ecb6c7d7bc73fc24a4ce26dee2aa01ca9195a6d4ff7cc98da7f661107c1acaf8

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 01:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AinzSkinSetup.exe
Size

62.2MB
MD5

9cea8af98a4571b6fbd4f0bdd45fa079
SHA1

d881265408db3069274854ea2df6b2a847f425c0
SHA256

ecb6c7d7bc73fc24a4ce26dee2aa01ca9195a6d4ff7cc98da7f661107c1acaf8
SHA512

8ba7a64c515878c8bcbea2d0bab971476455d5d70c5126205ee4d9021ad1851a5c2b34d2db810e021845b262ddc848ece2c5149d8202b215f8f156cbfefb6345
SSDEEP

1572864:gC5g8eSkbdUvI4dHchPb2MJHugOlR7iDoQ06CxZAYWHQ7+iz:qUvj8N6MJOgWR7Z56CxOAz

Score

7^/10

discovery execution

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	AinzSkinSetup.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	ModSkinLOL.exe

Executes dropped EXE 4 IoCs

pid	Process
3456	AinzSkinSetup.tmp
4540	ModSkinLOL.exe
3964	mod-tools.exe
3564	mod-tools.exe

Loads dropped DLL 2 IoCs

pid	Process
3964	mod-tools.exe
3564	mod-tools.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\AinzSkin\Data\champion_icons\is-GTQ9E.tmp	AinzSkinSetup.tmp
File created	C:\Program Files\AinzSkin\Data\champion_icons\is-OUKQT.tmp	AinzSkinSetup.tmp
File created	C:\Program Files\AinzSkin\data\installed\Chroma 145025 to Prestige KDA Kai'Sa\WAD\Kaisa.wad.client	ModSkinLOL.exe
File opened for modification	C:\Program Files\AinzSkin\data\installed\Chroma 145006 to Prestige KDA Kai'Sa\WAD\Kaisa.wad.client	ModSkinLOL.exe
File opened for modification	C:\Program Files\AinzSkin\data\installed\Chroma 145042 to Prestige KDA Kai'Sa\WAD\Kaisa.wad.client	ModSkinLOL.exe
File opened for modification	C:\Program Files\AinzSkin\data\installed\Heavenscale Kai'Sa to Prestige KDA Kai'Sa.fantome	ModSkinLOL.exe
File opened for modification	C:\Program Files\AinzSkin\data\installed\Heavenscale Kai'Sa to Prestige KDA Kai'Sa\META\info.json	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\Data\is-S1KC5.tmp	AinzSkinSetup.tmp
File created	C:\Program Files\AinzSkin\Data\champion_icons\is-OE3DP.tmp	AinzSkinSetup.tmp
File created	C:\Program Files\AinzSkin\Data\champion_icons\is-TD36L.tmp	AinzSkinSetup.tmp
File created	C:\Program Files\AinzSkin\data\installed\Chroma 145019 to Prestige KDA Kai'Sa.fantome	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\data\installed\Chroma 145023 to Prestige KDA Kai'Sa.fantome	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\data\installed\Chroma 145033 to Prestige KDA Kai'Sa\WAD\Kaisa.wad.client	ModSkinLOL.exe
File opened for modification	C:\Program Files\AinzSkin\data\installed\Heavenscale Kai'Sa to Prestige KDA Kai'Sa\WAD\Kaisa.wad.client	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\Data\champion_icons\is-O26M6.tmp	AinzSkinSetup.tmp
File created	C:\Program Files\AinzSkin\Data\champion_icons\is-8R47S.tmp	AinzSkinSetup.tmp
File created	C:\Program Files\AinzSkin\data\installed\Chroma 145022 to Prestige KDA Kai'Sa\WAD\Kaisa.wad.client	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\Data\champion_icons\is-POTKO.tmp	AinzSkinSetup.tmp
File created	C:\Program Files\AinzSkin\data\installed\Chroma 145036 to Prestige KDA Kai'Sa.fantome	ModSkinLOL.exe
File opened for modification	C:\Program Files\AinzSkin\data\installed\Chroma 145049 to Prestige KDA Kai'Sa\META\info.json	ModSkinLOL.exe
File opened for modification	C:\Program Files\AinzSkin\data\installed\Chroma 145020 to Prestige KDA Kai'Sa.fantome	ModSkinLOL.exe
File opened for modification	C:\Program Files\AinzSkin\data\installed\Chroma 145031 to Prestige KDA Kai'Sa\WAD\Kaisa.wad.client	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\data\installed\Chroma 145062 to Prestige KDA Kai'Sa\META\info.json	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\Data\champion_icons\is-QLRGD.tmp	AinzSkinSetup.tmp
File created	C:\Program Files\AinzSkin\Data\champion_icons\is-I4MV8.tmp	AinzSkinSetup.tmp
File created	C:\Program Files\AinzSkin\data\installed\Chroma 145008 to Prestige KDA Kai'Sa\META\info.json	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\Data\champion_icons\is-PLGGE.tmp	AinzSkinSetup.tmp
File opened for modification	C:\Program Files\AinzSkin\data\installed\Chroma 145045 to Prestige KDA Kai'Sa\META\info.json	ModSkinLOL.exe
File opened for modification	C:\Program Files\AinzSkin\data\installed\Chroma 145033 to Prestige KDA Kai'Sa\META\info.json	ModSkinLOL.exe
File opened for modification	C:\Program Files\AinzSkin\data\installed\Chroma 145062 to Prestige KDA Kai'Sa.fantome	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\data\installed\Chroma 145068 to Prestige KDA Kai'Sa\WAD\Kaisa.wad.client	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\Data\champion_icons\is-ES2I1.tmp	AinzSkinSetup.tmp
File created	C:\Program Files\AinzSkin\data\installed\Chroma 145025 to Prestige KDA Kai'Sa\META\info.json	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\data\installed\Chroma 145028 to Prestige KDA Kai'Sa\WAD\Kaisa.wad.client	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\data\installed\Lagoon Dragon Kai'Sa to Prestige KDA Kai'Sa\META\info.json	ModSkinLOL.exe
File opened for modification	C:\Program Files\AinzSkin\ModSkinLOL.exe	AinzSkinSetup.tmp
File created	C:\Program Files\AinzSkin\Data\champion_icons\is-JSPTK.tmp	AinzSkinSetup.tmp
File created	C:\Program Files\AinzSkin\data\installed\Chroma 145033 to Prestige KDA Kai'Sa.fantome	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\data\installed\Chroma 145060 to Prestige KDA Kai'Sa\META\info.json	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\data\installed\Prestige KDA ALL OUT Kai'Sa to Prestige KDA Kai'Sa\WAD\Kaisa.wad.client	ModSkinLOL.exe
File opened for modification	C:\Program Files\AinzSkin\data\installed\Chroma 145019 to Prestige KDA Kai'Sa\META\info.json	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\data\installed\Chroma 145023 to Prestige KDA Kai'Sa\META\info.json	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\data\installed\Chroma 145024 to Prestige KDA Kai'Sa\WAD\Kaisa.wad.client	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\data\installed\Chroma 145003 to Prestige KDA Kai'Sa\WAD\Kaisa.wad.client	ModSkinLOL.exe
File opened for modification	C:\Program Files\AinzSkin\data\installed\Chroma 145042 to Prestige KDA Kai'Sa\META\info.json	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\data\installed\Chroma 145044 to Prestige KDA Kai'Sa\META\info.json	ModSkinLOL.exe
File opened for modification	C:\Program Files\AinzSkin\data\installed\Chroma 145065 to Prestige KDA Kai'Sa\META\info.json	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\Data\champion_icons\is-GKNQL.tmp	AinzSkinSetup.tmp
File created	C:\Program Files\AinzSkin\data\installed\Chroma 145049 to Prestige KDA Kai'Sa\WAD\Kaisa.wad.client	ModSkinLOL.exe
File opened for modification	C:\Program Files\AinzSkin\data\installed\Chroma 145063 to Prestige KDA Kai'Sa\META\info.json	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\data\installed\Chroma 145007 to Prestige KDA Kai'Sa.fantome	ModSkinLOL.exe
File opened for modification	C:\Program Files\AinzSkin\data\installed\Chroma 145018 to Prestige KDA Kai'Sa\WAD\Kaisa.wad.client	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\Data\champion_icons\is-2A55P.tmp	AinzSkinSetup.tmp
File created	C:\Program Files\AinzSkin\Data\champion_icons\is-QFGCN.tmp	AinzSkinSetup.tmp
File created	C:\Program Files\AinzSkin\data\installed\Bullet Angel Kai'Sa to Prestige KDA Kai'Sa\META\info.json	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\data\installed\Chroma 145019 to Prestige KDA Kai'Sa\META\info.json	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\data\installed\Chroma 145032 to Prestige KDA Kai'Sa\WAD\Kaisa.wad.client	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\data\installed\Chroma 145041 to Prestige KDA Kai'Sa.fantome	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\data\installed\Chroma 145058 to Prestige KDA Kai'Sa\META\info.json	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\data\installed\Star Guardian Kai'Sa to Prestige KDA Kai'Sa\WAD\Kaisa.wad.client	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\Data\champion_icons\is-FH642.tmp	AinzSkinSetup.tmp
File created	C:\Program Files\AinzSkin\Data\champion_icons\is-B791J.tmp	AinzSkinSetup.tmp
File opened for modification	C:\Program Files\AinzSkin\data\installed\Bullet Angel Kai'Sa to Prestige KDA Kai'Sa.fantome	ModSkinLOL.exe
File created	C:\Program Files\AinzSkin\data\installed\Chroma 145004 to Prestige KDA Kai'Sa\META\info.json	ModSkinLOL.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
4512	powershell.exe
2620	powershell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AinzSkinSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AinzSkinSetup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe

Modifies registry class 19 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\AinzSkinFile.myp\shell\open\command	AinzSkinSetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AinzSkinFile.myp	AinzSkinSetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AinzSkinFile.myp\shell	AinzSkinSetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\ModSkinLOL.exe\SupportedTypes	AinzSkinSetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.myp\OpenWithProgids\AinzSkinFile.myp	AinzSkinSetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AinzSkinFile.myp\DefaultIcon\ = "C:\\Program Files\\AinzSkin\\ModSkinLOL.exe,0"	AinzSkinSetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AinzSkinFile.myp\shell\open\command\ = "\"C:\\Program Files\\AinzSkin\\ModSkinLOL.exe\" \"%1\""	AinzSkinSetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\ModSkinLOL.exe\SupportedTypes\.myp	AinzSkinSetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.myp\OpenWithProgids	AinzSkinSetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AinzSkinFile.myp\shell\open\command	AinzSkinSetup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Applications\ModSkinLOL.exe\SupportedTypes	AinzSkinSetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications	AinzSkinSetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.myp	AinzSkinSetup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\AinzSkinFile.myp\DefaultIcon	AinzSkinSetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AinzSkinFile.myp\ = "AinzSkin File"	AinzSkinSetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AinzSkinFile.myp\shell\open	AinzSkinSetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\ModSkinLOL.exe	AinzSkinSetup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.myp\OpenWithProgids	AinzSkinSetup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\AinzSkinFile.myp	AinzSkinSetup.tmp

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
3456	AinzSkinSetup.tmp
3456	AinzSkinSetup.tmp
4512	powershell.exe
4512	powershell.exe
2620	powershell.exe
2620	powershell.exe
4540	ModSkinLOL.exe
4540	ModSkinLOL.exe
4540	ModSkinLOL.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4512	powershell.exe
Token: SeDebugPrivilege	2620	powershell.exe
Token: SeDebugPrivilege	4540	ModSkinLOL.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3456	AinzSkinSetup.tmp

Suspicious use of WriteProcessMemory 19 IoCs

description	pid	Process	procid_target
PID 996 wrote to memory of 3456	996	AinzSkinSetup.exe	82
PID 996 wrote to memory of 3456	996	AinzSkinSetup.exe	82
PID 996 wrote to memory of 3456	996	AinzSkinSetup.exe	82
PID 3456 wrote to memory of 4512	3456	AinzSkinSetup.tmp	87
PID 3456 wrote to memory of 4512	3456	AinzSkinSetup.tmp	87
PID 3456 wrote to memory of 4512	3456	AinzSkinSetup.tmp	87
PID 3456 wrote to memory of 2620	3456	AinzSkinSetup.tmp	91
PID 3456 wrote to memory of 2620	3456	AinzSkinSetup.tmp	91
PID 3456 wrote to memory of 2620	3456	AinzSkinSetup.tmp	91
PID 3456 wrote to memory of 4540	3456	AinzSkinSetup.tmp	95
PID 3456 wrote to memory of 4540	3456	AinzSkinSetup.tmp	95
PID 4540 wrote to memory of 4052	4540	ModSkinLOL.exe	98
PID 4540 wrote to memory of 4052	4540	ModSkinLOL.exe	98
PID 4052 wrote to memory of 3964	4052	cmd.exe	100
PID 4052 wrote to memory of 3964	4052	cmd.exe	100
PID 4540 wrote to memory of 1656	4540	ModSkinLOL.exe	101
PID 4540 wrote to memory of 1656	4540	ModSkinLOL.exe	101
PID 1656 wrote to memory of 3564	1656	cmd.exe	103
PID 1656 wrote to memory of 3564	1656	cmd.exe	103

C:\Users\Admin\AppData\Local\Temp\AinzSkinSetup.exe
"C:\Users\Admin\AppData\Local\Temp\AinzSkinSetup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:996
- C:\Users\Admin\AppData\Local\Temp\is-ICU0N.tmp\AinzSkinSetup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-ICU0N.tmp\AinzSkinSetup.tmp" /SL5="$F002E,64333340,787968,C:\Users\Admin\AppData\Local\Temp\AinzSkinSetup.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3456
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "&{$bytes = [System.IO.File]::ReadAllBytes('C:\Users\Public\Desktop\AinzSkin.lnk'); $bytes[0x15] = $bytes[0x15] -bor 0x20; [System.IO.File]::WriteAllBytes('C:\Users\Public\Desktop\AinzSkin.lnk', $bytes); }"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4512
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "&{$bytes = [System.IO.File]::ReadAllBytes('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AinzSkin.lnk'); $bytes[0x15] = $bytes[0x15] -bor 0x20; [System.IO.File]::WriteAllBytes('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AinzSkin.lnk', $bytes); }"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2620
- - C:\Program Files\AinzSkin\ModSkinLOL.exe
    "C:\Program Files\AinzSkin\ModSkinLOL.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4540
  - - C:\Windows\SYSTEM32\cmd.exe
      "cmd.exe" /C ""C:\Program Files\AinzSkin\data\mod-tools.exe" mkoverlay "C:\Program Files\AinzSkin\data\installed" "C:\Program Files\AinzSkin\data\profiles" --game:"" --mods:"Arcade Kai'Sa to Prestige KDA Kai'Sa/Bullet Angel Kai'Sa to Prestige KDA Kai'Sa/Chroma 145002 to Prestige KDA Kai'Sa/Chroma 145003 to Prestige KDA Kai'Sa/Chroma 145004 to Prestige KDA Kai'Sa/Chroma 145005 to Prestige KDA Kai'Sa/Chroma 145006 to Prestige KDA Kai'Sa/Chroma 145007 to Prestige KDA Kai'Sa/Chroma 145008 to Prestige KDA Kai'Sa/Chroma 145009 to Prestige KDA Kai'Sa/Chroma 145018 to Prestige KDA Kai'Sa/Chroma 145019 to Prestige KDA Kai'Sa/Chroma 145020 to Prestige KDA Kai'Sa/Chroma 145021 to Prestige KDA Kai'Sa/Chroma 145022 to Prestige KDA Kai'Sa/Chroma 145023 to Prestige KDA Kai'Sa/Chroma 145024 to Prestige KDA Kai'Sa/Chroma 145025 to Prestige KDA Kai'Sa/Chroma 145028 to Prestige KDA Kai'Sa/Chroma 145030 to Prestige KDA Kai'Sa/Chroma 145031 to Prestige KDA Kai'Sa/Chroma 145032 to Prestige KDA Kai'Sa/Chroma 145033 to Prestige KDA Kai'Sa/Chroma 145034 to Prestige KDA Kai'Sa/Chroma 145035 to Prestige KDA Kai'Sa/Chroma 145036 to Prestige KDA Kai'Sa/Chroma 145037 to Prestige KDA Kai'Sa/Chroma 145038 to Prestige KDA Kai'Sa/Chroma 145041 to Prestige KDA Kai'Sa/Chroma 145042 to Prestige KDA Kai'Sa/Chroma 145043 to Prestige KDA Kai'Sa/Chroma 145044 to Prestige KDA Kai'Sa/Chroma 145045 to Prestige KDA Kai'Sa/Chroma 145046 to Prestige KDA Kai'Sa/Chroma 145047 to Prestige KDA Kai'Sa/Chroma 145049 to Prestige KDA Kai'Sa/Chroma 145050 to Prestige KDA Kai'Sa/Chroma 145051 to Prestige KDA Kai'Sa/Chroma 145052 to Prestige KDA Kai'Sa/Chroma 145053 to Prestige KDA Kai'Sa/Chroma 145054 to Prestige KDA Kai'Sa/Chroma 145055 to Prestige KDA Kai'Sa/Chroma 145056 to Prestige KDA Kai'Sa/Chroma 145057 to Prestige KDA Kai'Sa/Chroma 145058 to Prestige KDA Kai'Sa/Chroma 145060 to Prestige KDA Kai'Sa/Chroma 145061 to Prestige KDA Kai'Sa/Chroma 145062 to Prestige KDA Kai'Sa/Chroma 145063 to Prestige KDA Kai'Sa/Chroma 145064 to Prestige KDA Kai'Sa/Chroma 145065 to Prestige KDA Kai'Sa/Chroma 145066 to Prestige KDA Kai'Sa/Chroma 145067 to Prestige KDA Kai'Sa/Chroma 145068 to Prestige KDA Kai'Sa/Heavenscale Kai'Sa to Prestige KDA Kai'Sa/iG Kai'Sa to Prestige KDA Kai'Sa/Inkshadow Kai'Sa to Prestige KDA Kai'Sa/Kai'Sa to Prestige KDA Kai'Sa/KDA ALL OUT Kai'Sa to Prestige KDA Kai'Sa/KDA Kai'Sa to Prestige KDA Kai'Sa/Lagoon Dragon Kai'Sa to Prestige KDA Kai'Sa/Prestige KDA ALL OUT Kai'Sa to Prestige KDA Kai'Sa/Prestige KDA Kai'Sa (2022) to Prestige KDA Kai'Sa/Star Guardian Kai'Sa to Prestige KDA Kai'Sa""
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4052
    - - C:\Program Files\AinzSkin\data\mod-tools.exe
        
        "C:\Program Files\AinzSkin\data\mod-tools.exe" mkoverlay "C:\Program Files\AinzSkin\data\installed" "C:\Program Files\AinzSkin\data\profiles" --game:"" --mods:"Arcade Kai'Sa to Prestige KDA Kai'Sa/Bullet Angel Kai'Sa to Prestige KDA Kai'Sa/Chroma 145002 to Prestige KDA Kai'Sa/Chroma 145003 to Prestige KDA Kai'Sa/Chroma 145004 to Prestige KDA Kai'Sa/Chroma 145005 to Prestige KDA Kai'Sa/Chroma 145006 to Prestige KDA Kai'Sa/Chroma 145007 to Prestige KDA Kai'Sa/Chroma 145008 to Prestige KDA Kai'Sa/Chroma 145009 to Prestige KDA Kai'Sa/Chroma 145018 to Prestige KDA Kai'Sa/Chroma 145019 to Prestige KDA Kai'Sa/Chroma 145020 to Prestige KDA Kai'Sa/Chroma 145021 to Prestige KDA Kai'Sa/Chroma 145022 to Prestige KDA Kai'Sa/Chroma 145023 to Prestige KDA Kai'Sa/Chroma 145024 to Prestige KDA Kai'Sa/Chroma 145025 to Prestige KDA Kai'Sa/Chroma 145028 to Prestige KDA Kai'Sa/Chroma 145030 to Prestige KDA Kai'Sa/Chroma 145031 to Prestige KDA Kai'Sa/Chroma 145032 to Prestige KDA Kai'Sa/Chroma 145033 to Prestige KDA Kai'Sa/Chroma 145034 to Prestige KDA Kai'Sa/Chroma 145035 to Prestige KDA Kai'Sa/Chroma 145036 to Prestige KDA Kai'Sa/Chroma 145037 to Prestige KDA Kai'Sa/Chroma 145038 to Prestige KDA Kai'Sa/Chroma 145041 to Prestige KDA Kai'Sa/Chroma 145042 to Prestige KDA Kai'Sa/Chroma 145043 to Prestige KDA Kai'Sa/Chroma 145044 to Prestige KDA Kai'Sa/Chroma 145045 to Prestige KDA Kai'Sa/Chroma 145046 to Prestige KDA Kai'Sa/Chroma 145047 to Prestige KDA Kai'Sa/Chroma 145049 to Prestige KDA Kai'Sa/Chroma 145050 to Prestige KDA Kai'Sa/Chroma 145051 to Prestige KDA Kai'Sa/Chroma 145052 to Prestige KDA Kai'Sa/Chroma 145053 to Prestige KDA Kai'Sa/Chroma 145054 to Prestige KDA Kai'Sa/Chroma 145055 to Prestige KDA Kai'Sa/Chroma 145056 to Prestige KDA Kai'Sa/Chroma 145057 to Prestige KDA Kai'Sa/Chroma 145058 to Prestige KDA Kai'Sa/Chroma 145060 to Prestige KDA Kai'Sa/Chroma 145061 to Prestige KDA Kai'Sa/Chroma 145062 to Prestige KDA Kai'Sa/Chroma 145063 to Prestige KDA Kai'Sa/Chroma 145064 to Prestige KDA Kai'Sa/Chroma 145065 to Prestige KDA Kai'Sa/Chroma 145066 to Prestige KDA Kai'Sa/Chroma 145067 to Prestige KDA Kai'Sa/Chroma 145068 to Prestige KDA Kai'Sa/Heavenscale Kai'Sa to Prestige KDA Kai'Sa/iG Kai'Sa to Prestige KDA Kai'Sa/Inkshadow Kai'Sa to Prestige KDA Kai'Sa/Kai'Sa to Prestige KDA Kai'Sa/KDA ALL OUT Kai'Sa to Prestige KDA Kai'Sa/KDA Kai'Sa to Prestige KDA Kai'Sa/Lagoon Dragon Kai'Sa to Prestige KDA Kai'Sa/Prestige KDA ALL OUT Kai'Sa to Prestige KDA Kai'Sa/Prestige KDA Kai'Sa (2022) to Prestige KDA Kai'Sa/Star Guardian Kai'Sa to Prestige KDA Kai'Sa"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3964
  - - C:\Windows\SYSTEM32\cmd.exe
      "cmd.exe" /C ""C:\Program Files\AinzSkin\data\mod-tools.exe" runoverlay "C:\Program Files\AinzSkin\data\profiles" "C:\Program Files\AinzSkin\data\config.ini""
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1656
    - - C:\Program Files\AinzSkin\data\mod-tools.exe
        
        "C:\Program Files\AinzSkin\data\mod-tools.exe" runoverlay "C:\Program Files\AinzSkin\data\profiles" "C:\Program Files\AinzSkin\data\config.ini"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\AinzSkin\ModSkinLOL.deps.json

Filesize
1KB

MD5
aa81bcbe24fff27a7256f66547395d92

SHA1
493d6ccdcf7b76b748e2f677db0912b7cd8aff20

SHA256
55062098b919618ee74662112ec885972d6148062c6cdf7cbf320cfe32922a70

SHA512
d6d20cac59628e8a806a14a977b6fae281736fe5f3fd2502c5adbff14a01cab1f87001b48a62aab3ad1e64ca5a28570becb13012f975dd9a39b6786a164c51f2

Download Submit
C:\Program Files\AinzSkin\ModSkinLOL.dll

Filesize
245KB

MD5
bc256ee88ab23bc6e5c35b10c6fbc7ca

SHA1
ff5d68dad83b50cf0a97927bbf2b36803df57ea1

SHA256
ff051478b6555cf2ff01b8dce32f88131f37403deb2263aaf7315cb32912de57

SHA512
d9eb2b980bbac418fd10b82e15735cd9406044597007cb893c993726f214b401151fbaebf2bf0fdb11f234de0fc1098a895ecede7c122a689c84d20458e70f84

Download Submit
C:\Program Files\AinzSkin\ModSkinLOL.exe

Filesize
212KB

MD5
2d098ca4899332692ba28f221969fafa

SHA1
2d25b1c68c22349cacdffc422eb6863d00783947

SHA256
86f6b342230ded80b29b6221a7990233232fa813ea6c0954ed5f18cc68d1c92b

SHA512
864be97fdd98ca61f24b44d58806c7308475f18e967bb613d064334fe0fe385056e54a0764e3bdff86bf1020316744252e00c8b5044add7cd834d57866f46d63

Download Submit
C:\Program Files\AinzSkin\ModSkinLOL.pdb

Filesize
43KB

MD5
c209cd95d7ec120bc76b02e05da4ad19

SHA1
0c1edac488af786b04a197e94426611801660cbe

SHA256
aa74ffb585be218d92a4be494ccdb148d06dda5be11c26c0f1294ea7e34a3573

SHA512
1089a264c6aeab3b7957381ba29e18d00fd3dac7e7d8e4f3d181eb5165c66b01ea463f7fe58b78c1cd302811d494294deb9c26fb2e81af5ae3a985661b0bd389

Download Submit
C:\Program Files\AinzSkin\ModSkinLOL.runtimeconfig.json

Filesize
266B

MD5
d720176a229e9d969b40fabeb0baf62e

SHA1
f2d8e97a6c6098a10dd80553eaaef7547ad32ba3

SHA256
321b4e463bbacd6113aa337511bdebf5e7356e9971744346b28424607c7b483a

SHA512
0844f9aca147014a68248c43310bf97e0a0a3679fc84650aa0a27aa09f70f56fa071c0ace1be80f0e33ce4dd3f865eae11e946d98d21af916dc1a7f945acaba0

Download Submit
C:\Program Files\AinzSkin\Newtonsoft.Json.dll

Filesize
695KB

MD5
adf3e3eecde20b7c9661e9c47106a14a

SHA1
f3130f7fd4b414b5aec04eb87ed800eb84dd2154

SHA256
22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07

SHA512
6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b

Download Submit
C:\Program Files\AinzSkin\data\champion-summary.json

Filesize
39KB

MD5
f4214fca2b5eda1b9aa04776340f5375

SHA1
aee343cfa916e17fc78c2245e0c8194006ed69e3

SHA256
82ad648a34759563da0e9470cac7eae6a7d5736447e596b8f05c1feb3dcc86e5

SHA512
0083657f59ec10b5a3af125b74ec761dcb63024b9ad35138f036785ef84f29b2b190ab20552f91e3cf8b0f84ca48bc8b991316682182baad22536fe7b4048dcc

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\1.png

Filesize
19KB

MD5
718f8a5057287055bff7729ca9f272c1

SHA1
ec1494d91cf06e26a8763581e597f87abbed8706

SHA256
82a8fe3f0d1e7fd2c7d4a4a8d64ce9787ca114da8d9deb5974078367f7f576d7

SHA512
55c4bc69445473a14aa2c5c86089c841b2dec5cd2d2d5ed64ee58e6b101b87c4c93c74764241d7b001831dd08d5181c441c0008bceb499f7a369ae6f61d20ec3

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\103.png

Filesize
18KB

MD5
b3fd0d94b2c6534112516b4f627f7af1

SHA1
268122e25785169d45db87736facd98d8de99202

SHA256
107226a854025a7138975021845bc569b872b4e735fe74af3dc3d9f684cc4a8f

SHA512
ec417df06359033da33744b4ed6d000aaf606cad84e6417e6fea2ccd45261241c0c64a9ab10a32f8a55f2c27c55cb702aec27ff17c40058f53ea5fc6db66e6a3

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\104.png

Filesize
18KB

MD5
839eb7d1426303e65005ce5348fca00d

SHA1
45b6811d6b8d1fa3271928b52305b85b2f8273db

SHA256
c3d53f8f8f5945f1f1daf446c7d465f560ce80fc2215289a646cea7e5f1f08e5

SHA512
d0895ea24375f6f2114a6172fb17f2a225948064ee5a9a25e08b6fd2ffd17e6b4f63c1394261799d5e1ad8da7aaf23b99dd49e66b9dc2acc009b5aa3dbdb30b7

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\105.png

Filesize
15KB

MD5
990f45bca4dce7e1f1fbd126bd63dd84

SHA1
932400ea8f67fa2d5dbabb0c9ec2ee6ec19208af

SHA256
036c071db8a101b0a5aa2fde97674c3bc4de82146ee537dd9a6a2cb249181667

SHA512
7ecec8fc28186f0ae2ed078395902ad55951e615562acd12464422bb61d690f50b641e977ed10f909cb041d2cc9f8bc395d63b97cc0b1a173828b4756ed7f100

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\114.png

Filesize
17KB

MD5
021d3dbf409641c5de3ec1aa8c9d2eae

SHA1
dea103dcbcafd944adaff3b772ec28d9be9d1c95

SHA256
88ccdebd8853b5e3cef8ae8b8f638bdfabd78fa38890f15cf08129372d3cd6bf

SHA512
7d4e79c730143ac401f9c7e12406c45bb7d2ff50f25727cee8e5a4ebad8fb671eabb799cc831b659300c3e155c73f9a67c082acd5c249f2b407b78fe915ea5cd

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\119.png

Filesize
16KB

MD5
7958e4097e12e375251a6c3ad63830b6

SHA1
a1fc34ea3df857525364268285a47107bfd9e462

SHA256
c9df94f0123d5922c5815a5c989142399b4329388208cd7152254f737a06f5ae

SHA512
fe745dd578b2cc4beff47cd2f3d7a45af9c6463ea4b1427888b46006b831489a22e45efabfca3a7adfffb64096359fe9d1c89fb4dafc0b0f40a6238829b55bea

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\12.png

Filesize
17KB

MD5
0086e965f92644618d3ab5b5685a788a

SHA1
523e40a61c927071c8732b967c5d65b458b1cc29

SHA256
0031284988b00f9cf830f9b0b530ee1d4615d717336bd9554e32b32f8eae8122

SHA512
1e6b042194715c2383a972a1b588b2133584043b26dd45eb3e37ece57e6e8e76be26e2e13411621e9e69d1503c01935ee1da71c43ae80447daf2cb894a247472

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\120.png

Filesize
18KB

MD5
0d608b288f2c8bd289635c647c14a364

SHA1
e463838f84c9aee546fd88d1e04827d2b9f37dd5

SHA256
8bf8f3301a890371af231d7e0cda62a299ea6537f34b32e061d63ff41cbc2ae1

SHA512
57e78b94086bd64e88bc708faa3522c70637e31a06a613cbcfdb7ef252d6f4712ed768e202a707f9be7f7a7c9138bc79f8b11a940c4b782cc0033566c1ed7a25

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\122.png

Filesize
17KB

MD5
d90f224fd6f51f772de5f2ac0e47c41e

SHA1
a06a5579277c1bcb295df517e58c6d98a943d124

SHA256
ba758ffa893e6f7c967edf6b64911843a48025024c9ba8b21b8f2bb232e76651

SHA512
c52e471f23b22c2940dc4867b4df5fb71f659098a45e6018940f1e80f34625cb498b6b7c7e5bc2b9625a18bd5339aa5384d99abc705a79f1fc2421b2dd2c4355

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\131.png

Filesize
13KB

MD5
cf56348c33a7503b8e4d8ead08a5b924

SHA1
be7eafe245a5f267e95f83e7763f522cffd33eab

SHA256
8a239df80325a8ba0f97a8273ae2a8642a66582fea967f5fbe45771499bb48cb

SHA512
631cc2563a3ee2cc5c6a3dfa65c4208e0b669da416f94065ada7ab8e097a93bc97e3adddedff659328f6ac98a40f45e3d8eeea4844dd836bc9a8bc31dc5f9748

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\136.png

Filesize
17KB

MD5
8e0590904f2208af5dd6e1f1eb3b949b

SHA1
d52340f9f7a5265cb046233d41ca6ffad801060d

SHA256
08a32128b3fe9df135e85c65431eb38597d1d5d67d0f444a85c17204fe6f979a

SHA512
05a59db196bc9a0663d9f53dfcf47491ebbde668654fbd00dc685725d57d427a49af70c8b08a2ec12164df841a8bc8800e9bc3a504468ed9efd5d1ee75f1b29d

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\150.png

Filesize
16KB

MD5
e9c553799df2db297afcb8bcfc715daf

SHA1
e68b9a9872efaba4d38c0bd942bdddf3c8b717ef

SHA256
fe097d85f95bbc368a1e604d2bec3cca659f57a55b2a8ffdefced01e96830cf7

SHA512
efcdb406f878d12d13fdf57d5e5d7d537f257f44b2815407f0248736a1dd59ae1f613f9097cf36bdbf95bf3f9a0c5fff72439ecddc2c17bfd2b97a967c46328f

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\164.png

Filesize
17KB

MD5
985146cb1fb2beef0affd8d5fadc7451

SHA1
7e431dd189e076d1812c01b7ff6e1cb7b08f7ec3

SHA256
8d5f3292eb0413ba40e1740bbac69aade753fa8c93f8ed674edbed6560f6b4e3

SHA512
a295d49d68c2e5198435a4fe81fc9ae9b2bdd155db238a0b16f08f32ce8f204791a844cab1259d720782599be3cbd641256c88ec0303435115e2db0e098dd973

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\166.png

Filesize
16KB

MD5
ae163bc3e6cc99a0e17f2dbfb1775cfb

SHA1
d3e8bf902d069cce8ad41d4fa88cc1f2b9a3c6bb

SHA256
4a668dae51bb6b50b228ac105d7f0177f2389be3d4072634d0fda82f42cc3b35

SHA512
4289bc1306aecb227defecd59b4a49f9ea056c6f2b9fccdbc9e827421a92cfef23d6d755df361f8d8773d23634ad8d51c2ddf28de91adadad834854c179c6cf2

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\200.png

Filesize
16KB

MD5
dd872e18af27979181be2063618644d0

SHA1
772b50892660ae0fe8b6b01b931475981123505c

SHA256
c29c9ec94f616f023b79ca043a13023d66624f99d5d07ce33854ee11cead3044

SHA512
20286115ec9debd2a7bd5919b16b04f79efdf719ed361d58585a76d5c37e85de48aafaa52ff23f3765d134a082e34e88298b1657ab3d75853a6fa634485b4fe8

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\201.png

Filesize
14KB

MD5
6929020f1fb06b15c88b1cc1d633ee28

SHA1
84b401760580208db752dc1e477693ef35e81e65

SHA256
ace198b61fb25cef4004121c6887de44483b3dd34343573fd2cd6001f50e2fa0

SHA512
5f0d1f604a2d92b3e6a66edf34fa31a7708766dfa09f71b9a712afa2eaa16267bbf72eeb0d590696107f2bafa4e44b93b60aed26243ca2c2a64d2ce2f77bcdc0

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\22.png

Filesize
20KB

MD5
4c292dfc73999728a4e0d2d339587781

SHA1
52fb89af4e7427b0d29be0cb958cb5b08e3c1f13

SHA256
4d85a00539749caad328e437d47a16e7ed2a2137e4a31313c546a2d167f99371

SHA512
a7bb86e9a5cef062babeca94c160ade75386343d80272ecc7c3c7b904a7a50e72b762ffce651a51fbfaa3a00cb3ad80f7b2eff2a72a6bcfc3dc7cd1bb4c19f18

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\233.png

Filesize
20KB

MD5
6d5591c27bdddca38bc927ca3a1b3d3f

SHA1
2414c8f82bfae9efb2e7430ddc0fb4cc94d48e5a

SHA256
7f27af29146fd828bc8a4e8ac62bfe24f45fe487975ac97c27328371a67dba51

SHA512
f38cbfbe714d60c132591f27d73eb110531afbc6b7d4867721f9d895097062fb395ed83585f17040d5015a4efd3732cc3a7a6767be3035ffcc4fab9fbaa5c2ad

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\245.png

Filesize
16KB

MD5
e70923738d7d0d6222b074ecba6bf848

SHA1
f73db18f87de0e5526a586910fa6d494b87a2a33

SHA256
4c7125546240c44f9412cd9350a659a53272f295e49bc169525c477aa715d4b6

SHA512
2797845112a2648081e3e8d7cc288ffc00f6a9be5b2d39e3d9b4bcd1d578a722d10c001dc86a473d64f31fea95ad08c65536074c9cdfaa13df0625ef1ade69f0

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\266.png

Filesize
16KB

MD5
df4f3e50d7a305a78b48e6e012679ac7

SHA1
7e0d2289062778dc968d7df13d405814c8fad242

SHA256
c0097cae1b3611568d04adf9ad25959300daf45f28c8b1dd999d04df43108f06

SHA512
adc60df3fd051137bef119e321ceb86d3af783651127822e82eab979c77805479e88eedb89d3ecd207cf67f093f0020bcc9ad909bf1b0765d53851f876289491

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\268.png

Filesize
15KB

MD5
baf32ee97457437ea20c42ba23003e0c

SHA1
5588a2ebd980305b03712ebad8df5e7cce5dc398

SHA256
9264bb82b1f6f9397d6b0fbc51a3be6592eaeabfa4f7768998fad3d70d986981

SHA512
a86b335c23f75df0ff7f414fcd56bf5799887b1d5560b7826aae11284ba5194c867c0f64a2a1ea8984ef60db1eb29fe4d3cae06273861153f6d27e7c497d10a1

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\28.png

Filesize
17KB

MD5
0ab8373722fdf007072bbf941a89c1a5

SHA1
6338ee21958f1fc4e9f7cc7b1a3fa441e1d09842

SHA256
8f0c94196bf528d805d6164216f2e80af4d585c106feb09af64c8d1c5c404d38

SHA512
87eeb5efa831a5f7e2d57307087dc71224928f78b7500db102a12e6642079073b6d0aaf5aac2d76775e9f4a7c9ce8ac0fa9dd0900db95a1b547de2a7ec7d9cfa

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\3.png

Filesize
14KB

MD5
3289fcf2c053adeab5ad5242a85a4838

SHA1
74bacd585d01e2918063d141677ba6c6babc5abf

SHA256
2d4c98d574ae866bd0e327d8a6f6d2ccf0cc8ca07fa67b61dc8bd49518dea45b

SHA512
9f1e8dde4fc2d41781314aa7128d6d67298986cfdb68aa902631cbcf6b5e1f90a3754d17a415fa42e530c5d8c82ca2f367453e01b3ac097696174a07b61b63f1

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\31.png

Filesize
20KB

MD5
a0de7979503cbce96f0fcbb9e8c3442e

SHA1
0c0865f4409cd9b42fdd2cd0d49fed1297aee858

SHA256
1b6231c68e4e52b65f7e8f96362a784020916e5fca7c609a34c535357490b4f6

SHA512
dc0aee0974869130d3a4664923933b93dc3c4e94284de80122a28945709373608fe378d04ac2e2afbc6d11e2c4d6f58d3601bd5aacee4b8b239dc5ce1935dcff

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\32.png

Filesize
14KB

MD5
51d804c0d88232b558e0117f5fbb8df5

SHA1
e393e8f4da35313f0dcc5d83183e749437a390c1

SHA256
c9177f3b4d416139d9dd5c5e33c6cc306fa9abc0d95344d775f9787f787ef5a4

SHA512
f5477123876699258f6cd11bdd0862c1581ba024196638576075346de29ad40a2665b20eaf6c543bd2a44f185e979b95852abeecda1c23e1f7fb41be29de5f9a

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\34.png

Filesize
16KB

MD5
d5776a511c640c362e31c942cf9089b7

SHA1
e55726de460c86570a50f39862a57bb6939cc8a8

SHA256
ad81797465521dc88c1cafd5f73c02d60477ed85cefc5ff865f8b25003c6e2b5

SHA512
2ef6c0abc45651f79aec22b5bdb8e9d34e500891b6f6d3844518689508671f4f1a2d2055d9d9689e2f478348a24febfc2529099dc3046e78cdf96544d810d20e

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\36.png

Filesize
20KB

MD5
ac7a96525fd18bdd00c0948e9f5320d4

SHA1
4d0697b633e45d31b7896e5c177a74178cc7c7de

SHA256
5eb8b3cd4fe256bf96df7ddf6865953b1e9133261652b8980234447b3271e3da

SHA512
cc0f6bdcacc9d935e40fd75c79fde513542b35682ba707d0700545f3c2faecaa46147ca9e1160708bf91b71d48a987a44fbae4f125ce422d20d20a2b4b5dbe5f

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\39.png

Filesize
18KB

MD5
0dd86d1480a8ac2f04c633d682242c5d

SHA1
fff795bbdeeb53acd2dd1a49ef010519bf0d8be2

SHA256
df8c011d7ed017bfafec2e2443b04921b9e76acd80189b6f49469b82d6f53e56

SHA512
240117f45ec85936c578147ec7c515b22b450300d755739340dbc22ce5cf51220ecfdf00ee68329c5ed6002e3e16d23c99c257198391610ba4ab2c77f062ce77

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\40.png

Filesize
17KB

MD5
3c0e532b88f181c04f52974040621b5a

SHA1
081f3aeb9fedd6a788123462e814da90c7f5ed6e

SHA256
3f50197b04523d60e5c064486cada230505cd9f66c254161423ccce024613c5d

SHA512
fbd5a7b86fcd2a4ce1bee8a8de3e7239cc87bf22d1fe5cf4d16ac4827a7412cca575fab55c31da0b3e27f36e9039cbd8bbc0d465ff5948a85153f5a2560fdffd

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\41.png

Filesize
18KB

MD5
a883aa766debde85880d23396be80b0b

SHA1
0bcb5a930e45f7bd2d2f5e16b6615645b89a44b2

SHA256
ad32887ff5f6e8212dad310bd728747fd3f0ba1cf3bd027219364c8625e59e81

SHA512
822630ab634aca589f66f1d56432108712d334c8ad8fe89b1f23f8d660bf5997862319f2ac153e820b983924d8e6bfe82bd76911ce364de6aaa0d521c8e842ad

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\42.png

Filesize
15KB

MD5
333a3cf69198e947cd5eca7d47d56726

SHA1
ffdbe864e51c897f45f915967beb02db1a1511c9

SHA256
7060cf4f3ae64ed85b76abaeb4c989c69a4be366f6fd0a4fb58df2aad2829a7c

SHA512
1cc9c7c4ceb5dd8c68d7b0bb74282c511093b29dacd88fdfa170923bd21c717a8bb03b6bdd4e7568675f1dddeedcf55dff74cfdb4e9a4dcda6227a9e8a635ad5

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\420.png

Filesize
16KB

MD5
ef45c70b83c9c93d8b10616300ebc404

SHA1
d06bd060843d097b834c8708f27b7d84db545724

SHA256
21ae9ce2d9ff86ad1b5cb685a99e2a2f210b84b2761835dd3c71a6014cdf84d4

SHA512
43bad53a18abe3833b763e18bf9ebedeb23e8f00e18d12401aed2989049decc246c28ba1f216f188a50b78d91bba7405627f193046263700174d41b47fb58ab5

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\427.png

Filesize
16KB

MD5
dedb397fd5fb9c50da2eafdb12a14ec3

SHA1
035176dd8f2a7376acfcade59fc7a016611c9766

SHA256
53d8d71d109cb737a1c8d14849804161fe60f92748f748ba3a11dc0f4081de82

SHA512
0d62026202a2e861bc71981fd749c74090b15d8b86bb15114eeaf343c5b5728dd950e1e9b628bdb499da105e963e80368652b720d5ca029184185b3e0a8c4be1

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\432.png

Filesize
19KB

MD5
7e4bfdcbf84e00a47c9b59ad065178b1

SHA1
1fe40dcb6b91457ec099f864b4ae76b5ff1fb76a

SHA256
96df8ab9629152794ed9beb3b09a2e3d7aa3898ea6495b9bf71e354610e0dcfe

SHA512
21bb2287aa34f357ad3530c2cf42b4aa8f7f3be8ce2057600ca89d7332427ca41667d65cec20bdd999cf0813412f9519935fedc6b89b0fe5b05fb565e00a14d4

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\51.png

Filesize
16KB

MD5
a8bc839a2c33defedb932ead0ede1d5f

SHA1
168278bc0e0ffb6f702ed3074bd160308dc859ac

SHA256
559b5bc505ea5e77e3d4cbcf3d2689b46596c7f31bcbe42ff9bb3a3fe23136cd

SHA512
6f744ca55cc564ff415ef477aa56556e020f678e8faa265f676c8298b004959238d68b5c2055fd3dac2ca4ea20d5f251f9b3b7833dfc7de375944025044dbe06

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\523.png

Filesize
16KB

MD5
7d5b68d880b1c7d7fee9ec5bc126e101

SHA1
86a6f8341ced198b193f446aaf84db2f366bf4db

SHA256
36f54b18fed5449205d71730665de5796df1791f868ffd02f641eaef0c0ffda3

SHA512
d551e9a40b53315d57beec96d5177811cd846ceff1bf976b2a33e2d53ff4ae463875f191a029d03bc328b70de26a575b188cc14d04ee0dcb6661923fe9d8524e

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\53.png

Filesize
19KB

MD5
b6f2e9817aae0cc81e9683a48aef44ae

SHA1
f292b0f98246b59d64e06061c4b8e4588e901d3e

SHA256
4c04871148a9db866c8809d6b6c8fedcb6e2e438e8c2bad9d41b1be9179bc335

SHA512
92b1caf13c80b9a2c76b38bd707d1a1e763c0deefebaebfae3915c8e3f56888d96231099b27b712119de888d30fa7383f04eb96ea4c5a82600797adfcb0ccca6

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\59.png

Filesize
17KB

MD5
1ea58740d3fa308f358fa6130df24272

SHA1
afe5395549938b9db8a2e1496b41f8cab05db3ec

SHA256
d06c0d9c574e42b580f16ee4218d1230d4e2b6caa0bf5024ff39f09dd13defd9

SHA512
607ab2506c25a6d8bed0d8300e07079e4d49f4da6cc86d52ad64ebcaf25fd4b80f07bf1bfec3a9ff2742ddebb39e743b5965f59f97859f3ed80046fea00e6a04

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\60.png

Filesize
18KB

MD5
5dc7ec04ae9f5c768be0412f47e25572

SHA1
e3a51a65159604aed9c134ed90dab161ab8b1303

SHA256
49981b4b57917d8f3a75ec7c106adcd7ed5fc0a79940ad4de44311f7845c3964

SHA512
c314b95b50c2fa19558648e104ae2e202576568924dd5dd957cd07842291f0d247e65a5d51223d3d9326b48bd35af3297a2bc53fcf4d5e2526a2f18de0ba3d59

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\63.png

Filesize
19KB

MD5
7aa667709a7ce82e45c459e3df2d160a

SHA1
107ea32e8ac44cf34ca57636d0534f930c1a23a9

SHA256
cc184bf9bbeacfd9a543cfb9fe573556b09dd0ca3fd92fe9a3ad887d56bef70f

SHA512
93efc29e28aae02fa0001a8b20c5306ff9b55e27f75a6f495c2f28d43e856fc98dbf9b4b9f43fc9cf123a6c0dd9223c9200639f78576015c5262e469873c99e7

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\69.png

Filesize
16KB

MD5
723076f895babdd840b0edd87efc57ea

SHA1
7041f75102bd3fadae87c5df44e3c2ab4278ba22

SHA256
5d89848a82051edc5ba0df7ce12dc15f2db95f09d9455b8b862362ca2574f31b

SHA512
a6a776c30aed9b962097e7fb0681e881c862d1ed93eb697825e3a5cee0bd1a0a9223b647d2fd68d981fec6e4a6efcccc2fdf2f1b26fa75ee03fdea3f9afb3ca9

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\74.png

Filesize
20KB

MD5
fde39f7fc210740c1c136b9d7af54de4

SHA1
5a57d4b411e4d9324685d4a3b62b791883b68549

SHA256
796ea4652f59b556cfb94dbedb54ced1ac7bf8e8bc4562985d1e52c2477b7f99

SHA512
ac63de4b53d415f2a2f1877068bbcf7233c3e51f011e379cf42b5a0a39a8ed5936ec1b8c852653b0cb29bfb477949a01680d4de8c9a087ba480420d341b29d90

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\79.png

Filesize
18KB

MD5
e7eb3fb357e71d7673434cef9ca1ffe2

SHA1
83c7d3889ef36706cd946062dc3c9171129c5c66

SHA256
55d4999721337dd49b968e07e026e7029629b7bffcc519929c8a38d83bdfca09

SHA512
d9f45132bd9c082acf429daa64c174ff5bdcad433154767e523613d35e3e8d9bd29a6313ac41570adedaa123f4b8553921c0a5a31a7e581c61b98730dd481231

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\81.png

Filesize
19KB

MD5
fc683afd720e24bd5ab33b9ebcc031be

SHA1
7df22caeb17e1156bd990ce17df663193d210460

SHA256
41cef3cf95d70f607aff7e589c59344da61d46717c2220785d5e208fd66fac13

SHA512
186214b5bcc53268cad8ced9dee971ff38c8e267a0e7df6679b17bb829b7181e7e11b619ddf834e4ca9901ec783ccda83aaee9a9809381cb4731346839a7c309

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\84.png

Filesize
17KB

MD5
254171517c5418e10285bba695dfa951

SHA1
d75a536165b600b0d16b57230a5bfc225d81a6ac

SHA256
d4ca58e67fa4124e2fa0f40690c3e13db6f4c4ef91d381019f12194b6ef488da

SHA512
ece2524bfd1635b99866e219394cadece043031d4a423ccc3987c16406153e4c0af3d51c69b8d4c80261b8124754c59875c15476e93fe2845d9b88deb12325e2

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\86.png

Filesize
19KB

MD5
4218db4d5d01bc4f98f32462e9977f8a

SHA1
74c820e91da3149ef25a4a26a6cd8819e9348958

SHA256
dc4606954c97b04dbb31441559c00e2ed181cf6ba120f5326a50385d06e1b38d

SHA512
4ee9df232950204b20da2bb887a9646ef2fdc6cabec9470977bec3bc8cb1da03b2c23cb4ed34fd4778f6640571d1b8d1bd14b9b43561d9a00d878b0551dd6bbb

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\887.png

Filesize
20KB

MD5
a7483c3b14ed866fecd8726a1046187b

SHA1
2984786eed01532334592e0179b785dc58896560

SHA256
71e48adc57783820ad3ca6a57d89307a61582edff24eb6e81a51b2b9f7ee40ff

SHA512
5d1397afca7a4f80632745bd3b293edd4615e503cd210cfb04db0019b8205cbfd96c2a03836083899972cc9bf47c9dd34609380daab46e3f59ccba0819a9232d

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\893.png

Filesize
20KB

MD5
cde623986453b4966d445ce2571d70d5

SHA1
e285facbf496c0fd25a12da1d6fcbda62c1d2bf0

SHA256
291432f665633ac123a151412762dcfe8087479e76d0767fdf2bad829f484e47

SHA512
87826308fb6e8f14c8fd220c075544db1e6aad14283c4da8323eab03f46eba490ade29e69945ea36e360ecc1fd22d546981cd528421517dc3323a91c1e24042d

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\9.png

Filesize
18KB

MD5
54c7541b3300d4887de096a2ed96a535

SHA1
2006ec67fa011f286ed031273ee4aff0077e19a5

SHA256
70c4ba84df693e5c3f8edb299823afa231adf2b81b58fb54117a534dc77910ff

SHA512
c2e42eb9c633bc4ae596fa6f02a42534ac48c5550f0e6ec15cddda2c2c5ea880289e17a7bc8ece9653607185ed84a8cef51972098a216e8976d5a65d3e741301

Download Submit
C:\Program Files\AinzSkin\data\champion_icons\910.png

Filesize
15KB

MD5
320b2a393a8a2f806508dbe48dacdae3

SHA1
396d2ae9c09385dcc46cc787ade3bee01f12484e

SHA256
f1c808125bd280176948ae9c678646f4b895e93678bd7dfc6a8a4dd2be905906

SHA512
0ffa04e8d06e5cc499c3315a7f2421d39f31131974b5175842c1c6d4a17e41a0b34625cdb9a39144f0a792d4a9fb131127cc6eca78bcb4e7c65c1fcb9abc9618

Download Submit
C:\Program Files\AinzSkin\data\skins.json

Filesize
5.2MB

MD5
8a9cc0fb4d4245f313682dc75df8482a

SHA1
a5475d767cbf4afed89d8ddbbc7f30c44a0db911

SHA256
ec14dc914b5b870784f71643900c8ea6df2219edbe087f52006535f0b045e210

SHA512
ea19b50efcec9e4e9ee4bea5b4b904f0c431b68c2e0dc9fc029503105712bef574fd7b6fed09191133e7d2ae8dcdde62fc2cdd5032025769c9599ec780c32d68

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AinzSkin.lnk

Filesize
884B

MD5
e209726d2410b0bc59e1994263cca40e

SHA1
b5eb7f6349d07fbee5fe9cb96eded1f002c56feb

SHA256
e4eb625e4f6696297200bba380a34facc4ab41d62e144f6253a5a7d20e66d0cd

SHA512
32f31a33d511fc687b8689093a212914e68145acfa5d2d7031c0b8cff4773655d91375001fed21c72f60e18b51a0337c75adcd7b2e2a0c56af32c030c006feec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
1KB

MD5
33b19d75aa77114216dbc23f43b195e3

SHA1
36a6c3975e619e0c5232aa4f5b7dc1fec9525535

SHA256
b23ced31b855e5a39c94afa1f9d55b023b8c40d4dc62143e0539c6916c12c9d2

SHA512
676fa2fd34878b75e5899197fe6826bb5604541aa468804bc9835bd3acabed2e6759878a8f1358955413818a51456816e90f149133828575a416c2a74fc7d821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
12KB

MD5
fe35942f371156eebc743833b16f5618

SHA1
d7d3b3979004d4a6fb8f08dcc3cc6a6d4f7b256c

SHA256
91775b3803211c748c98a2a180f62e6f6ed097d64a0e5e78a854164b432f78a9

SHA512
70b15aa2fc5dd76c6cdde6b969038dbce534d5a531eb8cb127245a9e05d867d554b8ad684fde5e6304cadd80858f5e445485c11ecf50f00adf720d434012bc93

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cs2psw05.cfi.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-ICU0N.tmp\AinzSkinSetup.tmp

Filesize
3.0MB

MD5
8c4ce44fe6caba65e2619d5c5133223a

SHA1
04e8791e6eb4e7ed466fe0362d2ff954baea30eb

SHA256
06c16957ce660e85ec172b15e2ae48ad03f639201c6aa27157d35b274d15c589

SHA512
e4c3e58e4e0ee3e97168c0f87be8e0c961a213c54632356fc732eabc52cddd5b14d70b9a7d6aee1a0f480a6c33dc04ac15a8a43b563fd5cc44783d9d7ad2b12d

Download Submit
C:\Users\Public\Desktop\AinzSkin.lnk

Filesize
872B

MD5
ff3f18e216ed47262f9ae33dbd5ef5d6

SHA1
2c7d9e69059dd1fbf258e51e16895b06ab504272

SHA256
b2ffc76378aeafbb253e8cac3e70e8fa83c3e7f98f2cbdfb9aba2ef68380a3c4

SHA512
05498fc59024d3468a52bebd5177362d857791670aa6a54bb543a8702476f0bbf1acab03ca6065bc314a9e807d5062018bdddd824775759fc3199092b196c7dc

Download Submit
memory/996-0-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/996-2-0x0000000000401000-0x00000000004A9000-memory.dmp

Filesize
672KB

Download
memory/996-507-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/996-439-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/2620-428-0x0000000005F80000-0x00000000062D4000-memory.dmp

Filesize
3.3MB

Download
memory/3456-476-0x0000000000400000-0x0000000000702000-memory.dmp

Filesize
3.0MB

Download
memory/3456-402-0x0000000000400000-0x0000000000702000-memory.dmp

Filesize
3.0MB

Download
memory/3456-6-0x0000000000400000-0x0000000000702000-memory.dmp

Filesize
3.0MB

Download
memory/4512-416-0x0000000005D80000-0x00000000060D4000-memory.dmp

Filesize
3.3MB

Download
memory/4512-398-0x000000007267E000-0x000000007267F000-memory.dmp

Filesize
4KB

Download
memory/4512-423-0x0000000072670000-0x0000000072E20000-memory.dmp

Filesize
7.7MB

Download
memory/4512-399-0x0000000004DB0000-0x0000000004DE6000-memory.dmp

Filesize
216KB

Download
memory/4512-401-0x0000000005500000-0x0000000005B28000-memory.dmp

Filesize
6.2MB

Download
memory/4512-400-0x0000000072670000-0x0000000072E20000-memory.dmp

Filesize
7.7MB

Download
memory/4512-403-0x00000000053A0000-0x00000000053C2000-memory.dmp

Filesize
136KB

Download
memory/4512-418-0x00000000063A0000-0x00000000063EC000-memory.dmp

Filesize
304KB

Download
memory/4512-417-0x0000000006360000-0x000000000637E000-memory.dmp

Filesize
120KB

Download
memory/4512-404-0x0000000072670000-0x0000000072E20000-memory.dmp

Filesize
7.7MB

Download
memory/4512-405-0x0000000005CA0000-0x0000000005D06000-memory.dmp

Filesize
408KB

Download
memory/4512-406-0x0000000005D10000-0x0000000005D76000-memory.dmp

Filesize
408KB

Download