang=en-US --log-file="C:\Riot Games\League of Legends\debug.log" --user-agent-product="LeagueOfLegendsClient/13.24.547.5912 (CEF 91)" --disable-extensions --disable-spell-checking --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2372 /prefetch:1 --app-name=LeagueClient --ux-name=LeagueClientUx --ux-helper-name=LeagueClientUxHelper --log-dir="LeagueClient Logs" --app-port=57933 --output-base-dir="C:\Riot Games\League of Legends" --crash-reporting --crash-environment=EUW1 --app-log-file-path="C:/Riot Games/League of Legends/Logs/LeagueClient Logs/2023-12-25T02-09-58_1100_LeagueClient.log" --primary-ux-log-file-path="C:/Riot Games/League of Legends/Logs/LeagueClient Logs/2023-12-25T02-10-00_3156_LeagueClientUx.log"
        6⤵
        
        PID:4692
      - C:\Riot Games\League of Legends\LeagueClientUxRender.exe
        
        "C:\Riot Games\League of Legends\LeagueClientUxRender.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1556,14619289893623861134,5029820550611701465,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,SameSiteByDefaultCookies --lang=en-US --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --log-file="C:\Riot Games\League of Legends\debug.log" --user-agent-product="LeagueOfLegendsClient/13.24.547.5912 (CEF 91)" --lang=en-US --log-file="C:\Riot Games\League of Legends\debug.log" --mojo-platform-channel-handle=2104 /prefetch:8 --app-name=LeagueClient --ux-name=LeagueClientUx --ux-helper-name=LeagueClientUxHelper --log-dir="LeagueClient Logs" --app-port=57933 --output-base-dir="C:\Riot Games\League of Legends" --crash-reporting --crash-environment=EUW1 --app-log-file-path="C:/Riot Games/League of Legends/Logs/LeagueClient Logs/2023-12-25T02-09-58_1100_LeagueClient.log" --primary-ux-log-file-path="C:/Riot Games/League of Legends/Logs/LeagueClient Logs/2023-12-25T02-10-00_3156_LeagueClientUx.log"
        6⤵
        
        PID:3276
      - C:\Riot Games\League of Legends\LeagueClientUxRender.exe
        
        "C:\Riot Games\League of Legends\LeagueClientUxRender.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1556,14619289893623861134,5029820550611701465,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,SameSiteByDefaultCookies --lang=en-US --service-sandbox-type=audio --no-sandbox --ignore-certificate-errors --ignore-certificate-errors --log-file="C:\Riot Games\League of Legends\debug.log" --user-agent-product="LeagueOfLegendsClient/13.24.547.5912 (CEF 91)" --lang=en-US --log-file="C:\Riot Games\League of Legends\debug.log" --mojo-platform-channel-handle=3000 /prefetch:8 --app-name=LeagueClient --ux-name=LeagueClientUx --ux-helper-name=LeagueClientUxHelper --log-dir="LeagueClient Logs" --app-port=57933 --output-base-dir="C:\Riot Games\League of Legends" --crash-reporting --crash-environment=EUW1 --app-log-file-path="C:/Riot Games/League of Legends/Logs/LeagueClient Logs/2023-12-25T02-09-58_1100_LeagueClient.log" --primary-ux-log-file-path="C:/Riot Games/League of Legends/Logs/LeagueClient Logs/2023-12-25T02-10-00_3156_LeagueClientUx.log"
        6⤵
        
        PID:1268
        
        C:\Riot Games\League of Legends\LeagueCrashHandler64.exe
        
        "C:\Riot Games\League of Legends\LeagueCrashHandler64.exe" "--database=C:/Users/Admin/AppData/Local/Riot Games/League of Legends/LeagueClientUxHelper/Crashes" "--metrics-dir=C:/Users/Admin/AppData/Local/Riot Games/League of Legends/LeagueClientUxHelper/Crashes" --url=https://sentry.io/api/1442968/minidump/?sentry_key=819c51f9b27f4f4b8cf6811c04fda544 --initial-client-data=0x340,0x344,0x348,0x33c,0x330,0x7ff76a984208,0x7ff76a984220,0x7ff76a984238
        7⤵
        
        PID:1344
      - C:\Riot Games\League of Legends\LeagueClientUxRender.exe
        
        "C:\Riot Games\League of Legends\LeagueClientUxRender.exe" --type=gpu-process --field-trial-handle=1556,14619289893623861134,5029820550611701465,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,SameSiteByDefaultCookies --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-sandbox --log-file="C:\Riot Games\League of Legends\debug.log" --user-agent-product="LeagueOfLegendsClient/13.24.547.5912 (CEF 91)" --lang=en-US --gpu-preferences=SAAAAAAAAADoACgwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --log-file="C:\Riot Games\League of Legends\debug.log" --mojo-platform-channel-handle=1648 /prefetch:2 --app-name=LeagueClient --ux-name=LeagueClientUx --ux-helper-name=LeagueClientUxHelper --log-dir="LeagueClient Logs" --app-port=57933 --output-base-dir="C:\Riot Games\League of Legends" --crash-reporting --crash-environment=EUW1 --app-log-file-path="C:/Riot Games/League of Legends/Logs/LeagueClient Logs/2023-12-25T02-09-58_1100_LeagueClient.log" --primary-ux-log-file-path="C:/Riot Games/League of Legends/Logs/LeagueClient Logs/2023-12-25T02-10-00_3156_LeagueClientUx.log"
        6⤵
        
        PID:6492
        
        C:\Riot Games\League of Legends\LeagueCrashHandler64.exe
        
        "C:\Riot Games\League of Legends\LeagueCrashHandler64.exe" "--database=C:/Users/Admin/AppData/Local/Riot Games/League of Legends/LeagueClientUxHelper/Crashes" "--metrics-dir=C:/Users/Admin/AppData/Local/Riot Games/League of Legends/LeagueClientUxHelper/Crashes" --url=https://sentry.io/api/1442968/minidump/?sentry_key=819c51f9b27f4f4b8cf6811c04fda544 --initial-client-data=0x338,0x334,0x33c,0x330,0x340,0x7ff76a984208,0x7ff76a984220,0x7ff76a984238
        7⤵
        
        PID:6584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6700 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6628 --field-trial-handle=1816,i,11694616531712933525,14770327435916042954,131072 /prefetch:8
  2⤵
  PID:1760

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4660

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004DC
1⤵
PID:664

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:2628

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
PID:1440

C:\Riot Games\League of Legends\LeagueCrashHandler64.exe
"C:\Riot Games\League of Legends\LeagueCrashHandler64.exe" "--database=C:/Users/Admin/AppData/Local/Riot Games/League of Legends/LeagueClientUxHelper/Crashes" "--metrics-dir=C:/Users/Admin/AppData/Local/Riot Games/League of Legends/LeagueClientUxHelper/Crashes" --url=https://sentry.io/api/1442968/minidump/?sentry_key=819c51f9b27f4f4b8cf6811c04fda544 --initial-client-data=0x348,0x34c,0x350,0x344,0x354,0x7ff76a984208,0x7ff76a984220,0x7ff76a984238
1⤵
PID:5792

C:\Riot Games\League of Legends\LeagueCrashHandler64.exe
"C:\Riot Games\League of Legends\LeagueCrashHandler64.exe" "--database=C:/Users/Admin/AppData/Local/Riot Games/League of Legends/LeagueClientUxHelper/Crashes" "--metrics-dir=C:/Users/Admin/AppData/Local/Riot Games/League of Legends/LeagueClientUxHelper/Crashes" --url=https://sentry.io/api/1442968/minidump/?sentry_key=819c51f9b27f4f4b8cf6811c04fda544 --initial-client-data=0x344,0x348,0x34c,0x340,0x350,0x7ff76a984208,0x7ff76a984220,0x7ff76a984238
1⤵
PID:568

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:5244

C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.50.24002.0_x64__8wekyb3d8bbwe\GameBar.exe
"C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.50.24002.0_x64__8wekyb3d8bbwe\GameBar.exe" -ServerName:App.AppXbdkk0yrkwpcgeaem8zk81k8py1eaahny.mca
1⤵
PID:4172

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
PID:5236

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004DC
1⤵
PID:820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Riot Games\Metadata\league_of_legends.live\league_of_legends.live.product_settings.yaml

Filesize
897B

MD5
c7da5d29f6ed5a12b3bdceeeec5f44e2

SHA1
cf11eca74aa6a159de3b2766b0b50005fbc9714e

SHA256
af6b1197ce3d8cfa2befdb73714f6b27f958353f2de41573112f70b129964275

SHA512
bcd11aaeb914b73ffdbf64363d0ca2baaca1a51200717df6194f3cc4a450ece56cb7b48d712c79a4cfb0ee25bee407f259c4f85d7264a4f3d10e2392eebc2fe6

Download Submit
C:\ProgramData\Riot Games\Metadata\league_of_legends.live\league_of_legends.live.product_settings.yaml

Filesize
968B

MD5
b4dec45e6f6b54322d9ec244db4b7d36

SHA1
300acede9d8c7a6a1dde8c921fff94e8626aad19

SHA256
f1b9a0ab69e111813c84e78e48a99c4807efe97b29ae1b4700ca5fd36071dbae

SHA512
a856f4f8f06fef7b9fa4a617ba25a29841249d7cf66dd33321038dbdc32e4610034df32ee1fee1c4ba9d81e8df4baba72d87ee7b86d10532b849f75259171d7b

Download Submit
C:\ProgramData\Riot Games\Metadata\league_of_legends.live\league_of_legends.live.product_settings.yaml

Filesize
969B

MD5
2e39f580dab0f686f564440a4133d438

SHA1
5555c2a182fab7080bb83dd03f5b07834b65f75e

SHA256
3552ae543ec9ef7e4d291e89719fedc61fcc32a5902e78ac603d330fa617a1a3

SHA512
f8e871fad8c7aaba1a76a546a8edf537465db802ca6900449c072bcd333434536076850d34e2a2e5967d4956402483181ab8804e52e5e4936a5058b49eaec2e3

Download Submit
C:\ProgramData\Riot Games\machine.cfg

Filesize
39B

MD5
7bfa4811c018ceb118a0db30ad378028

SHA1
8437de5f5474939e630f3bcd932e86f05862b436

SHA256
ad9dd952a7295e1d8f402155fe69a9cc74c0ddbf231035cb370d03190276f549

SHA512
98c105516dae94b48731ef522149b8f85e36c1a8ae34659aa9097af66223a568176082f2a5fb14bc6ecb1e2d9dd0d399014b9cda88d624c2135b654ad41accb9

Download Submit
C:\Riot Games\League of Legends\Config\LCUAccountPreferences.yaml

Filesize
1KB

MD5
618b81b67c8e487fe9dbe0e418588003

SHA1
23b5f84eead4140dc599ca4f1863d019d540c31b

SHA256
02161ff4cb3e63bdbf95503aa6cb7ab8947bb8cb5c8d9c763501b917c128da76

SHA512
cdc49202cc772a29a5088c063d317b4006daccc069ce1c23373e1d2f0207eded13a7061972324aae49add766a6fb0ca03ae65c9f9304746ffeed470ac125c651

Download Submit
C:\Riot Games\League of Legends\Config\game.cfg

Filesize
1KB

MD5
cc410b4130e9d8b186d32c7d38f72b23

SHA1
6f77965caf26479ea31b9fba968bfcf87125f332

SHA256
2d9518ba8c1abe7afe24c3dc21974e95575157b76c1f8b23c2507bdf85dc5ffa

SHA512
237afdade9a2d83fb177e8938bd594673ac05989692d37138e85b11c1c397b852165f1792e9dfc76b5fdb037cba97599346c879ccec141eef900f07a57d68f98

Download Submit
C:\Riot Games\League of Legends\Config\input.ini

Filesize
4KB

MD5
e9a09cfe492bc33a986b18a8cef5f226

SHA1
7cf1c73cf0e693eb1d5f516342db7701d752db6d

SHA256
ccc496f04554a4c7a34ba830c706c88e6c1210702fd294da929d73ef5bc8c927

SHA512
483e3b59178eecf5d52a7e30db0d63e4811f1b4cc03414ba1a012667e50867ea185836f5db0f71256fb7d403a11151f1e3a5262cbb2a7867879e642b5dbd54b0

Download Submit
C:\Riot Games\League of Legends\Config\input.ini

Filesize
4KB

MD5
fcd457b430123fd9d9d209ae43fd49f0

SHA1
4b8284a9e063aaa03a37869061e0e198373a353a

SHA256
f5d2c7e76faf67186a93eec3bd0bc47cdc7fd4f1a6509f25d314cbe1d44a4007

SHA512
568b2a49fa25a40294f41bb99f01e87beeca86cd8d42df52d6787791abb0cc2a5f1c9ba816be34ded471092fe341072b5ad6aab4f94e3eb28f98eefab9a99cf9

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Aatrox.wad.client

Filesize
62KB

MD5
68d0cdf131e52b100ccf84f1173ef842

SHA1
1ec87f8c09be09a4d0552a2499f43bdcda2cab95

SHA256
34a1835dada7c0c90486ab94874409b5fe2e804ca39bb21e82d485be7d2a6fbd

SHA512
a46aeb805f3ce76f6841180f259b6d54b4b1d49d2d01b2e52717548881e689d2c0b8d0832410bd734ed547c71541f2cca97ede4f1721c69c6f746c3aad993d3e

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Ahri.wad.client

Filesize
64KB

MD5
e093d7a22ff3b07cd17e3d037847c56e

SHA1
9d441340e7f26909e1e003f5d5d5b2eee129e9c1

SHA256
ed320ecec733e779359b6eaa0dd4c2d3fc0d51bea5d08ffbc32812aeb05148f5

SHA512
7e5b934d4685865802dc940f61d7e25c154a52436fdaac3e8c6191699721bb7583b1f44940be2503b089596c6d6fb79b4c5d0eb4cce170e10f197199461bf63e

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Akali.wad.client

Filesize
73KB

MD5
569f2ccda5b9d212b7cef4167bd4988e

SHA1
a27c54e0e7830ea95aa84434b046630b8eccf261

SHA256
f1d5f335b4c74d2505c595663ab7563638fada735baa934959e32b08f44491a5

SHA512
1be8c7950a629cc5a278f8a0c6ec402ac92420cde7362081530acecb07775cf69cdcce074f94b60f1a5012c5b4bc264763e48a0c975f82c89d934749c710b0ea

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Akshan.wad.client

Filesize
69KB

MD5
9770f55d796af49f0276b644d2f29a26

SHA1
959de855fee6dcd750195306161883ccc0d8cdac

SHA256
05609eb3f04381cc9f7569713d26295c307839340585fe08012fb83034c31b91

SHA512
45046f0267ef5abd413fbbd9c294b26b31e21efd2a3ecebd2c10c861a04213140822cd3cbb98f814d798ea21ac6a2936d8cd74c3ff849dda1caae566657154e5

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Alistar.wad.client

Filesize
10KB

MD5
113521b3c7c196510c97be5b6dcda32a

SHA1
28a11b345f8879f5043757ac79a8497f9ac29f2f

SHA256
27c8e138b3ba6897b2e2881db6ad036cf6fc97944934ac8cb0ded879ebfdb3e4

SHA512
1524b0f58bb41da9bf498b78029c4ecb144259fa239a6a2684b220767f2314edccc8f4250dfdb7f39302b565889062630dadf6953b53962fde8db8d21eda844b

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Amumu.wad.client

Filesize
26KB

MD5
b0b916415dc8ad4c1c9ecb37ca0e3f85

SHA1
39c503bf4545588d1cd68689298a78626012ceb4

SHA256
8ab353a2e8d4cca416bc520e46a28969fdd1ecb15adde81563389292bedcfa5e

SHA512
84a86f195fae8af73f18955cf2508c96d8b015b1a4cdd845a22e4cae5899d3abe8a2d30ee3b6d3beea52d139178106b0ddee24335eb50660fefd01faaa5fd646

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Anivia.wad.client

Filesize
75KB

MD5
1fc992762961753217f21ace9dc75d0d

SHA1
677aaa48c178846801ead22b93b23a6b49f26d16

SHA256
94b29230658f9b5685ecff285f55efa537cd30f419c2f80deb42bec88b097e9e

SHA512
52c041c5cc2a9ce9be962e81d2645e5aa80bbd613b103acef7d71b12b46e8ee82a7f3003d7b6ca66d2f8f899823df274aa858175caf38ed390c2d96f4a1abf34

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Annie.wad.client

Filesize
149KB

MD5
51763986f2837f08b48fe615c10e231e

SHA1
979e3f0b4942ae1ae80b0a44ffff281e00a3e7a0

SHA256
9b36cdbd1c9320bfbbe6024b310b7caaf31b6502912ea54edc29e42e0f917039

SHA512
8708c6fbfee785782eb145625586d1ba736175889f296d46d2989f25885a26226a07bd722730cd51a7a68477f984694ff036aa794cc384620daa958ed977f46e

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Aphelios.wad.client

Filesize
43KB

MD5
e4ee0b51052871fb7bacdc53989fe2a3

SHA1
d6cb905fc301641f859f99e0f94be9e995465408

SHA256
cc16b3eb6e4cbf5a05d39cdc86e7e09855909c2f9b07bd135754e82e6838ed2c

SHA512
83e4ac6a314ac77143193e284f1994266f862a30064f1f1b615073314ed3576d41537925b09d639bf0e3ca7f8f02b2978c7a7fd7c088ffaaac2c618b66fe7e9a

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Ashe.wad.client

Filesize
66KB

MD5
02299f6baa244a3c8acab7102a787959

SHA1
95c864912771fee93301e751ee4b472e124396fa

SHA256
99696a1a552749ad9d3c57e43a7e70c7f7a1aa8022c3dbaa204ac9edf9b3055f

SHA512
a405fc0111ad10868ea11376c94ec3f268cca705b1903e425689abb7755f583315e22b87283c7ec684ecc3f18a0f8147d3146b3203ec2089b55afa9edc569ce9

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\AurelionSol.wad.client

Filesize
151KB

MD5
cbdb96ee45854196a30d4d656931fdf2

SHA1
e519b824fa8447c35f71687a18af58590ee66b40

SHA256
c240f87c3d7d358d09eaa61a4bfc0249fe2936524c9cf24f662174b5fa917372

SHA512
edf7a619183c1303b9fa32c8684851f11d49fe389360c9294d712af6341427d5e882a85ce338bd9eac4143deabafd8c5d234c9dc3e2248bde8c3c3d9745b70c9

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Azir.wad.client

Filesize
56KB

MD5
bb4a47ec59717bc05f112b4a453d5bcc

SHA1
170c77af300ddee3d2ae1ca0c96d34a4aeaa7f9f

SHA256
a40590cc43c526a8f1b584c39a3e14a49ef8e458679ccb4873e2aad638522c42

SHA512
3e491226b36e4917720f48e5eb7617a3a8a4e8e1438ef6c396c3a61b9b47d1f16ee119f6163062369c916cde93a5334bd6cd36ce9e9a15f6d1492b685387f2cc

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Bard.wad.client

Filesize
147KB

MD5
c163909114400865fa7b7884c691c1f9

SHA1
b962ce900ab646dd7aecef3e146ff669ea825c1a

SHA256
124506ee092ab5b6ea27859467f1151d74d2f7008f1d46d97a118b032ba4de2e

SHA512
7066b486bcdde047a528b4a3d6119374eca7a1a7b6c9563ac2e0d58a1ac49411a9a12762b581d2e5703611ae3b646dfbe71ddc095a4a57c03eb50f36646be61d

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Belveth.wad.client

Filesize
57KB

MD5
0ff820ebee75cf1ce2aa4a821ce5b1d5

SHA1
f670a71e65d93f22e39ca01d2b0d7514786f069b

SHA256
7c708e3d148eafc772f8d3fb6fd41a96151ce9801b98628d35af14d2b73fdc09

SHA512
e87e7c4ba1d4cbbe221e9715e842545c2586d67830326bd2db10c5a52bad9d324f134cc5f1d3c93485bf8558719df97573d2ac953b1ca1defe3c44470357c9aa

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Blitzcrank.wad.client

Filesize
61KB

MD5
202def7a6030d952c233684cccbe622e

SHA1
b5fa041e82e92e52f2de68b2bcdb65151c631bb6

SHA256
37ace23de410e48a40d66dc08acc0b9188ff2b755e5c9ad46b7b2b878c421dbd

SHA512
da985f03a484a8a8c39a31aaaeaafdd5eae6eafdede389112952f3b8b12cc574010a1f493bd7dd33c4de5a509233d499c2f44a4d0b00c49fd5884cf8f9f9f200

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Brand.wad.client

Filesize
149KB

MD5
6bc67958cd2d52e708b1dbd284d180a3

SHA1
4db7434d39027ee18f1847f9506ab31f434f6b46

SHA256
c3663b82ee4b39c56923001d48e59bd622d3b80911be5b4b6964df74fb047f1b

SHA512
e1f1b62ca52d6af6d885d8f4a65c452eb9c9ce4580f7605ca7351e483a1472540e88327c12ec71deec3e6b39369e04f699968a248eb7f085745de5e4c7592c1b

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Braum.wad.client

Filesize
15KB

MD5
0324765c65e004449c2deac19cf7c4c6

SHA1
b2d47bd1282b47e6bea59a23b31885d9985e0a7a

SHA256
0ea8c08713ab82f8a41f105d5c22d9799e3742d81cb45f50d10c255662b95985

SHA512
45ce92668a083e72970fb310dd8d7a2c4022e76db1d203398b0b4a98379d4a7841bf3cc6af78c28ea8f9797f49b80b5e70938df48bc5c066ea53b4c78a6a441e

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Briar.wad.client

Filesize
8KB

MD5
9f519ff613ebbb8d1e3e9d173589366e

SHA1
134bf2f9a9d805be6d1816197f049c266bb4cf48

SHA256
d0f1c32378795b15f48636dc710195146cb5a57610a7ecd9e32636bf8c4c20ba

SHA512
d4ab5b59d21a4299c7e9d4e649c437ef99844b2574b5540f9610f96028d030732deaa2b0dd107ad2d65f76a8ed3c20e4d9729cf6d0d0549577dc931d949ab9ed

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Caitlyn.wad.client

Filesize
130KB

MD5
3fa1255d51c461763873d3c42a4e8514

SHA1
f7d7693bcc7672fd1a423360ca4cc9aad46ff174

SHA256
1c9f0bd0a91534d4d83f60ad98e9b322c52d76791b99f44518eafc943273dadd

SHA512
4d3248f619519be274a56334f07592a612190cde43ec06b49a294937da70918ff6c23fa8c1326d27a376e18989997b3d6ce76b14cf561559d83ebe3f72eaba93

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Camille.wad.client

Filesize
42KB

MD5
8d3ddec477b0448d47166f526d3cea8a

SHA1
43d793ab7179eef2ddfaa0fc8d26635af095fb71

SHA256
f5dc6edd108ef7467a768787531ccac7ae51eadca1712bde196596dba6e01824

SHA512
8079dc7feab91a9088031719b3ac207c6279b694293e27257413a5646a4a270820966bbd078e32cccabe3096da14600b127756730fe67ee4492a62e2b55dd1aa

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Cassiopeia.wad.client

Filesize
82KB

MD5
20c52f5bb0ec3f1f5b4a628d749e4646

SHA1
578c0caf9680e47aea83e8e5795ed74794f77371

SHA256
9b345b5e5a705a399ff60c0554331d3dfd5715179702c66441ee7c53d79ba427

SHA512
012b63c7890ac6954bb1f6ce53471e65c929392838c60196bfd7507164b5974b9ab50d16610d1bdaa5577f432ba13073b5589d1da96e70f9bf9df24d7211510e

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Chogath.wad.client

Filesize
26KB

MD5
37195952212c6205a08eb886202c83ef

SHA1
918e5171210dd3d16da897d8f34559ea033e74b9

SHA256
5bdd572008c1ee820581bdbaba982aba0b8e106c96202118e1fadc89ad1dd2e5

SHA512
8579f3d9d5e60ceabe15b0a465019d9cae993ba00769623baa7782615e8792fce41be10a102661ce5941915a776794fe4a7e14454124e0836d0c12c327079c4d

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Corki.wad.client

Filesize
75KB

MD5
c7e98e00b6dc63fac0cafdd7dbf8643c

SHA1
130c9b90868c09da5d4c54ccc66b91e1a1dc58d0

SHA256
4be1fb70ff8599cd71256faeccfdb45fa8536b7e6d3c2392b7f0011ffe2c7e13

SHA512
67255571e4b8cf9eb29f81fad8060d5f441ffe0556ae7664eefe1d96acbbce6b8f3e083fb476a1c30d7bac4ef78eee3a368a6f52ff570535bd8325571a0e0dcb

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Darius.wad.client

Filesize
89KB

MD5
52ceb5e191f2b2cc4825ffe4797321b4

SHA1
9fc5cd907c5419cf18768c505a9b9e0f25b9fd18

SHA256
d82ca535506fc9964fad7e36a00af0b7a65aa662c128783305ecd0c060fcadb4

SHA512
72740003da0bbe669ceab07586a1913a2ac86dca477095783736c0ae3d450d83e58004624976fa2078e6681a028a68e77d275e5e546b2db14cce9259d8125b3b

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Diana.wad.client

Filesize
34KB

MD5
d067389cb5cd925ce79572b7c70bbfd2

SHA1
931236f55cd8133811fbed51b4f8eddba67454b2

SHA256
3a99a274314ba44d510f0cb18617d4a4bb98e848f8819c2f73bcb2cf769195a4

SHA512
36dd4b610da3ca8056112b1ecb11ed7357b6a295cc817fc1c8e5b96e8d330a551e6a885c6b7c887f14ac891f83f5ff87c7f63f7b03e91637685d007ba1de8e95

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\DrMundo.wad.client

Filesize
10KB

MD5
8ce64bb8287143a3a64497e8147dae1b

SHA1
1d9e075fe8adf5cc4da49be0c22251aa513d053e

SHA256
ac059244c103206c6df097ff72d357245fbc01e26310d7f8bfb9ca64dab33cf7

SHA512
3a937662d538e66423edfbfb1b5d741679f6d4ad6b980ecf80e246c3431145fe37f7fec74766cc027dbb1d4517cc44996c9c0060a94dcda862fd384dc13dff49

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Draven.wad.client

Filesize
20KB

MD5
583bcab462d44f0fe8836fdf85634913

SHA1
6004f272b87091e1430782894070bf680a116c82

SHA256
0501c71722283945f13145c0ed5698d85df5ea0cbb94144f46cfc4151bfb7743

SHA512
97577f26ed5cce6efcdca6a4671b17fff000d5da05f13f881ee722965a872308d59f25c5699716fd19cb2a8a9a1f63c06513ff4b7722f091b1ee553ff11d0c25

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Ekko.wad.client

Filesize
59KB

MD5
2510427c20e7a914efc45fdb9ca77fbb

SHA1
59236d2d8075784bcaa3ed48aa426b3ec1477ec4

SHA256
70bd3935c089147ca03d0502302ede426b460bbb167ce42f3c024cdbc6e3f320

SHA512
3ac53d1071463f4a5ae32b99c7904df7088acf990a36d1652602d70fce3fa93d8cd4e24e8ea6695ee4e413db69a81a5c8baa260d0b046a297d9ea14cb4b03376

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Elise.wad.client

Filesize
6KB

MD5
76abb32b11bc21118a0cc0ed49a81472

SHA1
fa860a89c79c65d6a99667a23c9e6fb43a0214df

SHA256
3287a678cff931daeede7357922c02247f1727d494d9a12ff746d0cf24019f18

SHA512
325b1567c1d508515da1325ed84fe2e7b09aceb62c9f38aad40385aa0b516d68d7af827a5c2ac7cd1065dd6e11da35927f6330eaf3ed1491ec855ba78842dc83

Download Submit
C:\Riot Games\League of Legends\Game\DATA\FINAL\Champions\Evelynn.wad.client

Filesize
57KB

MD5
c1e14a48da4feeb3609f72466c18661d

SHA1
8677b37092b1af5ddf398ee841e3ca5bda6db6da

SHA256
a915c21fe86f79304221fb6200f1fd6038458dbceae8ffe847ae1da3c60c41f5

SHA512
42093f09781c4c681b1ef7414b3336909111285d03275d352da27978c08036f924405f74f01a69a2945273a2313ddc165dd6e82bd5e2f3a51bc8fd97f2c8a0cb

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-be-lol-game-data\default-assets.wad

Filesize
389KB

MD5
37b127ae286351a86b710983c0dc4e83

SHA1
01a811438466d54e9412c7547c899eacda5f552e

SHA256
700a3daf2bf3d8f035d6fc04477c9ed00dd7079565aeca3dbd0b73334587094a

SHA512
346cff789f7ecd364299decf1b6984eba21717dcf53bdf474656cbe819016bcd70f0de82d6187a79c8292fc25c874e65ed7a315f0de8c84814cdff0615b046a2

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-be-lol-game-data\en_GB-assets.wad

Filesize
1.1MB

MD5
eb81af838c740e1d2e42c79cdec6f4a4

SHA1
4d117287526e4a55b48c6fc785e31299f38cfe6e

SHA256
f7192b546d8d87fa5ab68392db3213568bd5d97381428ce871335e76669dc288

SHA512
afa91c260d210fa7a7f568776cbfdd2a59bf2e16516a94b05c42269c7ea2a2ba0f33396c1166d550e81725abcfb55ee04bc18ccad4b07afb9c0ad7a3e8fca8dc

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-be-sanitizer\assets.wad

Filesize
547KB

MD5
6932fe8a0f7d93aca695c6143e06bdd5

SHA1
28ba6c08030b0e2d2e27ae74d10e6bb072955cf7

SHA256
8d0e9c42a5992ca5cde4973e9bd9f842fe6b500622e27eb3034d9cc4776defaa

SHA512
a4c9f5fbd232070935379751df797bff7a8f3e4c57072517115854c69ffbdbaa25cd6f12b8f98c1d88a4817ea4ec6cf74012b1d96a9ced436f8a4a8d920d1c61

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-fe-audio\assets.wad

Filesize
44KB

MD5
afcdcc1d105e898307b0b5c932e32d89

SHA1
b328b9a0ca41234c29778a386beeea04d003e007

SHA256
72f698742afb02257f0962579e60d2874845ecb46aa80a3e158af1526af86a42

SHA512
47fa509a30e402f99ff43c4ab5a83f6ae61cccca3dedb23c8f9580c279ef1d48bd90b0ac865fe7d462947d04133105edac90f9b1ed239120adfd51cb4620fbdb

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-fe-lol-career-stats\assets.wad

Filesize
501KB

MD5
9637466b205d5c19d58eee6e11164392

SHA1
138042a426f4400b985eeb1bf542da507a3506ee

SHA256
02e6d2d5d28c0476530d88d0b6129e8ac9e3255cec36a10b9c5974d530ff3385

SHA512
4223692301203e4192b9178ecddb640ec7ae9f624895095a3cfb1c65cb4e7cba3d22a145b072920870d68ac22a8dec35d94f261dc40324e8248de91669dbea8a

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-fe-lol-champ-select\assets.wad

Filesize
446KB

MD5
93353d677de4c17207af0978a246fc37

SHA1
8ba32e10d94f543df413e629ce63d9733129ded4

SHA256
7badedd3ddd4d6b520400aa5d1ba650cf6b607fba10212e7839961d0f37ebb1a

SHA512
ba77600866dff9c078bc64306bbb096c6cf42848db2c854b6d1d11c6359642e342e94cf1b071923523310515aad1db56b612615ce8a746b9053b41bf4765a924

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-fe-lol-champion-details\assets.wad

Filesize
123KB

MD5
4b0a4a7b8d2a867a006d53dbf65a55a0

SHA1
17dd6cc5ceffb26647424ebca3fa3e7299d24535

SHA256
76ab161b769bef3ca1705f1d50f6130095b3af80796154c01d11f19bca43e1d7

SHA512
7159703b17929b7880512ad8ef091fe341061c718f8222abec4cfb1ee647bcbac59dedee32ac1a4ba8344a15fe743ea4679798543537eb96a4f965ece36f90c3

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-fe-lol-clash\assets.wad

Filesize
261KB

MD5
154c5eff24a81f4ddfe2afcd555f74a2

SHA1
df9cd2bdaa74057a09d6df941eba66df68184f96

SHA256
a381520186934d0f11b69bf49c555ad2df7cc96ad41017549034d2f8537bd25f

SHA512
49ddeae55c5b653931d2c3d9e62ab8325c68273b15ea9dd4392a57cb80338b6db2482113fa11733bb85fb54cb368e06f2599a6a50d0b0bdd54fe80bf1fbb27d5

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-fe-lol-collections\assets.wad

Filesize
463KB

MD5
7b00fff1606bd69d0b55a123ac181995

SHA1
d2d0cf6fc8667659719d1d20fe19b521d7f4d71d

SHA256
0641ec81469965b3906310103172d3ce671a99d7693e52e79264ed4d22d67530

SHA512
567b3e2a343365c9f9ae76748fd77be82f93ee4808cb7d84fa28b99ef9b75c180b590b00fcb4c490a4657678f6532173ef990f99a0368a3697c4263ee722157f

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-fe-lol-event-shop\assets.wad

Filesize
96KB

MD5
b8152fbf32ddeace7bc678151c53ef10

SHA1
612c92a0675a8502fdcb08dcbe4b7eca6c7682a6

SHA256
535ce6b1783d748533fb99641a299721462dae736ddfde20a849255590184c41

SHA512
60cd8f6c4e4c54aafac90b859dbfd696856158e41e3c47bbdfd67abdbb674f731597c4349fe7dc9fed0b7e808eb66d807c8334b713f15c762a5e20378e1bc76a

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-fe-lol-highlights\assets.wad

Filesize
160KB

MD5
ce607d91bce9109d4302529bf3f45c85

SHA1
731f0863f8766722550370a75643e47d68d19dbf

SHA256
82390f15145260351b8ef070672e24572076c1c863f22fc7eb2d1589960510b3

SHA512
694d43b994ecfed4694be4cbf3c4879761f671a909bf5c1c3a02b08da5a48c2524cc0ac899e1d065bed8f6c3ef4f3a9119bc104f0f0bf24371512e8fb259340d

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-fe-lol-honeyfruit-account-claiming\assets.wad

Filesize
86KB

MD5
a5f2e0dcb52ff32ad4f4d115e417348e

SHA1
10865e688797d358e11fe35a5fe1b437ef8cffb2

SHA256
78dec2779c25d60463153c1c17be542d12ed4de9ba0f3fcc29784222cb583c92

SHA512
85bace4c3acf6f01a5f368a1dcdfec97be9d478988af29c106d82c16e01bc816ebaec811ebcf6d169fd90780f2530e361d70f8b50af72af64ed19904791d9743

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-fe-lol-honor\assets.wad

Filesize
445KB

MD5
2c8a9087ab023b16431ac3349d9a3c0a

SHA1
16e083698a2be3b49a0fd593594586c83d2b49d1

SHA256
473a6655b2aa4bd613f4d1f0181da55408a1f7467e527e8535ef468fc162fd17

SHA512
cfa260452a54d4a6320411f7e8085fbe1977329bdfd83ebb5025e6c4067c5c1c77e3cdc427bacc25c972d44fc6fc70fe064dfed9a2734b75c59cedbc214d845f

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-fe-lol-loot\assets.wad

Filesize
456KB

MD5
686c347450fa3132633186e4faa5555e

SHA1
ccdb0b125400a4c57ed1321485b2e34a81417aa2

SHA256
619937c588fdd3a3e0fb2d46f3a10056ac8c31e97c8031f2bcd7e5d9dc1b6fb0

SHA512
6d5d92f8da5f071102bda95b58472e65bdf3470e5cdcf5dbf3e75e4f8414d5406fac6db646bc1d90eaba962b0903791f48d2f80ff92f31d55af506d09ce257c4

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-fe-lol-match-history\assets.wad

Filesize
302KB

MD5
1e9b717632484ee991ef0e8269296e36

SHA1
b5c2cd873e715b2e50f14911afb965901e405384

SHA256
401709c01531da591f72ef9ae82553d88a427e44b33882c716cd387b7d429b7a

SHA512
0c4eed74adb30b8550004275d6e31d3f375ca770d88f781d03be17999146d6aed956abe08d366ca6e7c458e04a40b6ec16a58941be5fb69c56e2c0f8e7730c92

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-fe-lol-navigation\assets.wad

Filesize
192KB

MD5
1335b5763fd5a7018d7224ae2d21cb9e

SHA1
2ca4fc7c43d62490389bc9e063caae4c52db17aa

SHA256
2e8da1c8a456afdc518a83dd855c51ae592f8b2f2bb08051a1268e4d90774374

SHA512
9eea9e98c2cfe6819517b5fa7ed65bb2ba9ff64f9dafaab6fb58d558d117f17f43ea0ef892a9ac07d0fad189c769610dda64a6ea293097a045297d54d6c802d7

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-fe-lol-new-player-experience\assets.wad

Filesize
329KB

MD5
c17093df6776450ec432a3fde395f5a9

SHA1
24a5de458a2f5c38a17628667a8356bf8fcfc5c0

SHA256
10252f06aeec53e21ad575ff1a2435d499eb58ebdf95a0c613a8d56b6b5919a4

SHA512
b935a1e3eadccdce4f4b363b4a9b2a272a5e7220ecfe1976891b6aa20d21d48cd00949d6cdc945b6d178ce56e1f89c64a149c83f31d18726e6d1c557db57c92d

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-fe-lol-parties\assets.wad

Filesize
434KB

MD5
0daf4bad50ab09d886e2a91f89158548

SHA1
99c32bf15c496e4c41ccb987bce8592b7ab2d4c9

SHA256
1996ffef313a2d5bff92af887fbe278598474c904a69aaf09bcfae7f628b7236

SHA512
d90934bab37800e841f4ff0c33691e97686b78ede0244f21faaceca961a7a288170bf73860e6a250f4ff627e4fce6ecc543665ff4abb945a508e987f49d273f7

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-fe-lol-paw\assets.wad

Filesize
283KB

MD5
379acf230338eadb11054531420b4ad9

SHA1
1dc66c2c7b32dddd54c09eab8a39c8a50e474a57

SHA256
ae0db43689683000486c43c7c9a9f68dda3a8ab31b9b8db4e48c10963f126785

SHA512
f6d12c2e2bde40d996a1b37cbc4f17bc42ee713dc64e677b6aa27fe892a188761b637448b574c0fbd7de419e5a14bc15b1e3c4b915f6b526850f92ffc132ca5a

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-fe-lol-postgame\assets.wad

Filesize
197KB

MD5
cd31d1fbc796466703efa2cce79e6a65

SHA1
ac2fab067285da23fe042026b39bf14945034f70

SHA256
d2202875b7c698f29e62eb16044b265b10c05669efc33e88ed10c06bb790dd6f

SHA512
736fcf565d2f6d9f6c45b8d17dd7c88391b0b69d99c05091abf34ab86014379e6e75c885379b59cb097e0759733e6ad33e977b9408006d3c83058f1d37173578

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-fe-lol-profiles\assets.wad

Filesize
114KB

MD5
e7692daebc792582d735ee9b6807bdba

SHA1
3e2e2958fdf580543e7c844b32ab9af59176b17c

SHA256
83e0fe0913fa4183d88600a1a88aa860faaa5eb444672a1b2850b699105a7e87

SHA512
e6a97113901b05a73e948efad18511b106b39dd93598189d07e3ea44ed64734c00d1748cbe3195f1719dcecc99c45c64e40f58fa7c0ce90902db0f164e0171d2

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-fe-lol-settings\assets.wad

Filesize
266KB

MD5
012be7d424df2439dfe651f0c2b5cc0d

SHA1
df4c4fb666ce042f615a9c0c7f30e4f510f50747

SHA256
0566c312ed97e64ba6ea134215eb323e791bcbe57689b96804acbbd1863f69b9

SHA512
04e60673ac371d6eebb24156b36d186bb9833664c6a294dda8b43a83500ffe3611d69f06783d0658da564a97db38d2cd2eb78bcc1542bb05d3e40e2eddc0746a

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-fe-lol-shared-components\assets.wad

Filesize
313KB

MD5
767144d4290c6ca3ad40cdf42e0e42b8

SHA1
926c4316454e8d00828e654876679266d96ac294

SHA256
30d98980e46483ca47f164df4a4b209ce84daf10477e967e4efb716d43fe474b

SHA512
770e7a80c3fa738c74aed96a97f040f86991a721a44960bef19f57e8d7cadb3505968f0b37199cd90666a20c954d9a2004de9550bc01ac53ecd66ced51ecf210

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-fe-lol-social\assets.wad

Filesize
107KB

MD5
18d5e5c634c08e88c0b58523347bc5d5

SHA1
c1dd9ddf6265b80efcc6c18a483a0998aa5f3d2b

SHA256
b8eb21798fa78a09c4aa89e2dcd76e41b5f23bf4a26370c5fe915f26d95b7cfd

SHA512
bf14af90e9bb12472b8abe8e62ce850baaaf184dd12d5bdb0a0176925c16fe014b7d8f66020af1652efe41fae6944ae6fb6643af6d5908514feffacfb95cdca5

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-fe-lol-static-assets\assets.wad

Filesize
86KB

MD5
9d2fd460b2807e33c281bfc274ed7da1

SHA1
17c7d0f6bf9fcf2be694bb852638060c95e07dea

SHA256
bbfa53c9efbd744532f57d7374dbf0a491d1a7992812918528d2d1afde6c8782

SHA512
0f0c715d692c347a223affbb58ef0821915d8f85373aa97fd6e6df6304840dec4f9f5547478e758079c0acda72c71ee4c518cf10f5a54f2ef684064017f25a92

Download Submit
C:\Riot Games\League of Legends\Plugins\rcp-fe-lol-store\assets.wad

Filesize
249KB

MD5
b4b1e71d978a55635796de48c4e8a61c

SHA1
6aa89704fb9b33f9ed96c8a4bfe3fd139aec42e1

SHA256
6252e5e399d62aae748eea37e03549098616e0b17d63a44f91c4388ceecb9842

SHA512
172bfaaa28ef8b4f806f4bec024fded1bd9966f8bd8fb4f11d67983a9e160efa9ebd5a3b9a18f5bba9b261532e8e3cd61e78648838b3c0c662d9d0ecd2642e6e

Download Submit
C:\Riot Games\Riot Client\Microsoft.Gaming.XboxApp.Extensions.winmd

Filesize
10KB

MD5
d6abf638473c8fa2b7f88961d5402fcf

SHA1
9d0ad43bcffd5ebfccdbf3115cae2c2b3b00a472

SHA256
000d645a07789c850a7b4cb63a864cede47f9de81adc8534ec1feca3807843c0

SHA512
ca18590adbc971ec169a0d7569daa69fc623d5254612645317857d57b6de663d023e6d3e483e40027c74ee0004c5cd5a5acbb49db563e6b6e5b3cd9b9131342d

Download Submit
C:\Riot Games\Riot Client\Resources\icon.ico

Filesize
132KB

MD5
03f31eb2a91e93b71849c02b044826b1

SHA1
76942a52cfb62a6c749b87434c811cd4011c83ec

SHA256
c44248b85e7f76d5d55c3c0fb9cd643566a812fb0d3af985d4d01bd1073860f2

SHA512
d9add5a57b3dbab7421bcf21ede21bb70e2a42789e0898a143faca824fa126b6c5ab2a271169b575cac59ca1c025a9e92eec1ecb5247c15da44c4b736e470c89

Download Submit
C:\Riot Games\Riot Client\RiotClientCrashHandler.exe

Filesize
93KB

MD5
d17602d07edae7749231e7c652403dce

SHA1
8cc93e192c2c891f6fe6018bba0ec714b959f46c

SHA256
3c5b458a3cd67081f98407d5a6f0281654ef99a17e9b36b014d8238c6d20f000

SHA512
270a8e9dbbfc3d0a5dc15e97a83b8cfaa99da247cfedeee4bbdcb35042a313641c70b66c4823ca41a17965826be29442e194038f6d04217efde44be5bc3d9a25

Download Submit
C:\Riot Games\Riot Client\RiotClientFoundation.dll

Filesize
129KB

MD5
b4caa1504f394a25fdb9efa1056683d3

SHA1
204bc48480c23107fba9ed747e447fe61db1851f

SHA256
31664b8fe988ca00c71c49d6843dde413ce1d43081fafafe576caf5f1fdd287b

SHA512
b73bf572d333ef19e3cc31d31cd084a47c6828ded177cd3333771604c97cf28065d4562b57a5f0d25a293ca20a3148c76080a253a9b26cd5ce7b5b05037f0b71

Download Submit
C:\Riot Games\Riot Client\RiotClientServices.exe

Filesize
979KB

MD5
2b50bf9b36689c56527c2b5c503e9b0b

SHA1
fd8d16817eeaf82fccf988ee046ac963a4f1c10b

SHA256
d77b95a763f95699e3305ef39c2260a8d79849310cf44ba8c3c48fc69600cd8c

SHA512
261ff8a84da7d48573246c36b7dfe42684f6654937ef1406e0c4f87358e48139109ac76e02fcf4a3cea7fd81f1c3ca89c9669b4f0404a1bfa3e6278ccde86dd2

Download Submit
C:\Riot Games\Riot Client\RiotClientServices.exe

Filesize
169KB

MD5
d921e0211811979d710e20d698a7d87b

SHA1
c85f1362d885cacd74c5f7820a41bdb2c5f94f96

SHA256
a843f4ba051f957bd2ed4c01aa19702d229b3d7fc137cc25ec880b61a73aefd6

SHA512
4868e22171750ab00c94701b99fc2b1fe8fe860016e58cfff6c57d9f58946d1c2b9fec3b64d51283393ca86da0e6331b9d83aeec544b66438a3634f052044052

Download Submit
C:\Riot Games\Riot Client\RiotGamesApi.dll

Filesize
154KB

MD5
fa008a6faf664b8ebf231d7214ee1dc4

SHA1
3fd91d1b01a75e3765302580269c396fe6660844

SHA256
0df6d2262cf21801ed050836642d4fe291c8fc25dfe11e2ba692ba07a45dece9

SHA512
89df4d1d5ff58aeb093a8bb1fd4df2bfdae783a589f245c088801c56cd9d729fd154a88402c4dbcdfa7c50b2259d0b03833df9d0da901d6225718b6c8ff0c6bd

Download Submit
C:\Riot Games\Riot Client\UX\cef.pak

Filesize
95KB

MD5
4e0b725d05f3b6d779e9537ca1918738

SHA1
d7b488e439b7d85cfc52cdcbfa22ad12fe7829c4

SHA256
a66f842819285555f5b52cd903f61c201046791bb509977dcb2bfcd7531916d2

SHA512
3e2ee17e588c06ba80ff96223db2ad2ee2a1fb26322235ef910da453af1cc368a5f6caffccc88897bf32b79152b634de84f9892270143eb06d50a829ea305b15

Download Submit
C:\Riot Games\Riot Client\UX\cef_100_percent.pak

Filesize
70KB

MD5
35727073008261466884c4631cfd17e5

SHA1
efdfa341cc9be69cf37f5605f04e9c5c9609fb07

SHA256
5b1fcf7d22b2129ae98786d2a6a19e476af94422210dc625a553c38d2eac6d94

SHA512
e99c8315ea9c8b87d9c670e2c59eed4f036bdb6145bf6e1ac946dbe4f8a230d03eb4b4ee959dc2a4e6ac52fa133847af21a3c47e8947469ca7e35126900e4155

Download Submit
C:\Riot Games\Riot Client\UX\cef_200_percent.pak

Filesize
115KB

MD5
2a7ab4ca4e25c95439402056e82c2577

SHA1
87fdcbb0a86eae4d8ee15d91af9b10eed74ccff4

SHA256
9f29c3f94fcd6d95fb05532a074a312adb89fe1466f589e872585ac8e524948d

SHA512
1340742e32056905ffe5e9f818b05a6f765c1b158cd93b92a8145781f3114e683675de5e37b3ed59d752b8cb10e8db392ea6ddc9981d2139526d7b66981fe843

Download Submit
C:\Riot Games\Riot Client\UX\cef_extensions.pak

Filesize
151KB

MD5
4d1dcbff56bb6a77a2e2398cee7a5b6a

SHA1
86dc7b92677b8118b6348e6935de67df91a596c2

SHA256
978dde1bfc469ad20db085c2c17a6d2cd2aac4fc592b4da7d5a918963c1979e6

SHA512
3aa29075b634c0d1b222b6b28fb261a8ceb47a0eba1cd429b4c2b159f2fc649ebaf669336bc36771182170a5debb78d35629e9a385ecf173b88f7174d4f056f9

Download Submit
C:\Riot Games\Riot Client\UX\chrome_elf.dll

Filesize
57KB

MD5
431158c366fd4e2d0437af92d67280d1

SHA1
31468431206509cc590baf4c340ef436184b103d

SHA256
ff3b5621add236fe0158d2e6af09e999e3f8ba03a7114788a0f1c53d7656a534

SHA512
5e246c1099fe20d45c003f3db7d904528545de04147168eb15f6c84be32609384dfca127e807056390786f4dd6c8eb6d0a333684b258fbb54fc705d7cf20c743

Download Submit
C:\Riot Games\Riot Client\UX\d3dcompiler_47.dll

Filesize
120KB

MD5
1d7e581cde8aed99e522a579ac1426b3

SHA1
9c7b84810ed35cda4832cad29edcab32eaa8126c

SHA256
b3ee46fb43a16b57f22a001d5e7858696c4217ba5fb3425cb86f7d6eac89e0c0

SHA512
fa15933a4da3717b75ac6eaf0970d634bf208721e05baa12ac62b1919384f3f9638ba8f7bd9da418d0b2bfb2a94a74b0dfc1db0be0e424b90ebf41c0ba80da41

Download Submit
C:\Riot Games\Riot Client\UX\devtools_resources.pak

Filesize
121KB

MD5
3e02e64664a1927c5541f8c3da475993

SHA1
d8346228a5987973771979250b86c07da8e77a8a

SHA256
cb1e147099611dd352eab83cab70624ca4f63408b182870edb01bc0fb579d786

SHA512
af4dc8d104d24ea29984fd3027db030b3418e911572bf33c92d1b341a1f8a82f97f4eac005af8e7d6b3bbdff9691017fcc627c93f43ec50dabda70bcd68e6768

Download Submit
C:\Riot Games\Riot Client\UX\ffmpeg.dll

Filesize
133KB

MD5
e408bb20b11c8e8687cc59b520f593b9

SHA1
9ae51b0b6492460b1ea33577c53c7b3f7a103766

SHA256
62a62bb633235ec661dbb001ee6dab2c0c3921ad8432daa2f679cbac5ddd94b3

SHA512
d8e89d19829ecde6ca9b008685986035381558a79c58b81e71009bc6cdd4a7f666635a2b8f13859de867faf30cbe93bd0de363f1b1a9d47f1d603fe5e8defed3

Download Submit
C:\Riot Games\Riot Client\UX\icudtl.dat

Filesize
97KB

MD5
42324b9b4193a54a77392a4adb206b82

SHA1
975c5054488dee85aee7ab738fd204b8d3391194

SHA256
5cd50e0b741af362da0952f4e0c995de30d4cc33cd08769189a07faa44fb8772

SHA512
68257645b267a294addc5a4ea4860415d0dd97f8c74f6380dbafe2b8368d7593de5ac132c344bcc1eb008e4c9389579f6b2ae1653391dd61c57d9eff510fa39b

Download Submit
C:\Riot Games\Riot Client\UX\libEGL.dll

Filesize
108KB

MD5
e0b6f3c763f192a08115b87c4a4e94d0

SHA1
cebb858de268b5e7e8704b6b5cb3d5ab1f5614d1

SHA256
e334032ec466005f07645c3c0f5ea7722202189c4b5723ef5dad77a129549791

SHA512
41d150a16d95a12ba296f069556f7dd9fe1f20389c34a4551866e41bf68f684e44093efe0ee688710a930be6930c08c80f8ae74b00e1cea8c81f94c2db46742e

Download Submit
C:\Riot Games\Riot Client\UX\libGLESv2.dll

Filesize
205KB

MD5
fac9c35e6678e7bbe955ca2e750ed0cc

SHA1
0ea96452bdd168a580a6a02cd211d102a7b9163d

SHA256
c913093f42ffafe1c18818e72b1bc1441e0a0a333c8f14b48440f616f5e3b4bb

SHA512
e14ab626c8b3ed8dc5a947609c4b7f0aaf0405c866bc3efd1c990b58be5d1223719bd560f0ba7f75bf563db7f2c8ea6da96b7b8cf82f3fbe396a9963b9a25d8e

Download Submit
C:\Riot Games\Riot Client\UX\libcef.dll

Filesize
230KB

MD5
daba97badc0f7c0a1de6d5c2df20f9e5

SHA1
8da59feaf04dad1f41acac31316340f0bb3bf546

SHA256
e7951894efbc7e71dda3a907ae4bc90d68e67bf2d41ec101c419827a65933221

SHA512
775e0fb68b9db3679e66e30a52893a2c45fe8b78347d6d3b84a76a3f8e00305e0ca792b41beece093ae3d7d711e2a394a220ebf9f08edbc2b69ff6fcf33ef5f0

Download Submit
C:\Riot Games\Riot Client\UX\locales\am.pak

Filesize
49KB

MD5
551e4d8f2ed3dc17abcde5e2e029d989

SHA1
5ef2f1b05924ec2b76334e5593e5ffdbf310ac28

SHA256
75ddb171f25e42293c98ba9ae1053fadc4999c962e957fe86fc1908513d7cea6

SHA512
2cb8a37f6acc7968a7b4b740ab10b1a1d4078f52164c3fe376c4c525aaca6b49bc2f502e40212e19e05d306a5a2260a8e9bbac48de4f45b5bd627a229ff4bea8

Download Submit
C:\Riot Games\Riot Client\UX\locales\ar.pak

Filesize
77KB

MD5
6dcf370bdcf4e2e39e64c15745aad7d5

SHA1
068a43b49c20e54876533262b471f8bcec14f49f

SHA256
b0dddf21946eb2ac39a64d1a357bd279000fe34fe080f0c720739fcd235c026e

SHA512
eb5f8e18151d3e8883dc3027b8c063069894ccf7d0441cb46a5c32a5e31ff99e3d9e8fd2298fc0181dc650f16cc2b04d1a4a05100fad4ed70e84b715fb82c8f2

Download Submit
C:\Riot Games\Riot Client\UX\locales\bg.pak

Filesize
129KB

MD5
1c231c3bf5a480f0278c18ac7cf46d05

SHA1
53f463860d6f61f90640e25169695c1e00f73e38

SHA256
be0079abe59c320358106bd523add2eb627fb2e358ad0ddc8c8f184fb55364e4

SHA512
cede0e3bdc557e8a6edc1ade2cbc7493daa529a8c8556a6cd7d204e330d54e78d654e2ae00fbe0edc6539386b71f612b3ca564ef8fbb63eebe02038775e969ed

Download Submit
C:\Riot Games\Riot Client\UX\locales\bn.pak

Filesize
102KB

MD5
f811424eb3e7bdc20f381e6fbfd47051

SHA1
a561393bfaee90e18207e9e7ca6ed2b042eb1f00

SHA256
c48a30834175361a42de1934d03ef62224cdeecf44f767aca42aeb70422270b1

SHA512
2c1e77aa2690d37d4cc99092cc741d82b38a63a6e4bdab343234a07ce6c651f03633d8d671834b2f5d1c279fc337ab7ef3bccc6ac66ed24e9b4d8a07c5ddbb35

Download Submit
C:\Riot Games\Riot Client\system.yaml

Filesize
16KB

MD5
dfaece3e2e8a9ce451f308d31f82852f

SHA1
f9412a18a42809cae8ef5713b6805e10ef71ea34

SHA256
5afb439904fa1d0e2cae79486525b26bd0eabb6b3a34ab168d0c054e2ed369e2

SHA512
02100a2390a11627ba0d8187cbc00d1911cc21af88c3dc78f7f29992c10df019f725b15346acbb06d2b4402e2752af9dcc9e0fd9d164b5c7355e50a2a50244cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
74KB

MD5
63699a475c0115b9d65a0e9c8a61829d

SHA1
c41ba830f2914d0f4e90d28f4d68c594503f62e2

SHA256
1ebd4b73f1144cdbf2d9ba267a5641a50aa5fca8ad03674162805101b4caf418

SHA512
6adbd653ea5194977201bf1a9242c2693a95dbe6808ab790154e1f85489615ff517a2c207394230566494f83c374b4cb82cf5b00cca641a229a48be287c1db73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
29KB

MD5
a09974bb1a7a2250e16e0d1f678e1446

SHA1
faa4e5bcdb1daa141bc73dfd1edef4ddf5523cdd

SHA256
9b5225365d2edc9de835fb79ab950f3c679447a824e332455e2eaf2e332f31e6

SHA512
4e95e28cce9d7a2cd9b61566881056527b061119a802cd66673f3f45d0ca55b4f0c1ea7ce0d6c7d2491d01a41c89bc3169ea3d54ee2c7ac75789e2164d894bc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
31KB

MD5
5f65028b3701d36ca152b7e2a5ed4e0e

SHA1
4351268590f9b759bb527954aa545cc5d8fb50a2

SHA256
706f7e0c7e6ecd4d80bec8e26c48338594c302047443049fa8fae1aa56e036c1

SHA512
57aa400076ca57da80baaea0eb666e86b0dba02b845f15f31ba4a3e806c497b152f5912fd11908539c1a9c632c6550fc5d8c2aefb542071f6491a2c345d2049e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
54adc69fbdb57b947f692bb26009250c

SHA1
56e3316e8e26792e32d95cdcec8b23a4592be2d3

SHA256
85e819636f38616b3fade69cd8d19e2e90561c294973054344e68b194f1d220a

SHA512
179d7cd917f5a28ed6fd036b4cf571b3fe8c227471adbe5a09c155bbd6c922a2c86c99b95af699539dc734a9d3bbf0a10bdce66a174d4c9c4f92ad0079e30bad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
308254bbd5579232475997279221070d

SHA1
b851b490d89dc166f6b2a3f29a43733ec5e64bcd

SHA256
cec083161df3d4a9d35c78bc3125110807dc5a296473e4b23b75ad38a136af3c

SHA512
bb6bfd97ad84d0002175a18f1ccbcbd035ba208be9f1844c4490f92644ca0bc8efd4ab672d0bb339fe9a2b8208009e591936460ac4edd2be36a0831fc422d275

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
87f90e7024181f2660bd2b822f5f2e8c

SHA1
733bd571d6e15a9f15818e12a0e7803abef45fc5

SHA256
cb17b496586b34e737b337ec1b49c3105bb8fbcd19d49aa77c62e51a080c8dd8

SHA512
31b70e5f5b3791feff3ca7fc854fd31c89ae0ae5ef206ef71cdf159f4b148bc3f084c982737810d102dae795a563f23a19cd5a49f6d44ec0ae9048ad6235d9c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e18d2f766afc09309f5e66754f0942e0

SHA1
108427a8e0c74ee0cb70db8c8637cdd5abfc593e

SHA256
91e0ad0db8eed5eea878e97e9c5856977ee8d0cbe83599d9a98f2f3d99adf2cc

SHA512
63fcd8ad1364872a71c0ebdbf0eb24df674731cc5dde24d2c1b48e6a0ce7ff3ff8f4b0abe6548753af6c36e86fc6230cde3d6be28f10a56c17e649799a0f424c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
704B

MD5
ba9f96a8128d6372e901f7fc1a42a6d6

SHA1
eb8a9008d82d01eda9fdfa5f7345dbeab4c6e044

SHA256
9693dd9accb2b20b713123310bf8e6c94c87f070002648e5a4c851dc96a581d3

SHA512
21b4aa6ddba6c84a1da96a7b762fd4a4dbeb7ad9f209d6601b8d82b4a442070dfa114a9bdb0e1c33dfe5b164bbbe0b70b427e5ab55d614d957b5233073900c5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
46486bbdedb73d80e0f8afd6fc0e40da

SHA1
5a4a469c8cadec1f70a5a3b713e49e8b89a52fba

SHA256
47218f7c0ef37a8fbe9e2be64d456ccde9a6d2a5e2ca343f618394fc7207206f

SHA512
e64995485c3c04d42f2f60a4d120239b8197266a3d1292f0324edf88f7301b31ec2e795336c9b356e2090cc364ffe7a942f93af376ad57db394c2ad6a046c92c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cdbc5a9ec7cb4614623f737e71ce2120

SHA1
76be5ecb585eb13f8006dc2c8babe035a7591d90

SHA256
589aa9e64c8cbd37799c9fbb895c889b1199e76d2a31e42c902ae54781ecc225

SHA512
2e4c0f4751fbcf2630f84adc1aef7485cc27751327bc9a8fc886da1dc22f792d04a969437b3af2a93b2586a5a0f2c393af8925baacec4b450125a9091b67599c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
957b293605f29f4d126cab895e18146a

SHA1
d57570f405dfb5f325959bb94f18bb210ffcb0fd

SHA256
84cbd9a01cd13aef94c150b545e3e1646dd4cbbbb49b1df70608e1de2ae56e77

SHA512
94634017a2f6a34b9c308a60f7793a717c089a9fa96d707db02ea4fc5d24a885f62ea1c02a4086ea3d7eef80627694b9b3af338db50a76b0bc068ece0660c67a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
949e06bdd6db05e407ae07ba04fde2b5

SHA1
313864ed8601712339a54c9cd2ad64ffd6ba3e9a

SHA256
e43c65e7742389baac69537b5936be64f1e380355e4257b5810e7b97e4b8b0c4

SHA512
eeb1bed0db9b98cd6cc8f9734b14161c320a60614bce5527c68e285f3d578a7e9d644c43dfc15bbf983f9316b45dcbd4ffce4cd1e37bfba14f493533dbfd0024

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e79e4faf14d64991f12e54071750d51e

SHA1
6c8a9eb53c9aeb8dd73549a0e4cbcfb34745ff6f

SHA256
865ee4811f288c08b6517745caf00c36dde5a3565ea7ee8b94385f1932b0f8f0

SHA512
f31cb307df56b11ec380f1057fbc4d1dd65e8dd7460cff71cd3c51d10be31102657850e7bb6b99b59d0845b6b0f53f8e158679fceacc18a6e239c63703dd5ac9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
f3bb9172423633f0f9af2bc7c9f1efe0

SHA1
a75a9421587c024e49e62e7e86db0ea27732ffd0

SHA256
102f3daa9e43bff3bd06958fd68672819c560f8f4e173bdfdfd4f65f893a4d65

SHA512
c4e01f32f7ff8f802307f2e028f81044bda36552357734161aef1f7561587a2ce7832c02c23554b06a24bd8f6c5559dc2d136d9daf5ee6d303c87c8e89c12a84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f318a74411e0f723bac0ce09cae584b1

SHA1
54f998758930846fcc4a4a7b44985df750429f49

SHA256
e7e40f2faf0c52cb82e8940acfbabb403dfd1e5936b766a379c2739d4c943d1d

SHA512
87f9eadc53efa02e5e354d99e3980219d13c37acb46598a236b643d0f7387063f7b378d01a7a6a46aa9429d7b0cfc1af85a81b6da634801b64cc17d7d2ab79d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6f153cf23ca42ff0d335d7e40a0a9b47

SHA1
0379942efcb11aa49faa68895563da976fa8aff0

SHA256
cd7381e2c507b7938387c3b400afa9e6830822133e62ba784a93d63e8fd11067

SHA512
2bad6700a1e87b3661745da210fc58b17ca6810af144f0413c69721b9f33534ec1f50721432fc3c19853fea3d9bbafbc03d9009b1931598faa092d7d8ba46ccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ff8ce5bac0b8c7af2393b91b5e0ef355

SHA1
d218bb8ceeb539bbedb27dbc26c78d3adfb729a0

SHA256
dcbc71886e5d60460c82bd77ab2cc9a92f4937cdcd45844876044e905e2db2b4

SHA512
53c68731ae7238a45ff621951861b4f7f36f7e4894e51ffaee5320a2948b6fb4dd9ba3253831436d1bff62cf8495fe7d2c997b9b8ab0e96c700159d4bffe359c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4b528f9e6eb732cf2731600d39819a42

SHA1
4d8a6ba04050810f736803dfb2fb24fe8c57fdac

SHA256
4ed94bfd4f502a19201ec095705629026d9c28c2bf6aed30a979471f7d00fc84

SHA512
debb34e7f4104951a17b0ad9cab0f3c33ad88cc72643daf08fb06df3992c83b64ebff6e72bb77d0595d5240e801af9bc3cdfeccfb1424070c07d5587e46dac25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1109697e4f1ab37d6546afe02e1e4362

SHA1
97bb3f092f112ff7593081cbf91b23773b7e105c

SHA256
abc8e89af0161c534fdd7dd0b80e784239a30f68e5d78e2bd132dd456446c2e0

SHA512
56de3b06931a8d8bfc14d28777a7c65fc94cccc36a45468751cdeadf626a22736c7fd3c43f2cae1224cbeb4331e5b621e25df22ee8f9c9487367e6cd115df8b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
47bf066a0dcfb5d0c4adc5c33ed0d7f1

SHA1
c608269840491e7d90d97015c5ddb810b7612fbd

SHA256
ae5294a227895dc236f2a84c359f7d243ed37351bfe042baab27303753826634

SHA512
0a356ba0852fc5e874a5642661f086843378dfa86f1b42631c137636e008244e1d01d9448c781b8f20af236d1ae95b53d4c921c0cf7898e84afb77dbedcd4ec2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
224KB

MD5
7a33ccf53c33f13cc17149cf44a80884

SHA1
360d11b3cdd083d04998a02fe43d04ea5ab3860d

SHA256
65097463c0bcaf4f7dd08eca3845b74457aac3dbbac7e85df0bc7993f00e7a40

SHA512
668169db9a255e15271ea7e1efe90b5b97ed7b1a5fe2d16064708f7f78d4639fea23feea51c0812d1d3e18319b63d4978903e9c4c7e785d1ca069deaadf44683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
224KB

MD5
f73f148cc2390c7a836074ba0b753d6e

SHA1
1e3cf6c48537253afd3c97126667ca2596ac6040

SHA256
87841cdb8d77fee32e99071f9b515c2da40b04b69728afe0a10bc31a5213035d

SHA512
80c678086c04d108b492f8b8c0363931745e18438d3027c1578f89807ee5ac57ed148de5e09029234000f0c8918be35d05448326a3802253517291f009d6572b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
9fa122df12db412b19a3dd3dc7a09c01

SHA1
3973d8414f148fca55b9656c90dfbac50cf0659c

SHA256
04f99248e43ceff42ba4c5717bccdc3fe348324821d59cb74e58ad693f91740f

SHA512
7764ae066960832c50a68d4f09d1aae4954599b6efba919ad67c694c92571354dcd84b72cffca5057bb91778c8d63ad21db1018f7461e266d6be00416b3dd966

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
9KB

MD5
0ae283e50ea6931a40bbdeab32224d46

SHA1
eaa666d5db2f38d70c445dcb7ec268e1888bb0a1

SHA256
569d1863b92543b47bcd4f0804562f669a85858fd98a35296aae8252b1ca070f

SHA512
37f2f25136322ba87e2ad5072fed1c3b5acfbe8fad5ab555547ee72027741070396f5a8f9416674bb7ca2295f3c2c03f5a20776f40cecdb2dc313861fc167d31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
2ce55c92deacd890f89fc368f105cbc7

SHA1
5801e1e43a36f80f20ffcf1f438556f2723e73f2

SHA256
56fcb77579c481152f953799bf7451b4698426491e3ffdd43252d65ce64881c2

SHA512
2421daa0cc86c660ced8c4163e4b2c2345b746cd8a83c3d9483d9eb816315c25b245d094b8a2f48e46f09fbe551e24e15e39d1c4d0573f5be0d2f84de6e1648c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
6c08cfc152d7f1bce7ebe2af5013b173

SHA1
2b18384fe4c5f888ce70bc90dd17e0f6d6c0a8f4

SHA256
d510165e174bd5d1b276755cc63ca4e9d59850d094354736ae4af22a471d5ad9

SHA512
5667b2efea873300bf06a16502545c2b25bbf290f15c94a8df6ee7af9d231d2bc63efd79d6d2fa5fe3c702d34fb8334ccdd9699654081eb989aefca96abdba9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
a040845c23d46a2468f273c5ff285a0a

SHA1
b3202dec26e8666a2d36546fce838ccdfac6c939

SHA256
45f3b74dc8802a5441c4a7e09df46802c6b5b212fde36ccb3456c4f6cc9bf827

SHA512
5f9e780a4ba0a0ff191ac92fe8d835bd91a5c7dbe5ea7a3cc913a868b5a9fa6cbff17478ee0c445f98ffdee9a034f9d973f16e04826eebc7162322e81e3e83a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe65abbd.TMP

Filesize
89KB

MD5
eca60f62cd47007b2ddff6c4165250b8

SHA1
cb41aec675943d1f8b2c3ebd90bcdcea24dfb720

SHA256
b885386a8a371f56d6220798d19f123bd4b8afd30b1a311664f34005eb1a3fb6

SHA512
1d818e78d00a9adf4f90f9a3cfa031896a74fc3f715f09150b03075e312f7fe0b26eb9c2ce52e8995a7b72bbb36b2cca4c4e892e86b4cbc8bf1ea0074933db4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Riot Games\League of Legends\LeagueClientUxHelper\Crashes\settings.dat

Filesize
40B

MD5
fc2b4571977f6c4c80ebb9e9f26473be

SHA1
85ef36087b3610d69dbc79cd612d020c7b97bf5c

SHA256
f6f9eb5c19e7f72f5d2c84904009ae649c2f116fcffe0f864ed0046ba3be8757

SHA512
f168e0e519472bad272783772cb54d13a6d436ab4320abfeff5b2d753e65fbd3c65b904a91798390b6d5725cf759371624b3c59e0df8e113e5ef1136edf4fe7b

Download Submit
C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Config\ClientConfiguration.json

Filesize
13KB

MD5
71e8ea2f7b04f446ac55edd9d6eab655

SHA1
27b0e42c955c6940adf3fd015c6f65a255689150

SHA256
e9d4d19069afb8eb8f178721e4c3d64e28d0c6f55743289f598af87bb13cde49

SHA512
043bfb2d8b76a18c8a11b247efdfc064c6c14190a7c365ec578bdccbba23724188c4733a66a0420bd69f539b241620d5bf93926327f5f0e43f63df201de1cd86

Download Submit
C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Config\RiotClientSettings.yaml

Filesize
10KB

MD5
f7f0ea355c50712a32f1ffa4ad372842

SHA1
a6c420d12d88dfabee0340806cd3373d1c372aec

SHA256
c63beaf73bc3e93772ca364ab623cad3af824be9eddd8dc23a44835947d17972

SHA512
f4264d873b83d99496364b9efaf1b65170e31a88d4ee070e7870e261d44499f44764c7f9a122741c97aa4c6e236e2c95741311666bf5049cdbe06db3daeebf59

Download Submit
C:\Users\Admin\AppData\Local\Riot Games\Riot Client\Crashes\RiotClientUx\0042d45b-f0e9-4109-2e5c-61bf13cc98e2.run\__sentry-event

Filesize
448B

MD5
5e1141d1391d388f5222234d7c360b53

SHA1
8cb271550e1b4c86cea9dfc1ef6b53331dd57f5b

SHA256
5193ee7d901fe385e3a6aeb8fd6bb6af51d837050fa8761f75d13cea586fb04c

SHA512
2a86a19b781aa94f099eb86256564c39e4bcca0eaffccb01bc47a1dd27c6ddecb588c7a32f467e4f7bd7c75df5967f9084e1b672dd58492ee4c5937bc05e3e7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DXSETUP.exe

Filesize
149KB

MD5
9604781af83fd9943fced1a2cb3a5109

SHA1
5c35c7ca6ca1d5fb4ecdad264b939374ed3d800b

SHA256
36ceb4c2c7e904ded831ce5f0ab09e46f36ca5240e314cd9697ab81448a5f135

SHA512
28c429763e2968f190201e36066ebc5b227de6bb6bb5f9d3b1e6f6f7d0d0ab85d540b38d3b62807b0479fedcec24e8b09155072d5940e5327447da148e199d0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXB55E.tmp\Aug2008_XAudio_x86.inf

Filesize
1KB

MD5
e0947065f559b93eb93a7ceeaa8bfd44

SHA1
39bb647363b00924c7c0b3792f8017d7c7d9e3b4

SHA256
f211a7d99b3ffa0180bd91f68b2c285564227e075d499e950e76fde04e7707e3

SHA512
620810dcd56857b2d3d5f1271c5d4979cc90977acebfea81edb472d02da8e6104e89984816a91ab57a2469253a391bcc378093f1adaeea7c0d35f7f1b794969d

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXB55E.tmp\Aug2008_d3dx10_39_x86.inf

Filesize
1KB

MD5
baa493c7a361f1ac0c5efc94f1568f97

SHA1
16dd101673b96b54bc5a38c20ec3ed785c6bf7bb

SHA256
e83f8d48323887af89648c5bd7af713b42d20ccb757be34675f1fa527e6cc33f

SHA512
2e8db3d1ce2830caa9a0f698bc31e2b907e39a233fb056fae44062b3ff732b3b62f12fcb2eb948c1728df9b64c4d8ee873c0f95e56c2ad1727140236ecc71095

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXB55E.tmp\Aug2008_d3dx9_39_x86.inf

Filesize
1KB

MD5
b28ef6e3eebceb622d1431fedd9f545a

SHA1
c6ae73cbbdff4632911dc1759a9ccdd73056ac8b

SHA256
8a23d386626328f9519076f33d5c3b71c639f2347741442c3374974e6f61bd53

SHA512
4f2bfced9eedabd6ca807a1b88cc063d15a31ab0bd8e2b60c65d6daddac9a111c434a0fa7d7641813d9880612464351ea30368bf6f0ed9ffc69bfb4d51882d12

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXB55E.tmp\D3DCompiler_39.dll

Filesize
1.4MB

MD5
c4f1972497fe2ceb7d900938c97fcf91

SHA1
27c1886e7823813ac61c35ea0cd5b72ea0ea7dbc

SHA256
b99b655abc4ec45851cc2acdb7a348e739687200a4fe3be9c35d6738dd61112f

SHA512
8d35dd4000e1d632d0924b594d6ef13454159f8c3b85636f180486ff794b76f8a84d7977e340ef08217f0f68747b593eae0b44824a20c12494007f4a40cc3d00

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXB55E.tmp\XAPOFX1_1.dll

Filesize
67KB

MD5
d95eaabf5d277ef91d9ca70151209e56

SHA1
3d47ebbd6236045309d2222a696b7141c0957379

SHA256
5ab63c0f040fdf65e681eba4daa55ed83e89ea10c426dc2fc763da0fc94f3ace

SHA512
6d2e73468485fee2b4007f1fdf16381cdd6c77edbe5530f63cbf8696646b14d06100fdf54a48547f29ea5775f29226b16808a5a1bd4c0778413855f80e5b8259

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXB55E.tmp\XAudio2_2.dll

Filesize
497KB

MD5
50f4a0d5e6a0bafefa78f353533b8e06

SHA1
d370434eea3a557ed77b2363dfac720a5ed98666

SHA256
9c7897b4ee1bcd190b1c0b7b77e64ee731d234764683a1e2286af70d86b62753

SHA512
7686b893996b76a25ca7da971ca3a10400dcc682a05e8317a9d159a9317537de0bc20dfdef643e85e6ee548d7893138497fc156f77534124a8eb3e3ce47f0cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXB55E.tmp\d3dx10_39.dll

Filesize
457KB

MD5
e6c2f1d8b667ddc04cb55b9f0159ef97

SHA1
9dc5c2d54397aeb56deafb63ee34b641f7030ee7

SHA256
613afdb8b44bb3bed945279229d9604a3cd553f8c2b9b091235cbab8cd00de61

SHA512
5cc39f19b6de99bad0be00fcbde9d498e23f29303c6ed4ba79c2b2bc63f259f9b617ecf6ac67beee8a71c03a0e80c29412e0159a5014a43a6168c37835bb0e00

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXB55E.tmp\d3dx9_39.dll

Filesize
1.6MB

MD5
44eba8d8fc59449d0048ecffd50e3325

SHA1
af11491e7e7404648c7ed64a79685c1e3bac47f5

SHA256
2b18131f707223a8f6b0530e8168bbb481888e9b47b07e8f4e59945ccca3f1c6

SHA512
266bf02ecbd528bc3354f0056e5e1d92978dc065addba65388ad71f55b2cd861b502686a1d59ab5da91c93d133a85254aa10bc68b5d471b4dc17616a14f8ab7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXB55E.tmp\dxdllreg_x86.inf

Filesize
724B

MD5
8272579b6d88f2ee435aeea19ec7603d

SHA1
6d141721b4b3a50612b4068670d9d10c1a08b4ac

SHA256
54e098294ef0ad3b14b9c77642838b5992fe4573099d8397a1ef566d9e36da40

SHA512
9f1311803db1607e079b037f49d8643daa43b59ce6eafb173b18d5a40239a5515091c92b244ffe9cfef2da20530fb15deb6cf5937633b434c3262e765d5a3b21

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXB55E.tmp\dxupdate.dll

Filesize
169KB

MD5
651b61c845f93a67b2a714f477844eed

SHA1
1b88ce7291cd2735d7a97b0b8b8fee693bc507b5

SHA256
7c9daafeece27095df9199c9642fef112f8c9295662615b393c55ddbe9353ead

SHA512
61e993414dd183c1e93d99e374aaa1a663e31fdafb74d59d870f4f8cb672b4deb5f804725bfa6b2bf0f8bd0bb53309300a42a571ba6d9a848c1f5899e04b1257

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXB55E.tmp\dxupdate.inf

Filesize
10KB

MD5
f325787333d65d7a8a7417535c6bcd2f

SHA1
1fa71002479fdc0f447010ab8f13ea8171b1941e

SHA256
0ca6bdf41c88a4d5c8f2af7a7e032bd0eb884a2cee52ace7428f6ab21068aa40

SHA512
c35a4d8c912591493c6030b2e4c7c5885fc18262440ddde008b61b452b657478393cfed0ac89ad2979501150463e45ca536792a45cc83cb28df08ed228f6149d

Download Submit
C:\Users\Admin\Downloads\Install League of Legends euw.exe

Filesize
3.1MB

MD5
2238937c69f09b42626222b0af510393

SHA1
f0d9e0ea975d71468132156b36ae3b564f724533

SHA256
d0ab917d4dd389abfc0bf627138ffee292c1753c4ba17d56cf1aa5a9796fa1a0

SHA512
0968bed60aceaf1ebff295d8f0291a9364b8b8beee7e59881f5bcbbbff2b99bd15a260d8893270083473beb921e9bbf5eee5a40576a94b116e62c6c5c3af4bf1

Download Submit
C:\Users\Admin\Downloads\Install League of Legends euw.exe

Filesize
640KB

MD5
395a449473f4b4fa30551d462e3158cf

SHA1
09eb8e9de3e70f31fe2cd842417a3789a8b966b3

SHA256
5f51693198ea93309b8a8533bd31a11ec6f499f5495d41e3cc3344a13bcfbb9a

SHA512
23845173926dfe6f81b1c2cb27530ec2a3ed59015352f0b5535aefd9b1fa3b61197a1081eccff696d7c17390bf0ed1557a6e03b7ea210cf6fcc878e2f151c94c

Download Submit
C:\Users\Admin\Downloads\Install League of Legends euw.exe

Filesize
1.5MB

MD5
6fffb2e961e0624f73a451068ca49ba9

SHA1
6d3686395ce276d309813cd440459df992fdca2c

SHA256
9e5d8a80efbd65f7942eb316e10ac5b698de21744c7f25a3fd74b9d67e6d0e54

SHA512
300b7629c6e1580c41c43bb47edae0c700ced14d1dbd8d68874459975187ce7c2a693b18f341584a577d8331784805e9c4b2ce8cb612b1aa1207a6efc692c122

Download Submit
C:\Users\Admin\Downloads\Install League of Legends euw.exe

Filesize
1.2MB

MD5
041d18947ee2cb5d43b348534198c741

SHA1
0aa16b23e7d5d05f3cd05751ac92b063217bd33f

SHA256
ee7e7791945f6736475109c652067ddff22c66ed0d27012828801ce223eb9495

SHA512
8a5a18459dc2369492f51c9e97cc201813b10598985d019e3fce913f65fbfa8d767f4b14ed23cfd1f74850c25835cc2056e93b06923ca11e03019289c3d7bd77

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
C:\Windows\Logs\DirectX.log

Filesize
17KB

MD5
87b1020bf1c38c3e19f2ae172d1d251e

SHA1
9156a62e0d4534f56c2f64e4909ac5b6001ad784

SHA256
3ed3309570705b34226bb03d9d8b52997c24480e65fd5b456275524a124b7ce6

SHA512
d4e41c677619617deffefed86cdfdc9dfcb959c63c63e5a2b11efcf97a61474ab9d3785b4450a44d17b55c221fa84908c84f92d256d12562a6a7ac335e730b14

Download Submit
memory/476-892-0x0000000007770000-0x0000000007771000-memory.dmp

Filesize
4KB

Download
memory/476-880-0x0000000071CC0000-0x00000000721C7000-memory.dmp

Filesize
5.0MB

Download
memory/476-893-0x0000000077884000-0x0000000077885000-memory.dmp

Filesize
4KB

Download
memory/476-891-0x0000000077884000-0x0000000077885000-memory.dmp

Filesize
4KB

Download