4e07bdcd696781ae7a3af2087db9c5a6b2c1e02fe6474995cf961f9407bde746

Resubmissions

16/10/2022, 13:05

221016-qblygaheh7 8

16/10/2022, 12:51

221016-p3p9jahebn 8

16/10/2022, 12:18

221016-pgzwvahdhq 8

Analysis

max time kernel
1098s
max time network
997s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
16/10/2022, 12:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LightBurn 1.1.03 (x64) Multilingual.zip
Size

64.4MB
MD5

b696719e1dee7c7e022e1d203fb367b7
SHA1

4e50c275dc5a29dae6ef8b5945236c5a6cc51155
SHA256

4e07bdcd696781ae7a3af2087db9c5a6b2c1e02fe6474995cf961f9407bde746
SHA512

87ddd51dbfb9f484d9137d224199938bb22c591e6de87c236c1bb0c5723b36334086a34fa18e59596181c3abca5030cc5b05aea6854814cd163059335f65d738
SSDEEP

1572864:/3NCdubToTg3o00yfbPGzV0pPKnSZG4AWpdJtFw958/8:QAbTsg3bbeJePKnULbjkL

Score

8^/10

vmprotect

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	notepad.exe

Executes dropped EXE 7 IoCs

pid	Process
1384	LightBurn-v1.1.03.exe
1956	LightBurn-v1.1.03.tmp
1232	DoCheck64.exe
1648	LightBurn-v1.1.03.exe
1564	LightBurn-v1.1.03.tmp
1712	DoCheck64.exe
1936	LightBurn.exe

VMProtect packed file 8 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/files/0x00080000000122e4-56.dat	vmprotect
behavioral1/files/0x00080000000122e4-57.dat	vmprotect
behavioral1/files/0x00080000000122e4-58.dat	vmprotect
behavioral1/files/0x00080000000122e4-59.dat	vmprotect
behavioral1/files/0x00080000000122e4-60.dat	vmprotect
behavioral1/memory/1936-156-0x000000013FF50000-0x000000014319D000-memory.dmp	vmprotect
behavioral1/memory/1936-160-0x000000013FF50000-0x000000014319D000-memory.dmp	vmprotect
behavioral1/memory/1936-161-0x000000013FF50000-0x000000014319D000-memory.dmp	vmprotect

Loads dropped DLL 64 IoCs

pid	Process
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1384	LightBurn-v1.1.03.exe
1956	LightBurn-v1.1.03.tmp
1232	DoCheck64.exe
1956	LightBurn-v1.1.03.tmp
1956	LightBurn-v1.1.03.tmp
1956	LightBurn-v1.1.03.tmp
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1648	LightBurn-v1.1.03.exe
1564	LightBurn-v1.1.03.tmp
1712	DoCheck64.exe
1564	LightBurn-v1.1.03.tmp
1564	LightBurn-v1.1.03.tmp
1564	LightBurn-v1.1.03.tmp
1564	LightBurn-v1.1.03.tmp
1564	LightBurn-v1.1.03.tmp
1564	LightBurn-v1.1.03.tmp
1564	LightBurn-v1.1.03.tmp
1564	LightBurn-v1.1.03.tmp
1564	LightBurn-v1.1.03.tmp
1564	LightBurn-v1.1.03.tmp
1192	Process not Found
1564	LightBurn-v1.1.03.tmp
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1936	LightBurn.exe
1936	LightBurn.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1936	LightBurn.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\LightBurn\imageformats\qicns.dll	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\bearer\is-QB9U2.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\is-4T8E7.tmp	LightBurn-v1.1.03.tmp
File opened for modification	C:\Program Files\LightBurn\libusb-1.0.dll	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\is-A32EF.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\imageformats\is-KM0PR.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\playlistformats\is-8VKNT.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\translations\is-LU8HQ.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\imageformats\is-GKRDE.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\languages\is-37SV4.tmp	LightBurn-v1.1.03.tmp
File opened for modification	C:\Program Files\LightBurn\playlistformats\qtmultimedia_m3u.dll	LightBurn-v1.1.03.tmp
File opened for modification	C:\Program Files\LightBurn\ssleay32.dll	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\is-J1Q77.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\audio\is-T8ML8.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\translations\is-GHPB5.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\is-PC95J.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\audio\is-0UVA3.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\translations\is-FLH14.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\languages\is-R2109.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\languages\is-TQ99B.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\mediaservice\is-DK38U.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\is-VU99J.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\is-OGHSN.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\is-J52FM.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\is-2PQQ6.tmp	LightBurn-v1.1.03.tmp
File opened for modification	C:\Program Files\LightBurn\imageformats\qtga.dll	LightBurn-v1.1.03.tmp
File opened for modification	C:\Program Files\LightBurn\imageformats\qwbmp.dll	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\is-T4BKD.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\is-JHVGN.tmp	LightBurn-v1.1.03.tmp
File opened for modification	C:\Program Files\LightBurn\ssleay32.dll	LightBurn-v1.1.03.tmp
File opened for modification	C:\Program Files\LightBurn\platforms\qwindows.dll	LightBurn-v1.1.03.tmp
File opened for modification	C:\Program Files\LightBurn\imageformats\qwebp.dll	LightBurn-v1.1.03.tmp
File opened for modification	C:\Program Files\LightBurn\styles\qwindowsvistastyle.dll	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\languages\is-FQUE9.tmp	LightBurn-v1.1.03.tmp
File opened for modification	C:\Program Files\LightBurn\libGLESV2.dll	LightBurn-v1.1.03.tmp
File opened for modification	C:\Program Files\LightBurn\Qt5PrintSupport.dll	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\languages\is-8VAU9.tmp	LightBurn-v1.1.03.tmp
File opened for modification	C:\Program Files\LightBurn\mediaservice\wmfengine.dll	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\is-CR7Q0.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\languages\is-D5FLT.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\translations\is-GM0B0.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\is-0M5ME.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\languages\is-O71B1.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\languages\is-3CGRV.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\languages\is-5CDHH.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\playlistformats\is-SLHT9.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\languages\is-8J7AI.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\is-BMCLR.tmp	LightBurn-v1.1.03.tmp
File opened for modification	C:\Program Files\LightBurn\Qt5Gui.dll	LightBurn-v1.1.03.tmp
File opened for modification	C:\Program Files\LightBurn\LBFileDialog.exe	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\is-LQIBH.tmp	LightBurn-v1.1.03.tmp
File opened for modification	C:\Program Files\LightBurn\mediaservice\dsengine.dll	LightBurn-v1.1.03.tmp
File opened for modification	C:\Program Files\LightBurn\LexActivator.dll	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\imageformats\is-97CLA.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\is-K5CEQ.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\imageformats\is-6FFFJ.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\is-HADET.tmp	LightBurn-v1.1.03.tmp
File opened for modification	C:\Program Files\LightBurn\Qt5SerialPort.dll	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\languages\is-P7F7I.tmp	LightBurn-v1.1.03.tmp
File opened for modification	C:\Program Files\LightBurn\Qt5OpenGL.dll	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\is-ELUCN.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\languages\is-L3381.tmp	LightBurn-v1.1.03.tmp
File created	C:\Program Files\LightBurn\styles\is-J60KL.tmp	LightBurn-v1.1.03.tmp
File opened for modification	C:\Program Files\LightBurn\Qt5Multimedia.dll	LightBurn-v1.1.03.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\.lbrn	LightBurn.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\SniffedFolderType = "Generic"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\LightBurn.LightBurn.1\Shell\Open	LightBurn.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Sort = 000000000000000000000000000000000200000030f125b7ef471a10a5f102608c9eebac0a0000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\TV_TopViewVersion = "0"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\csetz\OEAYCMC81B66B03F598EE623D05D9FDD896B049DFCF5258A60ABCB8A467B631FBB85DD = "㈳䌵㝅㥂㠷㔰㤷㌲〸䌲䑅㔰㔷㈴㜱㈶㔶䕆䈹㔳䈹䔷䌴ㄶ㙅㡄〵䈱䙁䌱䔷䈵㘳㙆䐲䄷䍂䍅㕄㠳䔰㜸㜹ㄸ㙄㑄㙁㘵䅃㍆ㄷ㌴䉅㔳㕆䄶䑂㐸䈴㐹㤴䘱㕅㥃ぅ〲㜵㌰䄷䉂䙄䄳㐱㝂䕃㕁㥃㔰䈱㐲㐳䘲䐴㑁㕃ㄲ㙄あ㘸う䍃㥅㡄㜶㌳㜶䘹㐷㥃䄴ぅ䐰㤷䑁䕅㐵㠴〱㈱䔵䙆㑃"	DoCheck64.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\.lbrn2\Content Type	LightBurn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\LightBurn.LightBurn.1\ = "LightBurn"	LightBurn.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\csetz\AWBHCTC81B66B03F598EE623D05D9FDD896B049DFCF5258A60ABCB8A467B631FBB85DD = "㈴㔹䄰䔲䈱ㄵ䘷㘱㜰䕆㠰㌰㡅㘴䔰㤵䍆㝃䑄䙆䄴䑄㠴䉆㤱㉂㙆䐵㈴うㅂ㈲㜵㡃䙁㉁㥁䉃〹㈲㕂䕄㈹㥅䕆㔱㑂ㄲ䉆䌳䄳〱㐸㤴䌰㌲㕄䅆㐰䍆䙅㤳ㅂㄶ㍁㌱䔸䌱㥁〰あ㍁㠵䌱䅆䔶㑅㌴ㄵ䕆㘱㡁䔴㙁ㅁ㍆㜳ㄴ䅂䄳〳㍃㑅㈸䔰㌵㌸䄶䐷䙅ㄶ䐷䔱㤰䌵㐲㜲䍆䕄䌹〱㍁"	DoCheck64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "6"	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\.lbrn\Content Type\ = "text/plain"	LightBurn.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\csetz	DoCheck64.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1092616257"	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\NodeSlot = "8"	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0 = 5200310000000000525501b6100064726976657273003c0008000400efbeee3a861a525501b62a000000590900000000010000000000000000000000000000006400720069007600650072007300000016000000	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\csetz\ESHFCEC81B66B03F598EE623D05D9FDD896B049DFCF5258A60ABCB8A467B631FBB85DD = "㑂䈸䘹㠶㡁〱〴\u3130䄳㡂䉁㡅䙅㑅䕂ㄸ䕆あ㝃䕆㘲䍅㡄䈸㐹㙆䘷䈴㝁䌹䕅㈸㜲〰䈶䈱㐳䔶㔳㤶㕂㝆䑁㌶㡆ㅅ䄰ㅁㄹ㔱㔸㕄㐳㉅㘲䅃䐸䈸㐹㙁〲㕅㤳㥂䈵䄶㍂\u3130䍃㤰㜳㕃䈱㤰㘸䕃㠳䔰㔱㥁㤳㥃ㅂ㥅㔳㠹ㄷ〸䈸ㄸ㐵㕃㔵䘶㝅㙂㝂ㄸ㘸䘷ㄷ㈵㘸䐲ㄱ㈲㡁㝁䄶㘳䄷㙅"	DoCheck64.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\SniffedFolderType = "Generic"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\.lbrn2\OpenWithProgIds\LightBurn.LightBurn.1	LightBurn.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Mode = "4"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\8	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0\MRUListEx = ffffffff	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0\0\MRUListEx = ffffffff	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\csetz\OEAYCMC81B66B03F598EE623D05D9FDD896B049DFCF5258A60ABCB8A467B631FBB85DD = "䉆䈹㕂㐱㕅㐸䕅㕂㍄〱㕅㉂䘵㐵䄵㡂䄴䌱䄲䑄㠱㕂㥂㡄㥂〶㘳㙃ぅ㑄㈲䄳㈸㉂㌰䈳㘴㜹㠷ㄲ㉆㌱䕅ぅ䉆㍄䕂㔸㜰㜹㝄あ䐷㝃ㄸ䍃䘴㘳䈷䌵䔶㕆䈸㕃䐲㈳㤰㈱㜵㉁䐹㔳㌹㙂㘴㜵䐴䑆㤹㑁䄱㐷㉆㝁㈴㌶㈰㝄䉂䌷䌸㉅䈸䅁㔵䈵㍅䐲ㄹ㍁䄷〹㔱㡃䄹㜸㕃㡄㍄䈳㈸㘲"	DoCheck64.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1936	LightBurn.exe

Suspicious behavior: EnumeratesProcesses 37 IoCs

pid	Process
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1956	LightBurn-v1.1.03.tmp
1956	LightBurn-v1.1.03.tmp
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1564	LightBurn-v1.1.03.tmp
1564	LightBurn-v1.1.03.tmp
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
528	taskmgr.exe
1936	LightBurn.exe

Suspicious behavior: GetForegroundWindowSpam 6 IoCs

pid	Process
1008	notepad.exe
1956	LightBurn-v1.1.03.tmp
1592	taskmgr.exe
1564	LightBurn-v1.1.03.tmp
528	taskmgr.exe
1936	LightBurn.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: 33	656	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	656	AUDIODG.EXE
Token: 33	656	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	656	AUDIODG.EXE
Token: SeRestorePrivilege	1476	7zG.exe
Token: 35	1476	7zG.exe
Token: SeSecurityPrivilege	1476	7zG.exe
Token: SeSecurityPrivilege	1476	7zG.exe
Token: SeDebugPrivilege	1948	taskmgr.exe
Token: SeDebugPrivilege	1592	taskmgr.exe
Token: 33	1924	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1924	AUDIODG.EXE
Token: 33	1924	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1924	AUDIODG.EXE
Token: SeDebugPrivilege	528	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1476	7zG.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1956	LightBurn-v1.1.03.tmp
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1948	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
1592	taskmgr.exe
528	taskmgr.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1008	notepad.exe
1008	notepad.exe
1008	notepad.exe
1936	LightBurn.exe

Suspicious use of WriteProcessMemory 36 IoCs

description	pid	Process	procid_target
PID 1384 wrote to memory of 1956	1384	LightBurn-v1.1.03.exe	36
PID 1384 wrote to memory of 1956	1384	LightBurn-v1.1.03.exe	36
PID 1384 wrote to memory of 1956	1384	LightBurn-v1.1.03.exe	36
PID 1384 wrote to memory of 1956	1384	LightBurn-v1.1.03.exe	36
PID 1384 wrote to memory of 1956	1384	LightBurn-v1.1.03.exe	36
PID 1384 wrote to memory of 1956	1384	LightBurn-v1.1.03.exe	36
PID 1384 wrote to memory of 1956	1384	LightBurn-v1.1.03.exe	36
PID 1956 wrote to memory of 1232	1956	LightBurn-v1.1.03.tmp	38
PID 1956 wrote to memory of 1232	1956	LightBurn-v1.1.03.tmp	38
PID 1956 wrote to memory of 1232	1956	LightBurn-v1.1.03.tmp	38
PID 1956 wrote to memory of 1232	1956	LightBurn-v1.1.03.tmp	38
PID 1956 wrote to memory of 832	1956	LightBurn-v1.1.03.tmp	45
PID 1956 wrote to memory of 832	1956	LightBurn-v1.1.03.tmp	45
PID 1956 wrote to memory of 832	1956	LightBurn-v1.1.03.tmp	45
PID 1956 wrote to memory of 832	1956	LightBurn-v1.1.03.tmp	45
PID 1956 wrote to memory of 832	1956	LightBurn-v1.1.03.tmp	45
PID 1956 wrote to memory of 832	1956	LightBurn-v1.1.03.tmp	45
PID 1956 wrote to memory of 832	1956	LightBurn-v1.1.03.tmp	45
PID 1648 wrote to memory of 1564	1648	LightBurn-v1.1.03.exe	49
PID 1648 wrote to memory of 1564	1648	LightBurn-v1.1.03.exe	49
PID 1648 wrote to memory of 1564	1648	LightBurn-v1.1.03.exe	49
PID 1648 wrote to memory of 1564	1648	LightBurn-v1.1.03.exe	49
PID 1648 wrote to memory of 1564	1648	LightBurn-v1.1.03.exe	49
PID 1648 wrote to memory of 1564	1648	LightBurn-v1.1.03.exe	49
PID 1648 wrote to memory of 1564	1648	LightBurn-v1.1.03.exe	49
PID 1564 wrote to memory of 1712	1564	LightBurn-v1.1.03.tmp	51
PID 1564 wrote to memory of 1712	1564	LightBurn-v1.1.03.tmp	51
PID 1564 wrote to memory of 1712	1564	LightBurn-v1.1.03.tmp	51
PID 1564 wrote to memory of 1712	1564	LightBurn-v1.1.03.tmp	51
PID 1564 wrote to memory of 1304	1564	LightBurn-v1.1.03.tmp	52
PID 1564 wrote to memory of 1304	1564	LightBurn-v1.1.03.tmp	52
PID 1564 wrote to memory of 1304	1564	LightBurn-v1.1.03.tmp	52
PID 1564 wrote to memory of 1304	1564	LightBurn-v1.1.03.tmp	52
PID 1564 wrote to memory of 1304	1564	LightBurn-v1.1.03.tmp	52
PID 1564 wrote to memory of 1304	1564	LightBurn-v1.1.03.tmp	52
PID 1564 wrote to memory of 1304	1564	LightBurn-v1.1.03.tmp	52

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\LightBurn 1.1.03 (x64) Multilingual.zip"
1⤵
PID:936

C:\Windows\system32\verclsid.exe
"C:\Windows\system32\verclsid.exe" /S /C {0B2C9183-C9FA-4C53-AE21-C900B0C39965} /I {0C733A8A-2A1C-11CE-ADE5-00AA0044773D} /X 0x401
1⤵
PID:1712

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x17c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:656

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap9546:128:7zEvent27484
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1476

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1948

C:\Users\Admin\Desktop\LightBurn 1.1.03 (x64) Multilingual\LightBurn-v1.1.03.exe
"C:\Users\Admin\Desktop\LightBurn 1.1.03 (x64) Multilingual\LightBurn-v1.1.03.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1384
- C:\Users\Admin\AppData\Local\Temp\is-IGOAP.tmp\LightBurn-v1.1.03.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-IGOAP.tmp\LightBurn-v1.1.03.tmp" /SL5="$40190,46903361,791040,C:\Users\Admin\Desktop\LightBurn 1.1.03 (x64) Multilingual\LightBurn-v1.1.03.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1956
- - C:\Users\Admin\AppData\Local\Temp\is-HRPEC.tmp\DoCheck64.exe
    "C:\Users\Admin\AppData\Local\Temp\is-HRPEC.tmp/DoCheck64.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    PID:1232
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\LightBurn\LBShellExtThumbnailHandler.dll"
    3⤵
    PID:832

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LightBurn 1.1.03 (x64) Multilingual\crack\readme.txt
1⤵
PID:1260

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
- Drops file in Drivers directory
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1008

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:568

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1592

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x52c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1924

C:\Users\Admin\Desktop\LightBurn 1.1.03 (x64) Multilingual\LightBurn-v1.1.03.exe
"C:\Users\Admin\Desktop\LightBurn 1.1.03 (x64) Multilingual\LightBurn-v1.1.03.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Users\Admin\AppData\Local\Temp\is-FJHIJ.tmp\LightBurn-v1.1.03.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-FJHIJ.tmp\LightBurn-v1.1.03.tmp" /SL5="$3026C,46903361,791040,C:\Users\Admin\Desktop\LightBurn 1.1.03 (x64) Multilingual\LightBurn-v1.1.03.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of WriteProcessMemory
  PID:1564
- - C:\Users\Admin\AppData\Local\Temp\is-AK8HN.tmp\DoCheck64.exe
    "C:\Users\Admin\AppData\Local\Temp\is-AK8HN.tmp/DoCheck64.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    PID:1712
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\LightBurn\LBShellExtThumbnailHandler.dll"
    3⤵
    PID:1304

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:528

C:\Program Files\LightBurn\LightBurn.exe
"C:\Program Files\LightBurn\LightBurn.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1936

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\LightBurn\CaptureLib.dll

Filesize
54KB

MD5
a979f38343eebf1b513e798f5d7d64d7

SHA1
2aa88bab1c1bb0b3a1772144b69586cbc28a2c5b

SHA256
916525c6025df4722cf99d1ffa624b4418f29cad1d19043c47216e8c196cefcb

SHA512
22a96b49a7307743f7088f95f69245051a507184728abd2b04197ec002f9c3f10506ba4c1dcd2ecae9a3fb0ebc7e7438af997d3c62f1c18103926190b75031df

Download Submit
C:\Program Files\LightBurn\LBShellExtThumbnailHandler.dll

Filesize
126KB

MD5
7508090d9a0b475c561a1bf5a377aad1

SHA1
277113e1b08b91755b97de458ba21284365955b4

SHA256
390f8ed9a111041426bc1d2586478207d928dff0c2fbca47f37223f7a9b5511b

SHA512
87a58d81b2b3b19a0ab46086ffa02347af55e39f2488d0f870003db657437436eda93fbe63db72e974a1b45ac7d459de1c1aaf76f9f32d15bd68d6ab2474ee98

Download Submit
C:\Program Files\LightBurn\LightBurn.exe

Filesize
18.4MB

MD5
b5c1ab104b1033fb24de381b975f3161

SHA1
e193fc8183173ca51e4c3f5ad5ced0d260e50436

SHA256
8f38a18380760f617aaa7cfb7ff252e6fb1df7203060a673d7de45930c06c549

SHA512
0caa4b1dc5ccf2b4c5b85494d39df63d4ca97d384be3daf234184f47727a1804777011c13a602610489e267cc936da15ec1439338719dc3671a0b25b4f9880ac

Download Submit
C:\Program Files\LightBurn\Qt5Gui.dll

Filesize
6.0MB

MD5
6ac98802e09d9ae93bba0dba17e8a3c7

SHA1
3c038499d71a666d1cc47883789f8d70e427cf5d

SHA256
8676c2de1a3c9daa88087b59437540640ae4f248a16f8e9f879c832ea5fb1e0c

SHA512
edd7146ff89860efb412560d37e628a42a284336005e76295456bde4f1c488fcadddc7ce5545079cb7282fc1a6b2d637b9312394181492a56ed19f99c02edf5a

Download Submit
C:\Program Files\LightBurn\Qt5Multimedia.dll

Filesize
702KB

MD5
80812c625d9d7eb046cd7d2fe78d2ff2

SHA1
d4cd62e261e0d8e6071c3d17b246f00c193e9497

SHA256
9e4f6e6d3294eccb82c928fdda1e3482fab0f6c6b2fcbd634aef9a0d083974bd

SHA512
8050b33f6e0d28951414800bc6649f5b8ad3ea68710aa3d15e7fc30d92b9a63550598e749763702f44b88b809a592bf10d64e4f9c5c01df6bb34d329caa6ca42

Download Submit
C:\Program Files\LightBurn\Qt5MultimediaWidgets.dll

Filesize
99KB

MD5
37452430df9c384430d534560a8fea52

SHA1
f4a6db67a5bc6e5dceb823fab343f3fa13254d02

SHA256
87c5294f74b74aedbb428cf2f7e6de18dfe85b06d9e8016e31e3fc73476f99fb

SHA512
ec990e89f646553f17f35b9375210a39abb2e2c716ffcd3800d0a073fa1c199d9f0a712ecaa89c847354f55f657a94c92286cde1acabbba118fb7fac0e59bfa6

Download Submit
C:\Program Files\LightBurn\Qt5Network.dll

Filesize
1.2MB

MD5
4fa15a22d1bdb4320160763f9bae6491

SHA1
9603f4be6b1d08e2fb62910472a55296c1cdfe6a

SHA256
39b525b241e8a6b8ae7fe1104d4eb0475491dba4152ce6715c03192a8580a36f

SHA512
6202373acfe4b8d1b3697dcde229b0b77b6d009eedc07c82ec7740906e78e5fcd7cd1d845a9cbf1f5bdf85eb7f9cc56473f682308024b60bf790feec92a882e1

Download Submit
C:\Program Files\LightBurn\Qt5PrintSupport.dll

Filesize
310KB

MD5
4c23e989f2f9c180935e469d71471e07

SHA1
d35c4dc9a31f753d3092e44dabe5e3748418d8b0

SHA256
6c8db6aab9a6e962764b5193eb768c133644510e5e382ea807d4587986bc9eaf

SHA512
7b53cff783c2b1f5f7abe3ecf9e4308de0a7781ea18545bfda617dbd102b49316853e19b3cd69e15c3973010091023eae3899b276eb3f0e3c408e458dd949a9f

Download Submit
C:\Program Files\LightBurn\Qt5SerialPort.dll

Filesize
79KB

MD5
578f66f3ae217b338bcbdfd2ad3f68f0

SHA1
a41f3362376092229fe3ff30136542531c218118

SHA256
de4a20f8c659a252e2011b5be029df28cedb31ee32ef396c08da7620ff99994f

SHA512
f8b71df937c1c49907208af8214ca288fc98bee3939211262220fc8bcaaa01b01e8879e6190105b81b2bdb9f9e0c15716676f7b477d19011fa7e6c3a5236a999

Download Submit
C:\Program Files\LightBurn\Qt5Svg.dll

Filesize
320KB

MD5
8edb8ff3b449bf9727182c0c11276d7a

SHA1
c84f82ec1d8aa319ab4c0d813d3341f4940b018a

SHA256
15617dd204051b8fb6033c0a4af6a2376f2ad1499bfecc92fa6cf66d47a6b681

SHA512
3da04e4b30182cdade9b50ce9999e04e59ce1796ef267eab5df85736171e3646794339290445b4459871d9a685e3d95a44afec882447591c64fa831d2c56f579

Download Submit
C:\Program Files\LightBurn\Qt5Widgets.dll

Filesize
5.3MB

MD5
4e550d4b120fc9f1b5c45e3e436182da

SHA1
bca089e3e232f6f68b3c3a29957b4cc25034f21e

SHA256
8d24ed6dc510d5fb7e64f556d5341638e0d459dbaeff51e35cc47f35055eddbd

SHA512
28b9122402a766b8c9a801a3c58da7713c994d3601db47a04b7a9e174f548adc962ba3785a5976d48f089639bf0a8a189c6d4a7b54c3fffaa8a083a23ddb1d27

Download Submit
C:\Program Files\LightBurn\SendUDP.exe

Filesize
108KB

MD5
dc4d2f49bd6792ab39dee29beb96a942

SHA1
32e4acd793964a9e35c5ef79230fc934954f7d63

SHA256
3c2461b6af83022b86e9f392572f6862ed09d389afc8da81ca39ff5c5d763d7c

SHA512
594303abec0d1f84ed21714f81aee76ff96d9406986799363fbddb7b10bed8c0994c1a298adbba19757968b0d86bd2bc3fe803f4fcb9b8d84a94da688038683f

Download Submit
C:\Program Files\LightBurn\SerialDriver.exe

Filesize
2.3MB

MD5
fb5d90d09e1408b0bf9dac3fb25067dc

SHA1
037deb157f7e94d9d5652990841b781912f9c6bf

SHA256
f37f6603bced68eec9c6453070ad8cb18d2d1a3c0fc4e5eab307bd3484623022

SHA512
fd0099d7b7f77a926cefcf15ac6cb377d04b14b09c4241242a707de61a9f925902fd6a06008832a14410999b138377d986decbc4ef696bdf0eb93a0d7c21a719

Download Submit
C:\Program Files\LightBurn\audio\qtaudio_wasapi.dll

Filesize
89KB

MD5
f8c09ede4c2beb9b8dd475202c6e763e

SHA1
603eec8b9d8c096d7c34cdc560c8800e99e8be0d

SHA256
c6b78900842e906c62f163a84102674fb5dca695746dfaf44765db86e2790e35

SHA512
1cf5eece33edcdc6f56ea085782bec647488360b76c31a8ec6855113613f7ffcdfff365237e06480cf125bd885a5cd9a3a2690173942fc9e7e10ea7a7b050830

Download Submit
C:\Program Files\LightBurn\iconengines\qsvgicon.dll

Filesize
34KB

MD5
3c1329d914a9f714a75136e411a1f010

SHA1
75a3cc7d96c4ffcfd213a754f08b5b00e556f648

SHA256
4520f45d15758042d28c1501c933062fc7729e02bbd9e7c2ec06f7759c99b5e1

SHA512
234f3ea6e36f8fd08bfbeeacc57f351ddde94cb6cab8f3310ca9ed5803a026464f0945518bd7c3e2f28e3af4c48997ed22860c075121015d390f686e25862324

Download Submit
C:\Program Files\LightBurn\imageformats\qgif.dll

Filesize
31KB

MD5
295e7b378931942f0701ef6feee1142e

SHA1
c25ed1887558e2cf15bdfee673ce8989722e3faa

SHA256
9eeec7ea1fffc82a9cf067c693fa37a0c6bcb0939ecddb7c6572dc96bbf6f515

SHA512
8cad3f792f0927197dc07b39a499fbf0973bf7ce0961ae7c4f5b47d87c0c3460036a884383b2882c5a3b0c6e03f00fbac19ba5437c84f898eef9b3fa9a271b10

Download Submit
C:\Program Files\LightBurn\imageformats\qicns.dll

Filesize
40KB

MD5
d69177459d9da04df923bd92a00168bf

SHA1
9fed4f20185714c21bb7bfdef20c583bafda5786

SHA256
b26765bf2f7d7aed59c458eecb018e5a3378a8d607cf3403f05b9c5c3f9fa308

SHA512
b0dc59adb328a911619be09fce11f5a98cdf1a594b76832bc2360fff41d7e20383ea8e52ee420b56221d407928d8c3dc7a7b50b8001ade315f2aaa1baa68f430

Download Submit
C:\Program Files\LightBurn\imageformats\qico.dll

Filesize
31KB

MD5
ad8a6ff7557f04184fde0c5462dd28ed

SHA1
27481c41b839f634c7f24a80349e9e9b1efabba7

SHA256
3fae881114e767cad2cf15b766b44a4ec49b1259e0a81a1ec288ef746190e0f6

SHA512
c209c92306f9ff437c3a2564fba6bb10901793f98edb52883823bce01425a8cf99ca692de103e59139e4b6e1676e1935d750c3590ad3f37fba4b1f13c0900b97

Download Submit
C:\Program Files\LightBurn\imageformats\qjpeg.dll

Filesize
322KB

MD5
6e538ab35fcaee41a02574f5a9f3c6a0

SHA1
7a3f421791320a7937682ae9c3e1b746854bf834

SHA256
e27ed55fe7f7a8a5105fdb51f46708c5f1ba92744a663772df21ba282a57d0fc

SHA512
88691cd6f6a25b375445a01346425dacc70e3db67c94488b63b0bb2987da0b016063d8e4ca130f7a4764a40da3d937b9df852ba5675cc8ce7e28b8881b9fc8db

Download Submit
C:\Program Files\LightBurn\imageformats\qsvg.dll

Filesize
24KB

MD5
c53ce2b065a3cf36f98a6ac543c4920b

SHA1
485b76520b5c07b006a42706b0e7b4a00db6359f

SHA256
ad2f1216c3c315b6ec200dba3f06befc99cf3247771165207500b291b2964627

SHA512
37aad74ea1471997e3229b35f40185a59cf696339ea8ce40f1e219f53560abaab4d9867112e53a652d66f03a39fbd7dfa5d27080f083d5632fbabe68f418c88a

Download Submit
C:\Program Files\LightBurn\imageformats\qtga.dll

Filesize
24KB

MD5
9cc48f15c366edd210b63258e5264569

SHA1
b49f6e4e0f164d68ce7d40c7fad12cfb2397a0f0

SHA256
1b29a890d92263b4160b16c6b7c4e052787bf9c8f9d8adae5ae0d5752f8a3f19

SHA512
2576711cb7d48c9db715c1a8fe331e2a4703544e625ab0a4a7d00f25486b4b431f92ee690e3d8b72bb218570588c22c8c6400e6418848f47f27a887808bae400

Download Submit
C:\Program Files\LightBurn\imageformats\qtiff.dll

Filesize
363KB

MD5
2e63442c158d5760bf3dee5d9d3deafc

SHA1
eb4254e4de30163c6485603d6fa11061a9fc54eb

SHA256
b2882e2d8af7cd773a9f3cbf652a477d09948c370dc067b829acce173e8bb3f3

SHA512
54691e2d55c372a8d13958cd23abfbd887ea67f90280ff095e25947b3a49e8fbdc9772befd5e1cc7b785fe943e8f7b076231a55e986ebadbe03c30fbafc542d7

Download Submit
C:\Program Files\LightBurn\imageformats\qwbmp.dll

Filesize
23KB

MD5
0478249841e01fdfb7db7a0f1bb9ecfd

SHA1
75652e87ae1faf9aa51bb9242dd91f591ffc0c4a

SHA256
7a9cf7367b69abff2e6246e3cf3f66b4086cff18c5d1d7e2145f97b0364d1d52

SHA512
ed11fde15bc05db1aa19ee65f664551f648570a119a6d889f4d809a332127f81ba1c0b100207bd860a4b52ddcc06f68e202e189dc41ebd828b71f14ffa6133f5

Download Submit
C:\Program Files\LightBurn\imageformats\qwebp.dll

Filesize
462KB

MD5
f80a0aea9fdca1e411a901fb8901f415

SHA1
56aecbba4c68c363cbbca2b1665627b954e77a22

SHA256
e3f1d9ac8f21a9d94ed1c9b24d76346e00c18af239a5bd294eb6bf109a687e63

SHA512
c10b2212588eaa5d274e0d24a6168a75bcd8343f13b35df4f611825bf997e37e0d81e8c5d0f11c3603faf493842f3d9f37fc804d6e4c13f920318bd09c56c8a5

Download Submit
C:\Program Files\LightBurn\libEGL.dll

Filesize
15KB

MD5
8d5fd1b8b725374e1806c3755cd1d19c

SHA1
5f3f0d2907d5b286a31a8dce62b9de0c91bc621a

SHA256
b397a5a9138ee82c565fdab2e6d560ab17047d109cef7982954792f578b8d217

SHA512
d896d01c3df779dc8eaae593b668bc47ea5ac0b212716a91ea363cef90f7e191e2bcadb41050338d8cee70f4059f7d3e850bb8f3de6f4067e51a93c0c9a0876d

Download Submit
C:\Program Files\LightBurn\libGLESV2.dll

Filesize
2.4MB

MD5
00f046f2b7b383a63aac79546f19ef84

SHA1
1dba48ed4d031baf662b5890f0f07ead9b8ace57

SHA256
250d0bde019fab488478cb82d8f1b9ed767c474121f6bddf795f0f02ee29d7df

SHA512
15dfe04f8297fad9f0cbe9ef9f3125f825ded5dfbadb94fd00579905b7d61ced7ce653d9e8016f6242f7256e7a4cde604f69dabed6c844eca53dbd77351db36b

Download Submit
C:\Program Files\LightBurn\mediaservice\dsengine.dll

Filesize
280KB

MD5
843cc68f32337dfa2e55a24278183bcd

SHA1
b7e540534d4d2c25cd37e75ff9c4525ff8f7167a

SHA256
311adcdd5d0c7df603923d40f0b02021bfddbc2a676abad83fa2bb0d0b6eb8b5

SHA512
29ec6bb13d401b9f78e1cd6aea284f75770d184b742651e52d271f224e259d8ed45ab9e4c3794855d55a2d8a6d90d916b99bb6f92a176494956b24b0870d0362

Download Submit
C:\Program Files\LightBurn\mediaservice\qtmedia_audioengine.dll

Filesize
61KB

MD5
89ab7cef52d7934f0fd8816e5217f608

SHA1
cc5882760d3052d195ff3bfb8ca265adf1e3837a

SHA256
6c3596efe6b35d7fe2c09c8da84713228e0d3870327b0b6fecfd7515b0d411dd

SHA512
3b36382ccb01171796d3b38dcc2ef5ec1a456800194f90ee88823f12e9d1846c02907184aa9bc2b8ae4cfc04bb96e7fc01ae4160eab8878a60352be992a727fc

Download Submit
C:\Program Files\LightBurn\platforms\qwindows.dll

Filesize
1.4MB

MD5
e7624a2f39ac92044548d408343ac828

SHA1
48f9853ff1bb3d00616a30402660bcdc374c2cb5

SHA256
c4911c31ae7adcae1aaa799ca26154a38de92c03558cc3e1982756a6702a42aa

SHA512
6e9a101b0187213ac4c657826d8d6198ec4efd821cf46280fdfd71748f5351b32e21123a062afc1902027510ca847f39539337c4fbbc8fc6d5f01b6d74e2f5d0

Download Submit
C:\Program Files\LightBurn\playlistformats\qtmultimedia_m3u.dll

Filesize
26KB

MD5
ce25017479c059f2bf6365387e670a3e

SHA1
5bd49075d03cb3df551613194ba1fa3680db39af

SHA256
6820e2a977557c49e8b9151f9115c4dbc2098d6fe342bb48fb75554a0d57b5bb

SHA512
efe616977bde0f0a8176769b3dfc48653b211efa0cc14daa569fe19676865f89a4efd20ad8aaaddf8a4ca934595796f2448ed4048f73ddbdd2278bfc79ebac4c

Download Submit
C:\Program Files\LightBurn\potrace.dll

Filesize
54KB

MD5
6088bfd2fd32891f231379e7b73f6cc4

SHA1
b07eace57b1b715bf987d541aa60237e6275ea05

SHA256
e9033271bec05322dedf6bf51890ee5563a553addf3999fd996cf7eacf57a2b1

SHA512
b409d51b4b5d71cf9a93ed57a76da95052647d743597378a54ec3c63627052bf5eec4ea11cf0f818153dec134c4302795db4ce8308784da22e5b038275947bb6

Download Submit
C:\Program Files\LightBurn\printsupport\windowsprintersupport.dll

Filesize
41KB

MD5
a9095e3d3b39c55210e7ce4c64d16b15

SHA1
6ae5ba9eaeee63ad2d0650f68ac9e2f32f604111

SHA256
f536569e7471358c1e7d0eab3ae2275fd01dd251be856e41b9672a60470a6a31

SHA512
2a4cbec8762b4cdc98d993afe2397e655fc7b414656f19e9411c1689f47d95f5e65cfb2197f95c6adc2eb8e7e0ef98d35b66dfac1688517bcfd819494a94dd66

Download Submit
C:\Program Files\LightBurn\ssleay32.dll

Filesize
377KB

MD5
216de4fef8158737f44cb7410db69f7e

SHA1
1338bf89df0f17d45e446ada72c8c23f675aa867

SHA256
94800785f061fc7fedeb2b9e4f410f824f2b8e864131eff960a9eac377ee9992

SHA512
82e18f7a49870d7474e551d3f8a05e5c264d353a3f17254b16295a442c2251d8598a17879763659cc1ebc79662568074ae90142aa80155b68689c438c1ba25c4

Download Submit
C:\Program Files\LightBurn\vcredist_2010_x64.exe

Filesize
5.4MB

MD5
cbe0b05c11d5d523c2af997d737c137b

SHA1
027d0c2749ec5eb21b031f46aee14c905206f482

SHA256
c6cd2d3f0b11dc2a604ffdc4dd97861a83b77e21709ba71b962a47759c93f4c8

SHA512
75280d721550c2fa19b4f8d42b87d2fc6017f42709d84d2162c7330f7a0338bbd72cdc3f78626b10edcc602e2d22b174039254824334b3173d0ea48b3c06d1df

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AK8HN.tmp\DoCheck64.exe

Filesize
1.2MB

MD5
4e0a83f357311419e23b224f1ad345e5

SHA1
9797c6143b5f19ddfe75ea79b6a43cbf2185f803

SHA256
2fd5beaa39f0fd4fb1202cb170f3ad774bb608464ba2e1bdcfc5b775acf6532d

SHA512
3b3f171d9c75d03580414e32fbe799fe1aa76e42ed60cffc4f04d97a1bc06ee84ba5ec92292c3a102d023f2b12d6ea650750863a594607642f78a562664eed81

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AK8HN.tmp\Qt5Core.dll

Filesize
5.6MB

MD5
db745528d34f550fd650921317bfa447

SHA1
f2bb379c6cf10a37ba670619494b532b22c4cbac

SHA256
c8ddc3d6b935f972ed02e317c526eeeac100a91316139354be99934923c516cc

SHA512
2fa93a1bdec60736222180ffbe4972a5fb455c2a5cc32590731756c1d15d2ea1ea4b0e2eea82e1dc4afa0a2f030666c64649d45338b4dbaf651b1019b60d80b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FJHIJ.tmp\LightBurn-v1.1.03.tmp

Filesize
3.0MB

MD5
d489d4b5487c1cce817e55cab56412f2

SHA1
6b439c031539b3d628b15b996ccb7b41529192b0

SHA256
3958e680cda2b22976321aca0eed20f6c4f0e989bb14a9b90b3afd6147748453

SHA512
72a7d264d633a1173575a383bf3cd9055c08fbba2cb29aa187761981e6e0b4d8b9072a7932ff8d03b9b16aa11900481b3fccdf0705f228f51aa4358eab12ed86

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HRPEC.tmp\DoCheck64.exe

Filesize
1.2MB

MD5
4e0a83f357311419e23b224f1ad345e5

SHA1
9797c6143b5f19ddfe75ea79b6a43cbf2185f803

SHA256
2fd5beaa39f0fd4fb1202cb170f3ad774bb608464ba2e1bdcfc5b775acf6532d

SHA512
3b3f171d9c75d03580414e32fbe799fe1aa76e42ed60cffc4f04d97a1bc06ee84ba5ec92292c3a102d023f2b12d6ea650750863a594607642f78a562664eed81

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HRPEC.tmp\Qt5Core.dll

Filesize
5.6MB

MD5
db745528d34f550fd650921317bfa447

SHA1
f2bb379c6cf10a37ba670619494b532b22c4cbac

SHA256
c8ddc3d6b935f972ed02e317c526eeeac100a91316139354be99934923c516cc

SHA512
2fa93a1bdec60736222180ffbe4972a5fb455c2a5cc32590731756c1d15d2ea1ea4b0e2eea82e1dc4afa0a2f030666c64649d45338b4dbaf651b1019b60d80b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IGOAP.tmp\LightBurn-v1.1.03.tmp

Filesize
3.0MB

MD5
d489d4b5487c1cce817e55cab56412f2

SHA1
6b439c031539b3d628b15b996ccb7b41529192b0

SHA256
3958e680cda2b22976321aca0eed20f6c4f0e989bb14a9b90b3afd6147748453

SHA512
72a7d264d633a1173575a383bf3cd9055c08fbba2cb29aa187761981e6e0b4d8b9072a7932ff8d03b9b16aa11900481b3fccdf0705f228f51aa4358eab12ed86

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IGOAP.tmp\LightBurn-v1.1.03.tmp

Filesize
3.0MB

MD5
d489d4b5487c1cce817e55cab56412f2

SHA1
6b439c031539b3d628b15b996ccb7b41529192b0

SHA256
3958e680cda2b22976321aca0eed20f6c4f0e989bb14a9b90b3afd6147748453

SHA512
72a7d264d633a1173575a383bf3cd9055c08fbba2cb29aa187761981e6e0b4d8b9072a7932ff8d03b9b16aa11900481b3fccdf0705f228f51aa4358eab12ed86

Download Submit
C:\Users\Admin\Desktop\LightBurn 1.1.03 (x64) Multilingual\LightBurn-v1.1.03.exe

Filesize
45.5MB

MD5
824a77f9719fea05c480f69bfe5ad59a

SHA1
0200cdd5ac6253367e42020bee76c7188d0d182d

SHA256
225be441845eabe655529e7dbaf1f58fb7868a8c020b79005ec138fb5f2464a4

SHA512
c722e3823a348c14762e91697210711fd8ebb8dc54be00538cab1a9f91cc8a436cc79ac6119d0c87b3c98889800e2e2ccd92cfeda6cc76465cd2f48a1b539903

Download Submit
C:\Users\Admin\Desktop\LightBurn 1.1.03 (x64) Multilingual\LightBurn-v1.1.03.exe

Filesize
45.5MB

MD5
824a77f9719fea05c480f69bfe5ad59a

SHA1
0200cdd5ac6253367e42020bee76c7188d0d182d

SHA256
225be441845eabe655529e7dbaf1f58fb7868a8c020b79005ec138fb5f2464a4

SHA512
c722e3823a348c14762e91697210711fd8ebb8dc54be00538cab1a9f91cc8a436cc79ac6119d0c87b3c98889800e2e2ccd92cfeda6cc76465cd2f48a1b539903

Download Submit
C:\Users\Admin\Desktop\LightBurn 1.1.03 (x64) Multilingual\LightBurn-v1.1.03.exe

Filesize
45.5MB

MD5
824a77f9719fea05c480f69bfe5ad59a

SHA1
0200cdd5ac6253367e42020bee76c7188d0d182d

SHA256
225be441845eabe655529e7dbaf1f58fb7868a8c020b79005ec138fb5f2464a4

SHA512
c722e3823a348c14762e91697210711fd8ebb8dc54be00538cab1a9f91cc8a436cc79ac6119d0c87b3c98889800e2e2ccd92cfeda6cc76465cd2f48a1b539903

Download Submit
C:\Users\Admin\Desktop\LightBurn 1.1.03 (x64) Multilingual\crack\readme.txt

Filesize
622B

MD5
d39400c59ff99833fac13d473c9d95f4

SHA1
fa62fea170d1622a7c2860d3aaad05b2392eaa13

SHA256
069cfb5fc89eba2ee552eb5fe70ebbed3a8b210759abd3e008cc5726bedeb315

SHA512
5a2fb697e7f17c0647d8a96f7255c4cf248f05935f059e9b9aaf1884271b57ef7f2c87e107022e21228c75a4a3b285f1045eb245f9304a8371a99638c326ae8d

Download Submit
\Program Files\LightBurn\LightBurn.exe

Filesize
18.4MB

MD5
b5c1ab104b1033fb24de381b975f3161

SHA1
e193fc8183173ca51e4c3f5ad5ced0d260e50436

SHA256
8f38a18380760f617aaa7cfb7ff252e6fb1df7203060a673d7de45930c06c549

SHA512
0caa4b1dc5ccf2b4c5b85494d39df63d4ca97d384be3daf234184f47727a1804777011c13a602610489e267cc936da15ec1439338719dc3671a0b25b4f9880ac

Download Submit
\Program Files\LightBurn\LightBurn.exe

Filesize
18.4MB

MD5
b5c1ab104b1033fb24de381b975f3161

SHA1
e193fc8183173ca51e4c3f5ad5ced0d260e50436

SHA256
8f38a18380760f617aaa7cfb7ff252e6fb1df7203060a673d7de45930c06c549

SHA512
0caa4b1dc5ccf2b4c5b85494d39df63d4ca97d384be3daf234184f47727a1804777011c13a602610489e267cc936da15ec1439338719dc3671a0b25b4f9880ac

Download Submit
\Program Files\LightBurn\LightBurn.exe

Filesize
18.4MB

MD5
b5c1ab104b1033fb24de381b975f3161

SHA1
e193fc8183173ca51e4c3f5ad5ced0d260e50436

SHA256
8f38a18380760f617aaa7cfb7ff252e6fb1df7203060a673d7de45930c06c549

SHA512
0caa4b1dc5ccf2b4c5b85494d39df63d4ca97d384be3daf234184f47727a1804777011c13a602610489e267cc936da15ec1439338719dc3671a0b25b4f9880ac

Download Submit
\Program Files\LightBurn\LightBurn.exe

Filesize
18.4MB

MD5
b5c1ab104b1033fb24de381b975f3161

SHA1
e193fc8183173ca51e4c3f5ad5ced0d260e50436

SHA256
8f38a18380760f617aaa7cfb7ff252e6fb1df7203060a673d7de45930c06c549

SHA512
0caa4b1dc5ccf2b4c5b85494d39df63d4ca97d384be3daf234184f47727a1804777011c13a602610489e267cc936da15ec1439338719dc3671a0b25b4f9880ac

Download Submit
\Program Files\LightBurn\LightBurn.exe

Filesize
18.4MB

MD5
b5c1ab104b1033fb24de381b975f3161

SHA1
e193fc8183173ca51e4c3f5ad5ced0d260e50436

SHA256
8f38a18380760f617aaa7cfb7ff252e6fb1df7203060a673d7de45930c06c549

SHA512
0caa4b1dc5ccf2b4c5b85494d39df63d4ca97d384be3daf234184f47727a1804777011c13a602610489e267cc936da15ec1439338719dc3671a0b25b4f9880ac

Download Submit
\Program Files\LightBurn\LightBurn.exe

Filesize
18.4MB

MD5
b5c1ab104b1033fb24de381b975f3161

SHA1
e193fc8183173ca51e4c3f5ad5ced0d260e50436

SHA256
8f38a18380760f617aaa7cfb7ff252e6fb1df7203060a673d7de45930c06c549

SHA512
0caa4b1dc5ccf2b4c5b85494d39df63d4ca97d384be3daf234184f47727a1804777011c13a602610489e267cc936da15ec1439338719dc3671a0b25b4f9880ac

Download Submit
\Program Files\LightBurn\LightBurn.exe

Filesize
18.4MB

MD5
b5c1ab104b1033fb24de381b975f3161

SHA1
e193fc8183173ca51e4c3f5ad5ced0d260e50436

SHA256
8f38a18380760f617aaa7cfb7ff252e6fb1df7203060a673d7de45930c06c549

SHA512
0caa4b1dc5ccf2b4c5b85494d39df63d4ca97d384be3daf234184f47727a1804777011c13a602610489e267cc936da15ec1439338719dc3671a0b25b4f9880ac

Download Submit
\Program Files\LightBurn\unins000.exe

Filesize
3.0MB

MD5
c0f59fe12a62e72ff84f18c165761a8d

SHA1
0016b390bd8d4905e6a464a415e5bbddd9cdd5c4

SHA256
1c631e7f4dc9843822c922d20b6736593ebb289122cb4e8468478856f3229230

SHA512
feeea680bccb47b124fee66d702d4ecef7480b627aaa42a4a90fc11a7c24eddb4db994adfd8148b0d7a43d2d4c970e1ac00c122fcd9eb1e5b69574392de5344f

Download Submit
\Users\Admin\AppData\Local\Temp\is-AK8HN.tmp\DoCheck64.exe

Filesize
1.2MB

MD5
4e0a83f357311419e23b224f1ad345e5

SHA1
9797c6143b5f19ddfe75ea79b6a43cbf2185f803

SHA256
2fd5beaa39f0fd4fb1202cb170f3ad774bb608464ba2e1bdcfc5b775acf6532d

SHA512
3b3f171d9c75d03580414e32fbe799fe1aa76e42ed60cffc4f04d97a1bc06ee84ba5ec92292c3a102d023f2b12d6ea650750863a594607642f78a562664eed81

Download Submit
\Users\Admin\AppData\Local\Temp\is-AK8HN.tmp\Qt5Core.dll

Filesize
5.6MB

MD5
db745528d34f550fd650921317bfa447

SHA1
f2bb379c6cf10a37ba670619494b532b22c4cbac

SHA256
c8ddc3d6b935f972ed02e317c526eeeac100a91316139354be99934923c516cc

SHA512
2fa93a1bdec60736222180ffbe4972a5fb455c2a5cc32590731756c1d15d2ea1ea4b0e2eea82e1dc4afa0a2f030666c64649d45338b4dbaf651b1019b60d80b6

Download Submit
\Users\Admin\AppData\Local\Temp\is-FJHIJ.tmp\LightBurn-v1.1.03.tmp

Filesize
3.0MB

MD5
d489d4b5487c1cce817e55cab56412f2

SHA1
6b439c031539b3d628b15b996ccb7b41529192b0

SHA256
3958e680cda2b22976321aca0eed20f6c4f0e989bb14a9b90b3afd6147748453

SHA512
72a7d264d633a1173575a383bf3cd9055c08fbba2cb29aa187761981e6e0b4d8b9072a7932ff8d03b9b16aa11900481b3fccdf0705f228f51aa4358eab12ed86

Download Submit
\Users\Admin\AppData\Local\Temp\is-HRPEC.tmp\DoCheck64.exe

Filesize
1.2MB

MD5
4e0a83f357311419e23b224f1ad345e5

SHA1
9797c6143b5f19ddfe75ea79b6a43cbf2185f803

SHA256
2fd5beaa39f0fd4fb1202cb170f3ad774bb608464ba2e1bdcfc5b775acf6532d

SHA512
3b3f171d9c75d03580414e32fbe799fe1aa76e42ed60cffc4f04d97a1bc06ee84ba5ec92292c3a102d023f2b12d6ea650750863a594607642f78a562664eed81

Download Submit
\Users\Admin\AppData\Local\Temp\is-HRPEC.tmp\Qt5Core.dll

Filesize
5.6MB

MD5
db745528d34f550fd650921317bfa447

SHA1
f2bb379c6cf10a37ba670619494b532b22c4cbac

SHA256
c8ddc3d6b935f972ed02e317c526eeeac100a91316139354be99934923c516cc

SHA512
2fa93a1bdec60736222180ffbe4972a5fb455c2a5cc32590731756c1d15d2ea1ea4b0e2eea82e1dc4afa0a2f030666c64649d45338b4dbaf651b1019b60d80b6

Download Submit
\Users\Admin\AppData\Local\Temp\is-IGOAP.tmp\LightBurn-v1.1.03.tmp

Filesize
3.0MB

MD5
d489d4b5487c1cce817e55cab56412f2

SHA1
6b439c031539b3d628b15b996ccb7b41529192b0

SHA256
3958e680cda2b22976321aca0eed20f6c4f0e989bb14a9b90b3afd6147748453

SHA512
72a7d264d633a1173575a383bf3cd9055c08fbba2cb29aa187761981e6e0b4d8b9072a7932ff8d03b9b16aa11900481b3fccdf0705f228f51aa4358eab12ed86

Download Submit
\Users\Admin\Desktop\LightBurn 1.1.03 (x64) Multilingual\crack\LightBurn.exe

Filesize
20.0MB

MD5
5ca71df50d97c30d10ab4b0f6ca4cfdb

SHA1
442d52173ba60457a0dd19b4112b5efb35aaf785

SHA256
f016b0faf44d99deed099f3c61b000707d9028b9641846df86dc545f2e1fc1ef

SHA512
f8a7077a2ff5ae4dcac641f19e470eefda7c8d061a65d133d7656ee78bc556b3e2e620e1e5a596c16882ba7031e940f329ebaaa1cac8c127733d7a0fab67817d

Download Submit
\Users\Admin\Desktop\LightBurn 1.1.03 (x64) Multilingual\crack\LightBurn.exe

Filesize
20.0MB

MD5
5ca71df50d97c30d10ab4b0f6ca4cfdb

SHA1
442d52173ba60457a0dd19b4112b5efb35aaf785

SHA256
f016b0faf44d99deed099f3c61b000707d9028b9641846df86dc545f2e1fc1ef

SHA512
f8a7077a2ff5ae4dcac641f19e470eefda7c8d061a65d133d7656ee78bc556b3e2e620e1e5a596c16882ba7031e940f329ebaaa1cac8c127733d7a0fab67817d

Download Submit
\Users\Admin\Desktop\LightBurn 1.1.03 (x64) Multilingual\crack\LightBurn.exe

Filesize
20.0MB

MD5
5ca71df50d97c30d10ab4b0f6ca4cfdb

SHA1
442d52173ba60457a0dd19b4112b5efb35aaf785

SHA256
f016b0faf44d99deed099f3c61b000707d9028b9641846df86dc545f2e1fc1ef

SHA512
f8a7077a2ff5ae4dcac641f19e470eefda7c8d061a65d133d7656ee78bc556b3e2e620e1e5a596c16882ba7031e940f329ebaaa1cac8c127733d7a0fab67817d

Download Submit
\Users\Admin\Desktop\LightBurn 1.1.03 (x64) Multilingual\crack\LightBurn.exe

Filesize
20.0MB

MD5
5ca71df50d97c30d10ab4b0f6ca4cfdb

SHA1
442d52173ba60457a0dd19b4112b5efb35aaf785

SHA256
f016b0faf44d99deed099f3c61b000707d9028b9641846df86dc545f2e1fc1ef

SHA512
f8a7077a2ff5ae4dcac641f19e470eefda7c8d061a65d133d7656ee78bc556b3e2e620e1e5a596c16882ba7031e940f329ebaaa1cac8c127733d7a0fab67817d

Download Submit
\Users\Admin\Desktop\LightBurn 1.1.03 (x64) Multilingual\crack\LightBurn.exe

Filesize
20.0MB

MD5
5ca71df50d97c30d10ab4b0f6ca4cfdb

SHA1
442d52173ba60457a0dd19b4112b5efb35aaf785

SHA256
f016b0faf44d99deed099f3c61b000707d9028b9641846df86dc545f2e1fc1ef

SHA512
f8a7077a2ff5ae4dcac641f19e470eefda7c8d061a65d133d7656ee78bc556b3e2e620e1e5a596c16882ba7031e940f329ebaaa1cac8c127733d7a0fab67817d

Download Submit
memory/528-153-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/528-152-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/568-85-0x0000000071C91000-0x0000000071C93000-memory.dmp

Filesize
8KB

Download
memory/1008-83-0x00000000036C0000-0x00000000036D0000-memory.dmp

Filesize
64KB

Download
memory/1384-69-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/1384-66-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/1384-65-0x0000000075C61000-0x0000000075C63000-memory.dmp

Filesize
8KB

Download
memory/1384-82-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/1564-148-0x0000000074BC1000-0x0000000074BC3000-memory.dmp

Filesize
8KB

Download
memory/1592-99-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1648-102-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/1648-108-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/1712-54-0x000007FEFC3B1000-0x000007FEFC3B3000-memory.dmp

Filesize
8KB

Download
memory/1936-154-0x000007FEF5050000-0x000007FEF559E000-memory.dmp

Filesize
5.3MB

Download
memory/1936-156-0x000000013FF50000-0x000000014319D000-memory.dmp

Filesize
50.3MB

Download
memory/1936-160-0x000000013FF50000-0x000000014319D000-memory.dmp

Filesize
50.3MB

Download
memory/1936-161-0x000000013FF50000-0x000000014319D000-memory.dmp

Filesize
50.3MB

Download
memory/1948-62-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1948-63-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1956-86-0x0000000074BD1000-0x0000000074BD3000-memory.dmp

Filesize
8KB

Download