Analysis

  • max time kernel
    99s
  • max time network
    107s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240319-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-04-2024 05:59

General

  • Target

    LockDownBrowser-2-0-7-06.exe

  • Size

    82.9MB

  • MD5

    8a6a2b52ee5fa8abb515ca82ce85e25f

  • SHA1

    d20911b21d20afd99e01830cfd7dcae61e5ac955

  • SHA256

    37a4b947815e4d4e6a0fc46caaa7ef02dc1738beafde4924be1fd427afe1c807

  • SHA512

    2cf75ac564d224e6fe7c9e3ea7522e0e49f6ad7718ed551d823ea8d5f297b8e6d6e5f3cf42a882973a6c45706454c4a80af56713abfab4c6ae56ecf3e92dcdbe

  • SSDEEP

    1572864:lZ1i8lQsHqguE+9VzRtciLCUFltyuD0+cm/jKFNOOdIpOgazTHaBr+vH6ful:fTr+3Nt0Ag+9jy08IpOL/6d+P6E

Score
4/10

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Program Files directory 64 IoCs
  • Executes dropped EXE 13 IoCs
  • Loads dropped DLL 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies registry class 13 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 17 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 26 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\LockDownBrowser-2-0-7-06.exe
    "C:\Users\Admin\AppData\Local\Temp\LockDownBrowser-2-0-7-06.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3392
    • C:\Users\Admin\AppData\Local\Temp\ldz902A\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\ldz902A\Setup.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:3640
      • C:\Users\Admin\AppData\Local\Temp\{EE625B55-6E7B-404E-B22E-DD0FC5FC22DB}\Setup.exe
        C:\Users\Admin\AppData\Local\Temp\{EE625B55-6E7B-404E-B22E-DD0FC5FC22DB}\Setup.exe -no_selfdeleter -IS_temp -media_path:"C:\Users\Admin\AppData\Local\Temp\ldz902A\" -tempdisk1folder:"C:\Users\Admin\AppData\Local\Temp\{EE625B55-6E7B-404E-B22E-DD0FC5FC22DB}\" -IS_OriginalLauncher:"C:\Users\Admin\AppData\Local\Temp\ldz902A\Setup.exe"
        3⤵
        • Drops file in Program Files directory
        • Executes dropped EXE
        • Loads dropped DLL
        • Modifies registry class
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:3728
        • C:\Users\Admin\AppData\Local\Temp\{9598FDF7-F493-47A9-92A8-B1E3449C4AD1}\ISBEW64.exe
          C:\Users\Admin\AppData\Local\Temp\{9598FDF7-F493-47A9-92A8-B1E3449C4AD1}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E911754A-4770-4A0B-B4E7-747B23FF3BA0}
          4⤵
          • Executes dropped EXE
          PID:4280
        • C:\Users\Admin\AppData\Local\Temp\{9598FDF7-F493-47A9-92A8-B1E3449C4AD1}\ISBEW64.exe
          C:\Users\Admin\AppData\Local\Temp\{9598FDF7-F493-47A9-92A8-B1E3449C4AD1}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CC114D0D-6622-443A-8F3F-A723492BB51A}
          4⤵
          • Executes dropped EXE
          PID:636
        • C:\Users\Admin\AppData\Local\Temp\{9598FDF7-F493-47A9-92A8-B1E3449C4AD1}\ISBEW64.exe
          C:\Users\Admin\AppData\Local\Temp\{9598FDF7-F493-47A9-92A8-B1E3449C4AD1}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E5046BE4-A908-4E25-8AE6-52B1131C1EAA}
          4⤵
          • Executes dropped EXE
          PID:3252
        • C:\Users\Admin\AppData\Local\Temp\{9598FDF7-F493-47A9-92A8-B1E3449C4AD1}\ISBEW64.exe
          C:\Users\Admin\AppData\Local\Temp\{9598FDF7-F493-47A9-92A8-B1E3449C4AD1}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{752E6307-9717-4560-BC3A-878E683F5FC2}
          4⤵
          • Executes dropped EXE
          PID:2532
        • C:\Users\Admin\AppData\Local\Temp\{9598FDF7-F493-47A9-92A8-B1E3449C4AD1}\ISBEW64.exe
          C:\Users\Admin\AppData\Local\Temp\{9598FDF7-F493-47A9-92A8-B1E3449C4AD1}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{60B9B2C1-E402-4104-9D97-93758AEA2934}
          4⤵
          • Executes dropped EXE
          PID:2636
        • C:\Users\Admin\AppData\Local\Temp\{9598FDF7-F493-47A9-92A8-B1E3449C4AD1}\ISBEW64.exe
          C:\Users\Admin\AppData\Local\Temp\{9598FDF7-F493-47A9-92A8-B1E3449C4AD1}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{447C8A4D-E0FC-4251-A4D8-14C69FBA6865}
          4⤵
          • Executes dropped EXE
          PID:3308
        • C:\Users\Admin\AppData\Local\Temp\{9598FDF7-F493-47A9-92A8-B1E3449C4AD1}\ISBEW64.exe
          C:\Users\Admin\AppData\Local\Temp\{9598FDF7-F493-47A9-92A8-B1E3449C4AD1}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{89EA7A3B-ACDC-4F15-9676-E988A4351E72}
          4⤵
          • Executes dropped EXE
          PID:4100
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    PID:4532
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3264 --field-trial-handle=3408,i,16599691418790971742,134777455365707676,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3472
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:5104
    • C:\Program Files (x86)\Respondus\LockDown Browser\LockDownBrowser.exe
      "C:\Program Files (x86)\Respondus\LockDown Browser\LockDownBrowser.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1284
      • C:\Program Files (x86)\Respondus\LockDown Browser\LdbRst10.exe
        "C:\Program Files (x86)\Respondus\LockDown Browser\LdbRst10.exe" /wa1284 /f21201:353814262
        2⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:5892
    • C:\Program Files (x86)\Respondus\LockDown Browser\LockDownBrowser.exe
      "C:\Program Files (x86)\Respondus\LockDown Browser\LockDownBrowser.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:6040
      • C:\Program Files (x86)\Respondus\LockDown Browser\LdbRst10.exe
        "C:\Program Files (x86)\Respondus\LockDown Browser\LdbRst10.exe" /wa6040 /f21201:353814262
        2⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:6140

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\InstallShield Installation Information\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}\setup.ini

      Filesize

      2KB

      MD5

      b4c1ccbb04dd81dcd3b9bb50ce7c8c26

      SHA1

      ec59c42207d02c3663063ea6276874b92ecadde4

      SHA256

      d30298c611a7f69c6b691e55565f8d4e7e8cb2519134bc245560855edbd66b64

      SHA512

      e09f6fafa2d4e80ec503f8d2a581267765c2bbb0337056b269b0f3283d29a2014e03e077314140437dd7b7231b1b59f22c3e765d013c3a94b09cd1b098b61cf7

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\0x0407.ini

      Filesize

      25KB

      MD5

      ac20509373836978506de9562f946fc1

      SHA1

      0991afacd2133750cf6029dd033b36cfe38a97ec

      SHA256

      e12ab3866c7dab7482e1d571d611549d4485a5d7dd808590d7717b028b9db38b

      SHA512

      73643f22fb0db6ca1f495b1b199bb78828463d1b525d7d5881e42a5bbdf858d16828890fe48b597795166387b0300b2c72cd562ca4c978dbaafceb1d19324aec

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\0x0409.ini

      Filesize

      21KB

      MD5

      a108f0030a2cda00405281014f897241

      SHA1

      d112325fa45664272b08ef5e8ff8c85382ebb991

      SHA256

      8b76df0ffc9a226b532b60936765b852b89780c6e475c152f7c320e085e43948

      SHA512

      d83894b039316c38915a789920758664257680dcb549a9b740cf5361addbee4d4a96a3ff2999b5d8acfb1d9336da055ec20012d29a9f83ee5459f103fbeec298

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\0x040a.ini

      Filesize

      24KB

      MD5

      d7159f79958f9611b3819b36aff90ea8

      SHA1

      f72828a19cbf4f377d3b04b1748be02aa1f24e54

      SHA256

      eaa331f29d1f99573aeb905c3db68e7616447b6060301428521d6a7d3e959b9d

      SHA512

      8fb57738a210a18bccd76c284c3aa0e3383abc363dbcf77b5cd4f16bad4871685711635a9d7471ed12238dcd1574ae90dc781fbc33d5de9a77364b196beecd22

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\0x0410.ini

      Filesize

      24KB

      MD5

      690787860d23f973b9c9b251aea27bbd

      SHA1

      f2adead82a3e9015949ad905be510c704c92906e

      SHA256

      f6c863a04c167583511a716e9d33a777fb922b82cb3eacb4f55d9e56b09b9a34

      SHA512

      3a9f2a4658751499c6b4744a7e13cdc6c7c47f8e8b83907e8157cebaffa41c4be75e28e65138eb51d946fc6a312f8b41b7b3b5e852c0c528c0638f1f70466db1

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\0x0416.ini

      Filesize

      23KB

      MD5

      c405c76cb3b7a2e0c838a44ea550fbac

      SHA1

      eb16e65ac7e67da6e093f1a847faf97479ad78c5

      SHA256

      a6828eb5ef5b5151109e9282eb4bcd533977a24b774ec6e906e639e2c639e762

      SHA512

      96cbef932ff801048ac2d39634484792d1257bb5fc900605d80f7d9e0dd0bb14b55c094c3a9ed8f85d1214d734c12b5e1af011ba01b7e53b3902116eb279f166

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\0x0c0c.ini

      Filesize

      25KB

      MD5

      c2951d952ce6ba8668f1528ba6c49da9

      SHA1

      c6c7772fb2c0f8ee165d7e610e6de6202cd6a3ef

      SHA256

      70a9cf2420c39154669040c2b52e1b57a7ec8888150a6dd01682bd83a45217aa

      SHA512

      149516c9f1d251acdf0e0bd4baf8fbe40671b89e849f360b51af6ddf03cadc3e10130a1ec5fecd42ffc36972fd60d0f29b07dfda8125cd25e46c0854b0568043

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\ISSetup.dll

      Filesize

      1.6MB

      MD5

      98685e49d2bb4ecc76f783fc7570d2a7

      SHA1

      5d997aabd7cbe3830a3d3fffddb8908f93b35ed7

      SHA256

      cee478602cea37e55905a34cb72f9b35c10ceb62e11184a5b9c2c29e87a2dcec

      SHA512

      80950fe515dd48be661f2514ba8fe15103aadc08c35dadc23e6a5658ac400cc846935c8b421a9f2faa7096f7ed92534003dc1a59e330e853312fea4af86c4862

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\LdbRst10.exe

      Filesize

      182KB

      MD5

      d46bbccb10afab1f4315f6b81ee5ac53

      SHA1

      e63051005b051ea32bf5ccf8fc3bf84bf2739b7a

      SHA256

      a364c12ab27f12052b688516dbd1e49cbe453f5b0b090b7439d419bbfa167695

      SHA512

      fc6b98f6b3d902dc581528eb74ce5f8395d101a2dec506a431b6da3711ee30330a934ec4b01aa0541da95af013951b0da5ae1fbdf8972c7883d2a4beba7b4ee7

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\LockDownBrowser.dll

      Filesize

      71KB

      MD5

      2e2f92c1804449b2129eaab0971afd63

      SHA1

      f9ee4f5bb17fc9ef6d6bc2a921c7f4f01777b498

      SHA256

      7397bb8ceced1601e4f3dd8c67a44102a8c32c6581536e1ceb01f25620b91d45

      SHA512

      635a33abe1f703c4eb43a741afee184d0811c5ed42da79a48fe49edbf6bc960ea08bb4a3d49c3de658a7a5d144f86aedb5f784e94eb40225392976c0c6a84937

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\LockDownBrowser.exe

      Filesize

      10.0MB

      MD5

      689f5c2c3a4838606a0c0fa8bfff893a

      SHA1

      e04c2d11ec1abb1545a6992c3a35264aac755bf4

      SHA256

      81e76c8650954d25c1860722785d8c419013f0e0e5a7b81e75d50f4ced43c60b

      SHA512

      8a189939bec8ceca54606596a907d94621a2aa7db494a6ac061a2cb67f6baf17b6f22b1d8669ef8bb87195205db65b4a71c2d442455dc2303696b14e86fc4d9a

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\LockDownBrowser.ico

      Filesize

      297KB

      MD5

      fa2b411a6017825b0ea023c0f08b8a82

      SHA1

      d612649ade8cb9186426919e5cdf8dca8e89e8b9

      SHA256

      116c5df02f09f00bb50aa54b2d9a518f0ec40ffcdce620dca1006b7d50530a07

      SHA512

      e53fe8c99e31fc3f157e8a385748a0d53c3c5114a5a41c075dd15aa30e4fc3b3eae713b7f98ba919bc3be71a8ebde7faa5f6567d28f7dc86d811812a8b36deee

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\cef.pak

      Filesize

      1.9MB

      MD5

      be4bddc2a6b4b4b1ae49d9ea0a388967

      SHA1

      0b963a9b8c04e7a148043ed1ea4fb87305d663eb

      SHA256

      4c40d36f08b3aedea01a43c0c2c48db29b638a1b62023ec7e635340c88399e2b

      SHA512

      80c6d879e6a145bb0b8e3fb920fc08f2b9003ac45edff6ffc6142b413b257ad8ba0fb2bd2d36b6a353a3acf1cb749cf579157a64047a3e7e27b3023ebae103f0

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\cef_100_percent.pak

      Filesize

      209KB

      MD5

      4996e460c4508aedf0bdb1e23a45e0bb

      SHA1

      6725e20d60b9e41dcfa9191d7f5740c7aff912c7

      SHA256

      cdd23dbfdc5eefd2f4c882471d3881b720dd295b8270724e59a0b95593e4a085

      SHA512

      ec20d414823c2657331d9ef5a29b8ad7469ebfa662317b2c8219daecf04e1aa3ae069846c69669c074cc7ff874fd1717aaab07a12aef0f64bd81a4e4dea67f5f

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\cef_200_percent.pak

      Filesize

      283KB

      MD5

      5b1dae18ae7137b5c4709ce4f6bfde84

      SHA1

      a91d50114e6f68fbfb73ee4b2603ee571d03a8b9

      SHA256

      5eb4c93e6faab060bbdd5a73735f2d60813afb7e35e1903d0ba3fc1aa550dca7

      SHA512

      3382d54e69505cc2e0c65ed3c871e6182b2c5b01c439766f40fee3e69c959e19094e98abe44e9c2d7a2b0d52ccb0fc3f7e21210ee1162aa633b04ff40c7c1cc2

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\cef_extensions.pak

      Filesize

      1.2MB

      MD5

      8f7e628f539bcf5861424037226d084a

      SHA1

      4041eb9da9f9323d83138e5a091cb4a7eb05ab34

      SHA256

      ffc9f0d335b196637624c37115dc0b08988a714229f3fc0508be3579d82a7f9f

      SHA512

      ec7845d3c09e4909f0e26d271c9010246af08b6ab830c49f1d4a9a50be90ba06450b08aa4c04e5d5499e9ef1bf84d9d5595a6668d3cec5c4a545397175436169

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\chrome_elf.dll

      Filesize

      857KB

      MD5

      baea0943d46391bc14295fd4d16ba053

      SHA1

      fb535a2a2a62b18f42aae8e165e58286a6961eb5

      SHA256

      24b9ba959d3992263e7c9bc366331d23fb98a74b8dc9f7d0b07cc1b99dd932cb

      SHA512

      44e1ef8f7a9a80d79f371e56fb2a2164878e248b47b70f5bdb36fa78812fa40c7161cb36a9b23b433770ad4349e9e68884348f054345423eb0e3bccceeb013a0

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\d3dcompiler_47.dll

      Filesize

      3.5MB

      MD5

      f76b1d2cd95385b21e61874761ddb53a

      SHA1

      e5219dc55dcd6b8643e3920ad21d0640fd714383

      SHA256

      8bf0eeb5081d8397e2f84f69449c8a80d9c0cdcf82bcef7a484309046adcb081

      SHA512

      8e5c6541bbea6730c4f6392439454f516d56ac9ad6d6b55336e52361cc80a35fbed8a90d58020d92fa4ac9fcfeee6c280754a9e99cc32bae901b00306626e69f

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\data1.cab

      Filesize

      1.7MB

      MD5

      256abeaa2809cc38dacb858beae585a6

      SHA1

      1016906479ce194274a915bdda8d14a6bfd5a724

      SHA256

      a6dbbded77fa1fdb4e9dfa0591e9d6494ced941a45f5555428de58cbf93e14bf

      SHA512

      2cfb637381ecfbc0f8011fe4568f43c4c7c2e32f068db748f099bb21e036f26ff0fd3cfcf391c250abdbaa9c8be89acee3746ce3d4c242b74f672ac68bedbc33

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\data1.hdr

      Filesize

      27KB

      MD5

      0306c3e17750fa6e5b857c943e4273bb

      SHA1

      c1a4268f6fa5427a282e2c778085c327905e4454

      SHA256

      e5e121f14bf723156c61e871541a5acde727a9417001c670ad0f5a952d0d1955

      SHA512

      73c7fb528c7eed17d265673b47e86bb167db4055965645e0303707414409ff88021cae4bfb58aefc490ace9acf7ed4f77a7baea06e349c8b7f71c80927e23cdd

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\icudtl.dat

      Filesize

      10.0MB

      MD5

      03205e5952ea7b803839ecfe3bb000d6

      SHA1

      74146e76e31fd1e75ae1c34fa8194bc291b34a40

      SHA256

      8364e6c6bf5744357199de0de3f6ba30846ccda70288675b75059e6fd52241f3

      SHA512

      badb8843f9a483329cc4f559f95bd07a8cc1f9383e0e67dddacf74e586541067ca452a7fc28b63dcd28edc434c3be8ddc733dcbad0e06d973dafc99242f0b192

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\id.txt

      Filesize

      9B

      MD5

      34f735c3599d92b81cdffe9d2fd7b871

      SHA1

      6489015caed3d7efb9850b8de1543d45c6df7350

      SHA256

      52a74a697a5058c9021e3f763dcf6ce5bf62e360c13a92565b4b4c88a70f3aca

      SHA512

      11a70b28a66e68881acc67ba0bb02c0e528a19f4c7deacb4cfbb59263e9b712d0856bea98bd7cf15138f17cebc73a5a1282cd2b05adf1cefb9fb340982b1a2f7

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\layout.bin

      Filesize

      2KB

      MD5

      ec6d19c851acbd08a675c2aa59b1a4b3

      SHA1

      ac31797cd9130872439faeff0138ca933a14b441

      SHA256

      9b0983de9cbf70ef4346453cfbff2549e2058d1c4fb1109342a2fa2aeebf2ff9

      SHA512

      486242e7795594ecd2e753d78752fcea65263511600b8d6782135ee4369a0e6b682e7ba81f128a897b275cc600d015668ff84ff80b6b37dad155975c1c0399a5

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\libEGL.dll

      Filesize

      320KB

      MD5

      b4b8e54694c5acefd95a7b4444fa4a23

      SHA1

      99738d9a9bf73a41b57b97579ebc90124b0baabd

      SHA256

      13ce25edc4d80a9fdd5153d15a1ccd8ade750c8a0933a7c156c8b318046e9c84

      SHA512

      034dad3fc2836a6edc11a6be7617d4ff40e12e77cfa8f1193ad339e8cee8a87311e82d50457b65faa66bff6c6694fa2d548cd9f12c0cb1b4557c9354b5313763

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\libGLESv2.dll

      Filesize

      5.3MB

      MD5

      eec7e70975c96053d0913ad9c46a8eb9

      SHA1

      a3edd42f8ee54c9162886453034f1b812c03dbf3

      SHA256

      e19fca4c0ac6ffac70ce115c1b128da4865e029883ab91c74d672ca41d48fa0a

      SHA512

      0ed2b9469cb20fd9452fefcf3b2bb8b68d763ed65174762c04efa3e26b38ddc4c2fba257b59f34098cf0ef500dbdead9c8dd4b5f2f8e6b16df8af2b0d16692f3

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\libcef.dll

      Filesize

      115.9MB

      MD5

      e5cee86083a33049f6ec9523d0bc37e2

      SHA1

      36831c731acbfb18062608a628a0ab1ed3aef537

      SHA256

      5414e22c13437dec94bd1b4c2c22fd189723d7e9e51ac7cec02caa03e416f8ab

      SHA512

      42fa857c364ce1fe766003105a867d46b9dd37d11f4449f02c169a90ee09710ff7ed49ae88aa948b1f25d47faf562711c7fa48ad23b839671727d4251030a165

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\locales\am.pak

      Filesize

      421KB

      MD5

      60ef8bc440d05f76578923ed44044178

      SHA1

      56cbc99e2938dd56228c6885a1a6efbf610dd56c

      SHA256

      b311457eedef8b2733400d115b82346a28d26502d1ee2d3cfd1302deffdef58d

      SHA512

      babd0a3905cf87d30df902a8070130a980589c8f2bafe3795913933021ea37a54f2f2898c4915b289f25a030569b82eace9883b04a00530cea039870bc41c033

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\locales\ar.pak

      Filesize

      443KB

      MD5

      93209dbb8f1982087fbb73df7256a617

      SHA1

      2b1e9d3476fb0b13bdde4187033f7db98a7dc9e3

      SHA256

      16782cee5dc883ec83f7b6a1c1dae488e82c97aa5c8924b083fd18c6dbb1247b

      SHA512

      466d492cf7f95213738737124a8266920c37c78ededa5b3b317a0302c8325f42eb30ea7d61eab13ca547f0ca04fd753c5045270a8c07e14544f254a93af0c345

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\locales\bg.pak

      Filesize

      477KB

      MD5

      e5f9d6a6d68c211148cc6340c4afcab6

      SHA1

      38ab435c262c47f405255241e28d203505b5c3d8

      SHA256

      7b3029a673c98bbdde5d7008842c31438f95482f8c2b460ad61e178c5fff9a81

      SHA512

      96b7151ecf94cfd58eb779a5b793c5814fb1f5e2e74a08862d9c4fe36e987b13640c6d80884f676919e951dc9dc2a7a3c85e188f4b21564a30e5b72da876203c

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\locales\bn.pak

      Filesize

      625KB

      MD5

      24b4f4a7ce60b3b0fd9b86e065278c6c

      SHA1

      c3ba46d9c3236438f2f0d63dd1663e0454480c61

      SHA256

      08199ca031c7f74d9a60c2362af8df26baf384841ea9e1cecdc96b7791563680

      SHA512

      9556d684a3527efab9b593c70b006be6165c4a9bb31956a7f34202910b512eff484560740f6e6809f14079d9d5b222dce22d778f7971a81ffcbf21dff00c5e48

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\locales\ca.pak

      Filesize

      295KB

      MD5

      b333882d88df597b5baad4b925a0e02a

      SHA1

      6d96b47ffddcffc86b679ac9b581bc92e8f63471

      SHA256

      6c18148c974cca322217655a02c3cfc2be8fc4d3da3fb1bed85533abae757b74

      SHA512

      18e36d5d173520057ba6442b371d9ca6b15fb77f501c562cb265f6beffd4f9f04898fb564d27ce964b665115c82a9f6ddc1c4e2144b759555c2b302d03d50b86

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\locales\cs.pak

      Filesize

      303KB

      MD5

      a439347900604188c8811c157382b8c3

      SHA1

      c55b15e277783cf8d3479e04d542a8affa6549be

      SHA256

      e794b77ce3380f28be2aaaec19d4bac8477790c9203f6647fa06b4ff1567c616

      SHA512

      aef704e9a35e45061d316b5294c9d705417a5fc4dc54a0ee6dee793cb3fece0e6bc4fc9b87f4765772f4c46492ecd31e00234fced8594af24b9d9a151b5643e7

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\locales\da.pak

      Filesize

      272KB

      MD5

      db6505cd6997cfadb2afeb489f44f606

      SHA1

      1ed71b0aab2a19b47f0ae7326b24e02c6f999b8e

      SHA256

      2263b4e9cb284d6ab2a704b1fe2b47cee244a8a8ebc26ecc52966e0794afcff5

      SHA512

      f34d05393c0dc740ed8217551c31cd435e4e2e6560d4e739d65cf80482c47f29d7b3c853e2a4a592f4ec837462655a1b95269f292d0fb2ddd1161cf070b79e0a

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\locales\de.pak

      Filesize

      294KB

      MD5

      9cc0941341c0b34344c3f4bdf2e99a8b

      SHA1

      a0238f89f2018d3eb833c3c2ae3a738150df8cfa

      SHA256

      c6bb16a27b5ae9ff0a3284f889bec1f9500194c301fa80f16aaa076197616e83

      SHA512

      f93d0f4cc576e269e719fc7bb8d3f9c2e0602ebb7057e30039cf79e250625c20bb8e9f3b8b4dde3bb89dde0bab21e78d0578abb5e7578e96d9d680296000384c

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\locales\el.pak

      Filesize

      524KB

      MD5

      0c76df09b466fa2a15b8078ff549bad9

      SHA1

      5fc6afa8d8cb364fd34148e4e304373bbbd1c871

      SHA256

      a7a1950b9146487a8b9bcec44651e27ba190c71397cd4ce386e40fbec787d041

      SHA512

      43f3d8efe9521a87b9a2cf48063119aa207f6b873ceb25d33c8a1479a36ac02b45b49ba4adeb6da6f55e9dd9f30903414ba8bb6de59015a714943685d69a9b93

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\locales\en-GB.pak

      Filesize

      240KB

      MD5

      885434da2990727be5fc25fa9cfdad51

      SHA1

      cdee14ab0432da1b3b47df54cb021c4335bccc9f

      SHA256

      f1fb7334b2d3f41b55d296e92b48d824f522a29cee586339227f721576653f82

      SHA512

      1b488e5decda1424d6cb0aa90edaaac04b4fd3b8533b37162ea627955e0f212252225ca99049c5a9b3f8b3e62c9ed3fc5037b651fa462af40b5236a503406ecd

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\locales\en-US.pak

      Filesize

      242KB

      MD5

      58a9125a8b155e4b39eb6c3aa0406e1d

      SHA1

      86c6b33e8b454e3e6d861f4dd5818d1a508f1dc0

      SHA256

      f9e993df87cad724a36be1efb4f5a71322c9de4d0885419e5f13ca564115dce7

      SHA512

      29eb93a8511f877f7c23113cff367a3d7854b087582bf943f82237b88756d0873fa37d9df66bdbcfa20b3bb701fcf974013d7c304427e7131cf9ca64a1a2a908

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\locales\es-419.pak

      Filesize

      290KB

      MD5

      3f2793d08759ac87e99999825e1af5aa

      SHA1

      b6d132d5e52d75f83b2d9fd4d44796d05ee30807

      SHA256

      99769be847d796cf888fec325bdd5602b7f8506a8878f34f0fccae43c8e438b7

      SHA512

      7a3d8b73a3150677ad9936074220f18f6531a4d633f90d33debc0c4d3a47fdcdfe9091076041f7b2845f5d1aced4d146daf9961bcdd3da3d415db38034c4ba91

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\locales\es.pak

      Filesize

      294KB

      MD5

      bf9604d751dbd0ac9f7ca9d89f18ae51

      SHA1

      19c8b62930373ee805cbce681b3a45dfcc11f5be

      SHA256

      41e2212f0dce51fbf46a738afb3827751fbd17f4512bdf8975f0e5a6b7fd954f

      SHA512

      f9683b8293f7f701368769401a498dc3988acf8efe8303c60a2700baff4217dd54eb9decd70f53a666da0a9b6a710b1aa88207eb67e064c34c20e012402fb5fb

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\locales\et.pak

      Filesize

      262KB

      MD5

      d5a9b62139150458da47cbb3c5b431ce

      SHA1

      a49f92596a444e0baacc9a64d7cfa62231a963f1

      SHA256

      b511bdb3a11176f5f028c731a8bd49db992a2a2b49552fbda73652201ed22e36

      SHA512

      ed6b2a82757a541c3b6c9eed52b9c28bebc80a8f65bb36eb02010b415121148b89fac62fd9d665525cab8f98db7d78f4967ed42d4bd2359ea3f3dbd09c6a97f1

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\locales\fa.pak

      Filesize

      423KB

      MD5

      0752ae5117ca87c82dc95664deae7ef3

      SHA1

      e02a724ecf193d2e80d33c080e732d5b09d6edf2

      SHA256

      42d1ab275dff1525eb1256505e7757546522e22a63c25880f1ea7ae27be91c48

      SHA512

      a11d07a70b08cbd1a575f5327fd23c5962f8c4dc619a428b18dbae6a91597e31708c56a8378debb8bf60eea758c51033f8e69e76f1448fe21a999f4fa56aa9c8

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\setup.exe

      Filesize

      928KB

      MD5

      d764c7d69c9d67b304de01052cfc4e33

      SHA1

      5dc50d74faa3b37fa00e4b0f67def30ecacea14a

      SHA256

      c5f228817c8011a6ad9d1dd8c0cd6b7707460c962e67a29e11dba51ddd4e6ca9

      SHA512

      5d62fede3923435e4b4660d0ead52aa1d2708b6844238095943b3e2cc90c7adfe9a944b34e355f67d1c804f67b887abc30f65ef601e60f34ab300414c41a58a1

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\setup.ini

      Filesize

      2KB

      MD5

      9a45e8c30335a4984a68fdfdc69d7264

      SHA1

      4c0067bd3b0bf30451c446b04de91d841fbbb63b

      SHA256

      690868c7f0a907df223fe60e69946bc9bec13b09cd2e474f3d3609e3f7a79fff

      SHA512

      5d85683bdf44054b3eaae6e3edd7448eb651fbe9dd6570a954e0e93bcdac31e254d6740b561e38068fa32d469b36f9baed687d97904cd679e62895e3edcc0814

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\setup.inx

      Filesize

      226KB

      MD5

      a3040b9981da9dfb94c46407abe3aee6

      SHA1

      794adb0d38e9458891bbd5cafd78554e0d1cd884

      SHA256

      36b2dec6fe121f8053a2887eebc5b7d8bde7f5cdae36a5de95ab10f25d406872

      SHA512

      9e17dd356b961c16c6ff68ae5ca2b74e92356a26ade07880b4d1950550a2f7d869dd632a9666b4d3c170fa68c583c57907ba8697bda021ced5c8687b1c4a71e3

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\snapshot_blob.bin

      Filesize

      50KB

      MD5

      0ca52edce843eb50ec816b0ecd92af92

      SHA1

      3612b412e48b917e4d641b509d41e034e127db05

      SHA256

      0d5d624a61f7ec9fe71e4ef7a76d9566fa8347302944cf60b4daef7bf970b2d9

      SHA512

      e690a7e76a0863a4ccad5b5740802666c639d5c0986313109be317699d3be1393018b43e72dc06a158cbbbf973e9130d21686aa1d1d575386dd48e50d3254d3c

    • C:\Users\Admin\AppData\Local\Temp\ldz902A\v8_context_snapshot.bin

      Filesize

      167KB

      MD5

      eb3a09a29f010b6e47247957c9b2b4e8

      SHA1

      fe7d1661db3f6ca810d88a4b96a737b131af17b6

      SHA256

      84f227279029feba97d90cfa98bbdf289bd89e6b356203dda6e3b55b4ca1733c

      SHA512

      4aeb7f8e691bc64ecb8e78cfd300ed05f368f4813d22b38959d8d02ddc028b12c1cc1375dafc1a363c814eb64872c81a1474d458976a5216950cfdd9b07b7b85

    • C:\Users\Admin\AppData\Local\Temp\{9598FDF7-F493-47A9-92A8-B1E3449C4AD1}\ISBEW64.exe

      Filesize

      178KB

      MD5

      fc6b38a02516871ec641e99fb18f448b

      SHA1

      58754875d6b068d4c076363531674b5d8164e4dc

      SHA256

      9419696372f4460fdc12d96ecd9f3a9489e9070ccab7cca4b51602c051db31bf

      SHA512

      9a9bb2ad036ba9141fe312ab199ed2eb75bb132f69cb4b1fe98f4daaac8698debf2f72fc4b7969b1386fd849ef857e6861f66b14cf43a86328cfbac3617c6b98

    • C:\Users\Admin\AppData\Local\Temp\{9598FDF7-F493-47A9-92A8-B1E3449C4AD1}\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}\DIFxData.ini

      Filesize

      84B

      MD5

      1eb6253dee328c2063ca12cf657be560

      SHA1

      46e01bcbb287873cf59c57b616189505d2bb1607

      SHA256

      6bc8b890884278599e4c0ca4095cefdf0f5394c5796012d169cc0933e03267a1

      SHA512

      7c573896abc86d899afbce720690454c06dbfafa97b69bc49b8e0ddec5590ce16f3cc1a30408314db7c4206aa95f5c684a6587ea2da033aecc4f70720fc6189e

    • C:\Users\Admin\AppData\Local\Temp\{9598FDF7-F493-47A9-92A8-B1E3449C4AD1}\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}\FontData.ini

      Filesize

      37B

      MD5

      8ce28395a49eb4ada962f828eca2f130

      SHA1

      270730e2969b8b03db2a08ba93dfe60cbfb36c5f

      SHA256

      a7e91b042ce33490353c00244c0420c383a837e73e6006837a60d3c174102932

      SHA512

      bb712043cddbe62b5bfdd79796299b0c4de0883a39f79cd006d3b04a1a2bed74b477df985f7a89b653e20cb719b94fa255fdaa0819a8c6180c338c01f39b8382

    • C:\Users\Admin\AppData\Local\Temp\{9598FDF7-F493-47A9-92A8-B1E3449C4AD1}\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}\_isres_0x0409.dll

      Filesize

      1.8MB

      MD5

      dc1c02e272c281895c0456f358f44378

      SHA1

      cd51129bacc9f463fc0fb09bb38eb89ece916fde

      SHA256

      3782f17b843b4cd3245c8b751d0c23b1b34a24a64a923dbcaefc26e65fe4f69d

      SHA512

      7d1dc68274f164b811acb08334857ab4c3c847daea1724a5ca9d2db7f1f4fff3009b9092fc8c5ccc64e2c8d57babe563d72b3c7f9f64de3c1c02c2e747ec48b5

    • C:\Users\Admin\AppData\Local\Temp\{9598FDF7-F493-47A9-92A8-B1E3449C4AD1}\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}\_isuser_0x0409.dll

      Filesize

      12KB

      MD5

      0381dc0105bca99d0d04c13629a86fc4

      SHA1

      a61514a6213c3a84aacc7243ff4338552f2afe96

      SHA256

      4a47eebb9d4ab0cb9d37551349747a8240304547bc0bd7387109d2f87a745dca

      SHA512

      3e58fbbb6af00fecd1a4806ad0c51e1afc00fe283cc26f63a4bdd3640a31f87dc6f7cf172800aa9025793c485cea520b30eb9b7d0d3820e36364764832ff4598

    • C:\Users\Admin\AppData\Local\Temp\{9598FDF7-F493-47A9-92A8-B1E3449C4AD1}\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}\isrt.dll

      Filesize

      426KB

      MD5

      6142481421bd6cc14addf9606137973d

      SHA1

      97686f0e3254c3c245256ae280ed36f9457b3ec2

      SHA256

      650d006d2f4f62d740d7d198f7febe201d3f528ee87e089958b5c4e1cd27e748

      SHA512

      21e9bd11b931ba20dff2e30f3301fcb5fc119535a6428c175224e1a35e6c6c14b07f437a416d53787635ce8b8aa042d4dc514beed41b0575591ae79c1592993b

    • C:\Users\Admin\AppData\Local\Temp\{9598FDF7-F493-47A9-92A8-B1E3449C4AD1}\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}\license.txt

      Filesize

      17KB

      MD5

      3f41f4a0a4003d6fb39124dd385a9152

      SHA1

      f12aa031a8c0c1a58cfa094afff28f025c7c4598

      SHA256

      862e48d9117eea5d72abb9c4d3806d922c60343a21ba2152da3884d146de1366

      SHA512

      2e281147e2ba59062fe4c7241027cd8b49025de4550528c410060ab7d7477cabb0c7560503f90008aa4424034f72c95c8ec41966b4c32a91dd3b336fb8fc4e29

    • memory/1284-564-0x0000000000490000-0x0000000000E88C00-memory.dmp

      Filesize

      10.0MB

    • memory/1284-563-0x0000000000490000-0x0000000000E88C00-memory.dmp

      Filesize

      10.0MB

    • memory/1284-567-0x0000000000490000-0x0000000000E88C00-memory.dmp

      Filesize

      10.0MB

    • memory/1284-584-0x0000000000490000-0x0000000000E88C00-memory.dmp

      Filesize

      10.0MB

    • memory/3728-212-0x0000000005B70000-0x0000000005D37000-memory.dmp

      Filesize

      1.8MB

    • memory/3728-246-0x0000000010000000-0x0000000010114000-memory.dmp

      Filesize

      1.1MB

    • memory/3728-207-0x00000000057B0000-0x00000000057B2000-memory.dmp

      Filesize

      8KB

    • memory/3728-206-0x0000000010000000-0x0000000010114000-memory.dmp

      Filesize

      1.1MB

    • memory/6040-585-0x0000000000490000-0x0000000000E88C00-memory.dmp

      Filesize

      10.0MB

    • memory/6040-586-0x0000000000490000-0x0000000000E88C00-memory.dmp

      Filesize

      10.0MB

    • memory/6040-587-0x0000000000490000-0x0000000000E88C00-memory.dmp

      Filesize

      10.0MB

    • memory/6040-593-0x0000000000490000-0x0000000000E88C00-memory.dmp

      Filesize

      10.0MB