hxxps://drive[.]google[.]com/drive/folders/1N3xQcWFogreFclGax17Zhs7C_tOyQ07I

Analysis

max time kernel
172s
max time network
168s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
09-08-2024 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1N3xQcWFogreFclGax17Zhs7C_tOyQ07I

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3188	LDDSetup.exe
4648	LDD.exe

Loads dropped DLL 11 IoCs

pid	Process
3188	LDDSetup.exe
3188	LDDSetup.exe
3188	LDDSetup.exe
3188	LDDSetup.exe
3188	LDDSetup.exe
3188	LDDSetup.exe
3188	LDDSetup.exe
3188	LDDSetup.exe
3188	LDDSetup.exe
3188	LDDSetup.exe
3188	LDDSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
4	drive.google.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\group_remove.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\outputHTML.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\stepCounter.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\viewMode_background.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Sound\sound_explosion.mp3	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\01_editmode.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\subTool_colorPalette.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\en-manual\images\Thumbs.db	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Sound\Abyss.mp3	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Sound\IA_drop.mp3	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\accept.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\group_sub.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\viewMode_explode.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\en-manual\images\Preferences.png	LDDSetup.exe
File opened for modification	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\UserPalettes.lif	LDD.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\buyTool_subtools.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\cancel.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\collapseDivider.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\subTool_colorPicker.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Sound\IA_pick-up.mp3	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\LDD.exe	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\preferences.ini	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\BGmode.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\checkPriceButton.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\group_create.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\groups.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\repeatLastStep.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\subTool_select_multiple.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Sound\IA_pause.mp3	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Assets.lif	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\undo.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\subTool_select_color.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\Toolbox.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\buyTool_remove.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\explode.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\header.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\panelBtn.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\subTool_invertSelect.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\subTool_paint.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\tool_selection.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\ldraw.xml	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\de-manual\images\colorfilter.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\en-manual\en-manual.html	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Sound\Desert.mp3	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\buy.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\viewMode.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\de-manual\images\searchField.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\en-manual\images\checkPrice.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Sound\sound_train.mp3	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\buyTool.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\colorPalette.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\hingeTool02.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\common.css	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\tool_hinge.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\hingeTool01.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\subTool_decorationTool.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\subTool_hingePitchRollYaw.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\tool_clone.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Sound\IA_scroll.wav	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\subTool_select_single.png	LDDSetup.exe
File opened for modification	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Assets.lif	LDD.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\camControl02.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\save.png	LDDSetup.exe
File created	C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Help\common\subTool_select_connected.png	LDDSetup.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\LDDSetup.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LDDSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LDD.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x000100000002abbc-508.dat	nsis_installer_1
behavioral1/files/0x000100000002abbc-508.dat	nsis_installer_2

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133676409447444570"	chrome.exe

Modifies registry class 59 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	LDD.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	LDD.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.lxfml	LDDSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LDD_LXFML\DefaultIcon	LDDSetup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\NodeSlot = "6"	LDD.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	LDD.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	LDD.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LDD_LXFML	LDDSetup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	LDD.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0 = 54003100000000000959b40c10004d6f64656c7300003e0009000400efbe0959b40c0959b40c2e000000c8ab02000000030000000000000000000000000000002b6628004d006f00640065006c007300000016000000	LDD.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	LDD.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	LDD.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	LDD.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	LDD.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LDD_LXF\shell\open\command	LDDSetup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = 00000000ffffffff	LDD.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000100000000000000ffffffff	LDD.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	LDD.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LDD_LXFML\ = "Lego Digital Designer LXFML Model File"	LDDSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	LDD.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 = 14002e80922b16d365937a46956b92703aca08af0000	LDD.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0	LDD.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.lxfml\ = "LDD_LXFML"	LDDSetup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	LDD.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\MRUListEx = 00000000ffffffff	LDD.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\MRUListEx = ffffffff	LDD.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	LDD.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LDD_LXF	LDDSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	LDD.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0	LDD.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	LDD.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LDD_LXFML\DefaultIcon\ = "C:\\Program Files (x86)\\LEGO Company\\LEGO Digital Designer\\LDD.exe,1"	LDDSetup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	LDD.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	LDD.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LDD_LXF\ = "Lego Digital Designer LXF Model File"	LDDSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LDD_LXF\shell\open\command\ = "\"C:\\Program Files (x86)\\LEGO Company\\LEGO Digital Designer\\LDD.exe\" -open \"%1\""	LDDSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LDD_LXFML\shell\open	LDDSetup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	LDD.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Documents"	LDD.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LDD_LXF\DefaultIcon\ = "C:\\Program Files (x86)\\LEGO Company\\LEGO Digital Designer\\LDD.exe,1"	LDDSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LDD_LXF\shell\ = "open"	LDDSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LDD_LXFML\shell	LDDSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	LDD.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.lxf	LDDSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.lxf\ = "LDD_LXF"	LDDSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	LDD.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LDD_LXF\shell\open	LDDSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LDD_LXFML\shell\open\command	LDDSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LDD_LXF\shell	LDDSetup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	LDD.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	LDD.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0 = 66003100000000000959b40c10004c45474f43527e3100004e0009000400efbe0959b40c0959b40c2e00000085a102000000030000000000000000000000000000002b6628004c00450047004f0020004300720065006100740069006f006e007300000018000000	LDD.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	LDD.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	LDD.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LDD_LXFML\shell\ = "open"	LDDSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LDD_LXFML\shell\open\command\ = "\"C:\\Program Files (x86)\\LEGO Company\\LEGO Digital Designer\\LDD.exe\" -open \"%1\""	LDDSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	LDD.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LDD_LXF\DefaultIcon	LDDSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2	LDD.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\assets.lif.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\LDDSetup.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3200	chrome.exe
3200	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3188	LDDSetup.exe
4648	LDD.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3200 wrote to memory of 4940	3200	chrome.exe	80
PID 3200 wrote to memory of 4940	3200	chrome.exe	80
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 4852	3200	chrome.exe	82
PID 3200 wrote to memory of 1400	3200	chrome.exe	83
PID 3200 wrote to memory of 1400	3200	chrome.exe	83
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84
PID 3200 wrote to memory of 2652	3200	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/drive/folders/1N3xQcWFogreFclGax17Zhs7C_tOyQ07I
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff86172cc40,0x7ff86172cc4c,0x7ff86172cc58
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1852,i,13064664070249799630,4250463381343577954,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1872,i,13064664070249799630,4250463381343577954,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2040 /prefetch:3
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,13064664070249799630,4250463381343577954,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2284 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,13064664070249799630,4250463381343577954,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,13064664070249799630,4250463381343577954,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4528,i,13064664070249799630,4250463381343577954,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4568 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5032,i,13064664070249799630,4250463381343577954,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5044,i,13064664070249799630,4250463381343577954,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=212,i,13064664070249799630,4250463381343577954,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5244,i,13064664070249799630,4250463381343577954,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4836,i,13064664070249799630,4250463381343577954,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5020,i,13064664070249799630,4250463381343577954,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  - NTFS ADS
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5048,i,13064664070249799630,4250463381343577954,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=988 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5116

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1248

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2028

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1248

C:\Users\Admin\Downloads\LDDSetup.exe
"C:\Users\Admin\Downloads\LDDSetup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3188

C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\LDD.exe
"C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\LDD.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4648

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000468 0x000000000000047C
1⤵
PID:2056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\LDD.exe

Filesize
8.0MB

MD5
0931792f64a9476d81e2ed4b70604ab5

SHA1
30ab7d2bbcfaad57615651c2f0c4ac447810fa0b

SHA256
19dca5d204636764eb8de33c6debb486518437ca2ffd757b8de7968e6657dfe6

SHA512
0f498778f9d876decbc3732dcd7dfc84f1b41d950adac367f7ebbfeee24409f39a437e85222c7caa31a4e0e25b9a16fdd901c7d43bc76cb877fbe1b7903ee08a

Download Submit
C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\RL278-1000.lic

Filesize
2KB

MD5
9c5680972e898aa8af502397e3ddd66c

SHA1
a33ca41e5be475c9626e3d4321d3c3ec83738d8c

SHA256
ffaa9e68bfe2075e29558de2360d9a7ce2d36d7a06062784f74a5b83e3020a73

SHA512
ae74c8407daa70d4099e0f2f352e7f41ea582a7e7401659707e304d7da136fc404e94a85c472f2b540c86e8be987160f8e746ce4351bd0d593e81564d54831ac

Download Submit
C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Sound\IA_drop.mp3

Filesize
3KB

MD5
83e49b45a4d02d87c1e0d3e0ea6deac9

SHA1
70291fc420a5f125808e483201aaf8cd06d6536f

SHA256
69a0b92c950343ae3adedbb411f7c5e0f2ce62ea61716198165f3da8aad7e976

SHA512
793ef6bef9513885970353761422c75373ea175f44fcc694427e26a2a1196178bb395a0c7faf956c8b6b65919519fae4ceb441a664f6ef3ac94fdd659b66e6f2

Download Submit
C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Sound\IA_mouseclick.mp3

Filesize
2KB

MD5
2b9119762cf40ab2fef873e59087705b

SHA1
c7b4466dc3b5d29a5751095a292129fc4f93ba61

SHA256
9a851c5d5610ae78aacb3a054558a61414af2a2cbfc20bc21770c3b9edf17a1f

SHA512
c3b0d9726c9eb42b3678eda5685bddb259d2b7df1cd89750154dc3775f32b06682f2d78882276aac8c14713ee15080439e30e3077a71391e800634a85edfdac5

Download Submit
C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Sound\IA_pause.mp3

Filesize
9KB

MD5
440b278b7a1b53656278997217061e5c

SHA1
e21f1216b8c79bbb4d01c870194959eeba212490

SHA256
338591167627caf7800afc28ac2c6d07b198c97c9b718f1f65ce3e4ceaf37953

SHA512
049fd609c765e2dcaa6b464267f3dce1caad7ad6cd3edfd7ff5b2f1a1996ab900dbdaa0db004cf02674672e487f2720c98a5801fd421e5670dff63196865f86a

Download Submit
C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Sound\IA_pick-up.mp3

Filesize
11KB

MD5
8e785bffb7d2bc9adfd047871577b8ad

SHA1
0521093ffccc04e2bf56b7c625454ad12e357716

SHA256
e491aefabca2dbe0370710488b11458b16ca7d11d7e0589340c6a35298f100fa

SHA512
cbc6cb5d437ea42a4350f606b2e1ace39963e3e2cd73afd056f27ac84b69f7e1246b91d59ed9002bf3aca59d196542c6dd57e8fc93acf9c0ffa863ff94717538

Download Submit
C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Sound\IA_scroll.wav

Filesize
18KB

MD5
1275d198ff1e8cc5246b985a46706960

SHA1
95b83c7123c8a87cd8e966f879c92a5982d1a8ca

SHA256
de49173a7ddcfe5700c4f5e5f30fc9d135269a4dec5003623af073751460a1ec

SHA512
d3024508fd3aabdd128266768eb1c10b1c1b6c5cffdf30f1727e6f9861eb61cccdc8ff047e0f1f11f9e54774c3adcb778d5c387400bef0b92c5bf8928e16fecf

Download Submit
C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Sound\sound_explosion.mp3

Filesize
77KB

MD5
c866820e329af6599ace71362b20e3d7

SHA1
3c637134d39822fdcb1de3b847b834dfbb9bb4e1

SHA256
346f51d6d8c32f2c8cc4d2b90fdb7295a4facbd452e48fc093353d93e153fca9

SHA512
16d91f742106f206c86163aa69e8aaaea2ed60cfb9fc11a8918435d5d1ceac2ceaf0df51d15c6a01c3f33f166b1c49324774c2f17ff32307368395fa6f74ae87

Download Submit
C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\Uninstall.exe

Filesize
132KB

MD5
82869bdd9b472f6a760fa78c19efa345

SHA1
afbad050db5e89813179a0e4f60b7b9321f32edc

SHA256
a669c66fee50850e8969cfa2983fdb4f1caf781c9e21e3057371fa227d100f67

SHA512
aaded34b15f347f128d63495cc8db6378225409a1235a2edb00ca73a74ad137463b8b4ac04fe1845ac25983f9f8b8e448482c9627df53191166ed37134f60a33

Download Submit
C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\preferences.ini

Filesize
11B

MD5
07a0d4dfc7fba14d52025577270bbe9c

SHA1
70537f6e7d211f310717c27ce39ddefa605ae316

SHA256
0c9dbab264861da7904ff1e5a2c2684782633e6bd8a24ef137f5091fb65dba75

SHA512
68a291ec2fd75fc89b853beb1fa24181048ec8965832081c83ce390e8fa58e77d1bc086c55d0e8a49f725ac3c7a3c769c187060683c87e0bd011b77e1c8bb0fc

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5369fe971a3214ebc71b808c94df0350

SHA1
83f001f856b68594755ceadc92add6f92c4eaeba

SHA256
388fdff29ae400190f92cadb2c27c53cb03124a1ed20af0f1601b4c5e6ab0803

SHA512
3a69f6ae065189444db32c288ed5bc7458aa60325cb461b7db3e3b1cfc3912466a17c845f8bf9aa32526b2b17663c6f9e04f948e7ed0ecaea6f07218648e4f44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5cf26f2e0f213ef0cfc24c334d77bd64

SHA1
f2f939ca3d851ccce5cb4062e25816b586df3d78

SHA256
825a2da41c3193e7e2188aa1b86b95e734a8c8cc7fc918f49fc0ded97b532e4b

SHA512
4e8269ce2b5f9c8029652ae366b6f4f79614128671cab91a70f8bce9a75185e165afdc8a8d38ea65c33f07cd4df02efec1b517277c5506374867771ee8a1597f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
d5e13fb59a1a037b4a314ce0d60fea68

SHA1
353a30bd42b41c09d8c3f9a4f8b33f2626942acb

SHA256
6640535e90a1cce3c3b629d9c1b305081e8eeec8800d543426bd425767549585

SHA512
346e93b7743f34e5ed899de1c213c59f83d5d472c44e04e07f68beb5ab3783028bc7f9ab0ac041235c432c79cc45aacebbe649facf4bc6f58a36114c5d1241a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
33ffa750e0b4e2e4616995dd0814a2ee

SHA1
21aad3f68c4b53a0f179e86ba8b4f8dcc03dcf2d

SHA256
b7321a837729b468f9ae82cccca60ef7099cdbcada484fde297a26c30ddee1aa

SHA512
bafbef6b156e226ec239ec18c0fb0a15a9b3f4d01ac5cd1a1973f90368afabc627092464b3da66a28f572eac530796adda388545d7c826a5957eb2f5463ebb9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
26c2479706ca8e50be16b736b45f049a

SHA1
20ff89a849c46e951d250a16e0a7ee7ef0089557

SHA256
0182d57e07ec058a8d74b9c15569f8c4e626569a4137449ed06b0c7ee22dcbb6

SHA512
2671af9748f2092ee4fac7b86dcc7908b2844adf8dcbc8c0856a0597a5ad199e2c3bc45af394ca36aa0cd47100b90ffb787172283963bef17b7f14f42850b534

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b399ff452f6987395a421a4604f1ceeb

SHA1
a313c19ef1f461f5224964a195697541ac6067fe

SHA256
c1d0904e93a70e8f189e6e720882c7b57a4e46632455710cac8ffefeb8d18270

SHA512
73be444dcd0d87ef5c3b87649c1d437ad7bd48cfa075426ecdb92588164f1b299671817680aa3eeb8380e59ebcda388dd647a84f9383d2ed65bdbd7413f9f201

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
628d187086d7a070905d51a8e7c91a5f

SHA1
49a2df69120edab77e8f14a72fccec9d16e54970

SHA256
ab185ef4965ed012619d4e2790fe0c1c47f2746b98603a7db0bdb29013b38577

SHA512
1cad8e937dee895afddc608f53965d80dd26538b40f5f9394abd471792ae3e29f576be1ebf37054e5a545de23ea00b718c1e0e00c89297230e2661f5c70dccf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a51fb7315638007a491da82d518e74cf

SHA1
ba77db5ea7175a2932c89ab851eb289cd4c6b821

SHA256
d90ae6a1002cd57ebd56c5440e17dc1ec57212a8995e2e6da4188d4ef8a2bbfa

SHA512
e867e694f0a35c2fbfe0ffd01475afd5405f1817162525c7b422439efb013f968de180abdc824407acb5a3c515aabd953b8f9a07119a001c28025a221b0450d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
625eed35563e7be5d27189e5c3ea7ded

SHA1
de43c970b4700f9be5bb878b010ca15e14e73b1d

SHA256
a639e6ed649cfb0d8e21dfaf80d6c7e7e96eaedeac853d7bc939ce6c24108c27

SHA512
cca8876c84a5c5528f2260903fce0a4757b70b28e406d142e55c9f54d35e1854b84601474bdf6bff444e05a44073ba05bc32f30e9ff0c98101c9c2f69cc0f6cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5677dc23b011a0c8cbee882e772b3f49

SHA1
2baf081d9ce65da84aa03c9eecf9fcc190827975

SHA256
e87351de29ae7927f62e21f1d92c256ebf73a59bc82420c49ee9eb518563ba91

SHA512
7b09e1d7ebb805515eace1d468869b183a98188745a91d3ac6043b3a9cb60ece7561e1346ff60fe20b045dec6e8af8f87f8725fbdf6b300208b76be1c71712c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b9591762f6c26f9213da0e7ddfbe1c2e

SHA1
927ac37d27f3e4f0ca7505fcd2ae1c464292cc76

SHA256
8c36367bec7fc71126c5c6568f855b2dd6a5b9a510e0cfd08ce68bc332e85a3e

SHA512
c4463a3bc3291c7f347988032ecdbce91b30563f96cdfcde9dfa4a3f4d7f41e8e50f27ca9460ee69f97e8df462ba80948d3b9f85c46be037a98cbc47d690d43b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
42e6fe91c19f600b5c91a2ae22d7dc69

SHA1
3262bea0fce5dbeb45eb277f5de6b076eee6e5a1

SHA256
1d042ce040e6453332fae1941497e1228029f9e5462595e581f3c63782f29f9c

SHA512
295249d49aa3811c24a69831b89820544ffbd266ade0df8df595b1c51b736d1a5776a1a42731d3296c2fc15f4e17d9a2485afb5057d91a7d7f76097490112e08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
12dc569ef21f7cd6ada6c312ae8d9bf3

SHA1
495b466f08ca44bc800e63a5ac57a22e7f87468d

SHA256
5e28b98eb2b69c9b5e23166d0e032b67d69c7327f5af6d0c4043cf387c23bd01

SHA512
233b33a4764661e3d106f7349014279c4fc48e549c506125dc5967636541a5b306a97eda6164c6b1ef29baf1f593b8950e67558f6961cf43543095680bf9be88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
70a7097dbf05baa72fe2ede762d658da

SHA1
ae9e4783169e7cc024ec4e5b94fdf8d3a21118ea

SHA256
983a824a2cfe3db64b2890185d1abf96eec9e7ecc5cb5800ee6f4cfa721a0ef6

SHA512
2a6865a3d5a195806eaa61d315d42644396b928cb596499cf6c961f66b7e58516d8fa7842269cede09cd549ec1b0732d26563604ed736e8fb7f370e1fddfa392

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
db80df0bac47b6e5699ad884712aaf1e

SHA1
7363d8f727955b805d8fb2c90237229fefb7e8be

SHA256
0fe3a0b2e6fa5dc2dc18883783229558887a70c3942d2cd1617ec300fd88b846

SHA512
7530807ec89ccc34bf6177845fef31f329ec355861ee76cd525f5a7d91748d4408c4d446265e146f6d74ca3f51979d873aa69ce08900ae3680101d39a3472c13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a872991a4de7149ad41e38071894d054

SHA1
c505251421512e339b64f053cfba1a123fe9b18a

SHA256
58a4078be0c5a44fec310761b986e1d840c42aaa211105a33b8e2698889eb02e

SHA512
caab44ded291a1f43d9f4597e42b2a863011eb7967089d3087b5c0005157ba9e8211673dffcd93f70a82567623efe4cc1c51ceb7d4c50027875957e9a7f6875c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
491ef6722f0b84904856bea914fc29d7

SHA1
9eebbf4ec5a0bd439e9f77c07cad0c63930cf707

SHA256
1ea36f6384e19f554141ebf7813861b8a1356bf07408cf382659a19a216f7aeb

SHA512
0f93cb89c37f319da6cbac58bd9ddaf15b7debffe557988f7b21a0f873584325383f07e5808b3d01a43f727789a0fe9ef199136bbf2127dfca10de4c58f1d37b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4be8a3b3e5baeede44fc121406ab7ccd

SHA1
7327ef36bc5ad29fc296373b592ab4a3e03d4519

SHA256
08ba75f17b24de040f0a832ea681337db43787c49ad8ae77660c2c6e413bcb89

SHA512
9106fb69d08be44caf39f3cc0e5dd829d6855e57854acc38ba019e36b9462c5e198d5403442af5d26e82c300340f471689609ba7ab82ea402eac547f7b4cc984

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b1893fc2-737a-4366-baba-8ed181c181dc.tmp

Filesize
9KB

MD5
070a2159786174984e7b80ea564c6d71

SHA1
93b9e3ee633b3a0870280d8538ba722bad0d7b12

SHA256
9a82ca329a4670104f5e1632b91c4bc033e03eed7714a45aac7deca39bd0bf97

SHA512
0c8fe179c8a98d361c84947e4e4a2e63d3f9a34a41d403922a24a302e55aef8d373d93f40d3042c97ad1ac432e4c23fce038a7f08e70e0071295e97891b5edb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
da498a7982726cc2d558e9bba84be7c7

SHA1
3779e7e386303014a24f16afcf1ae69a259268dc

SHA256
52672cdce68422b1ce979eb313dec95def9d210acff4e78bcab4b743079a6ea2

SHA512
3d53f74fe04e1fff616298ebfd42bfff701ea7edd9acc5bea11ebc03fb349f54780ffd7e541c020098d5737950bae2aa11fe07d563cb036e9027eca063f57542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
a2e8f3725d429cac67c0a6baa6c9833b

SHA1
b334e96cc07d001de796e814e4f7126fede1117f

SHA256
0f21f6b4b79145d3c01095b262fb48b604f2e3ad90a6602090db3f3508c77d45

SHA512
62e55c5faf74ccdc3b479be13b74fcd33fc6341445a7f51cbfa66bae5281d79f0dec842644843e9290c2f3713d2294f80ac31eb121334d146a908420acc5836b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
c1c7488a057bc3916455a7a26b2a1fcb

SHA1
9809a4c8edac7677c8308f1f38e5caa6742de9b9

SHA256
253abd16051e37045d3aafa9fd938d6d542bbd6cefccc94dbf6847688ff1a444

SHA512
de4b4c6806798a3544c27f5d0c6bf17f0a7c09ee9bba31e6c4e070fd78fffd0833f9460f638f0951d31e0c725cad7cd9797e39fd41003de8b9a45edaecc5dae3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
a60898ab2ee57b78093dbe4fee69fd06

SHA1
a7430d2a64506ac6ada9881a8351d32c12d9eee5

SHA256
aa26f53fc01213470032577c3c8a370f08514d938a8978763f6f099039bd2bfc

SHA512
203ce6f406b816691a2d355382f64ba09cc9de31860a3f83049d47174f53d90d38a30522300d9f170e261b5f01cbe6dfc3f4ea1f5764ecf73e91e735e81f4d33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
147KB

MD5
2d1ddf68c5e534966dc82fc7ff51b48b

SHA1
8bdac27b58ac57c69fa06906caa820e0aca4cd57

SHA256
d9cea3a88d8f3bf17dcaaa900f6e3465c4f471911a03952388a7be57c73cfcb0

SHA512
dfe6d0d289a6a5accd7bca982d4eedcd89774a846f3040781fb620ab3152205e0a286685cab083a98c7efc3fec6245415523904e9eb6e0ae59744f4979ae4912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
fd89a37f4c5a9163253e7ba02f14aa31

SHA1
e54c21a4428db2c567077f3d8fd9620fa539b954

SHA256
d4649aa47fd33ef3380093f83c1d041c392c2a61c99c4b8553bfe6bb50121089

SHA512
fb3ce41a035de7776bc5c7281458cd2f5b8b1106abbcc37e48d38bedecf993abcfebca64a8229b84f66e69051f28073f4fabff579ec0f4b161e22861c76fa9da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr563A.tmp\ExecDos.dll

Filesize
6KB

MD5
d7b975049ec3aba50e4b7cc654a28214

SHA1
25f2578945ebc9ac037fef7b7f94c5d48e42388b

SHA256
42422d912b9c626ad93eb8c036ad82ee67cfa48cf75259c20c327eddd4cc376f

SHA512
f95f7875aeab586d42ee48029f7feed6e2fd8a7d106671e225ff5cf9ad83375f0ec3b8b288177c5d48b4c51eeddde687d67e7b07ad324e24059cff0a6516c270

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr563A.tmp\InstallOptions.dll

Filesize
14KB

MD5
0dc0cc7a6d9db685bf05a7e5f3ea4781

SHA1
5d8b6268eeec9d8d904bc9d988a4b588b392213f

SHA256
8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

SHA512
814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr563A.tmp\LangDLL.dll

Filesize
5KB

MD5
a401e590877ef6c928d2a97c66157094

SHA1
75e24799cf67e789fadcc8b7fddefc72fdc4cd61

SHA256
2a7f33ef64d666a42827c4dc377806ad97bc233819197adf9696aed5be5efac0

SHA512
6093415cd090e69cdcb52b5d381d0a8b3e9e5479dac96be641e0071f1add26403b27a453febd8ccfd16393dc1caa03404a369c768a580781aba3068415ee993f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr563A.tmp\ReqCheck.ini

Filesize
261B

MD5
2e3f8c00f9cb735a6ba90ebb29a0ca12

SHA1
e3db432cf514a83bab6b4b8773b50f54d7c2bcd0

SHA256
2d24df63c6277ba7c3a65836049f82e586df9bf9252945292cb1ef65acd35224

SHA512
23947de6a4a9a6e1866ca2c8c3a911d4834bb73eff49c3f4ad76fa66cae0e9dc11add3b599cb05bdbcde4a1e5d2dd03d9c74d1811d6ead957ef58774ddba41cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr563A.tmp\System.dll

Filesize
11KB

MD5
00a0194c20ee912257df53bfe258ee4a

SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2

SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr563A.tmp\UAC.dll

Filesize
13KB

MD5
3efb753d111487249f5d778aa797bdde

SHA1
04de213cdc98b460f8e15b038261a1547614851f

SHA256
c36f5848d57a95c1b9fb72ccbd06129ebb481cf84ed019ca2988ff930b805269

SHA512
f2681c1e90de8bd61ad77089dab841befa20f2026e223ab4cd66b12a6769791c9106d7af1cbc947298e5b7cf9bf451be3251c58aea542719cf5185a9da045419

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr563A.tmp\ioSpecial.ini

Filesize
710B

MD5
dae93be9586deb9bf909ec57b53cd9c9

SHA1
86c4fd61423f5dc82030341a2d573d7093880361

SHA256
a6317b432a114ceab99b1ccf127d507b479e69634e13533c5dd46a9cfe098544

SHA512
5c1c54cb22911b61fc387796fc61b93ce9475ce4cd176d9a1cddc484bb0704d96c6c7f8b9f41ca5a7606a34e0bc1ac6dd34c59e846245dc36a1b1f2f1faafb6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr563A.tmp\ioSpecial.ini

Filesize
694B

MD5
d489d22ccd0365cbf5c98866c345c43b

SHA1
3497d70655cfcfda8dec2ebb7e4d6d23450ffc4f

SHA256
f9611c46371561fd1de024ae412834f4b89ef9624ec63e5110ed3e4aa5cd9a69

SHA512
454bb44a91eb4f7ed282d4391a898ecd064e3b5e183518536421234bf936cc5b76f669a7d0d8b05f46abc2a77d6c94f8f3a9e4b98223238bb31f6a6bdbdf2250

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr563A.tmp\ioSpecial.ini

Filesize
694B

MD5
c3648446746038b27e1019c6ae06f066

SHA1
2f799d7b9587d8175f8309e33160e11d6fc28522

SHA256
68dd51e836c03ad0cc535e084c7f4426517ab0f8c66544cc7e809a352aa786a0

SHA512
cfe6ecb3cd255b31c4f8ef61b696c705fc3b44b0d0142fb310674ac34c03dfd0db845c73410426c730380568b40d7e8d749e370f7f5d9b68b3d4261b3f16d878

Download Submit
C:\Users\Admin\Downloads\LDDSetup.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/4648-737-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-820-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-821-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-823-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-822-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-824-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-736-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-826-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-827-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-829-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-828-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-830-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-831-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-832-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-834-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-833-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-835-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-836-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-837-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-839-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-838-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-840-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-841-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-842-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-843-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-844-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-845-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-847-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-738-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-848-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-850-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-849-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-851-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-739-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-733-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-735-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-730-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-731-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-732-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download
memory/4648-729-0x0000000003300000-0x0000000003310000-memory.dmp

Filesize
64KB

Download