lumma | 3f9182e10ec211dcbec310ff12e05388f87fdfd9213b3b723d4eb888fd796847

Analysis

max time kernel
84s
max time network
81s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
13-03-2023 23:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

itubego_pd.exe
Size

86.6MB
MD5

0dd0028e7f7ae8a2d2e191a9eea8140e
SHA1

3c5b77216120d24333a0600f9b08cafc4770b5ca
SHA256

3f9182e10ec211dcbec310ff12e05388f87fdfd9213b3b723d4eb888fd796847
SHA512

7b5d9144c5e75d9c72a879e7f721aeef433523b8573fd2a47ada0d3a7c2339bccd05a5b67e9f389438d584814758a551757eaea2c50fc2135f0ed07a0f42822d
SSDEEP

1572864:L1pKJ/QCCXwsYssykS2D+WutvgdQUc3mKen9f+97ZAD5TcBJJHYJjy3bzv8T:LDKJYCCXwsfsykS0GSc3mxfouc/JKQzI

Score

10^/10

lumma discovery stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Executes dropped EXE 3 IoCs

Processes:

itubego_pd.tmpiTubeGo.exeiTubeGo.exe

pid process

952 itubego_pd.tmp
436 iTubeGo.exe
1904 iTubeGo.exe

pid	process
952	itubego_pd.tmp
436	iTubeGo.exe
1904	iTubeGo.exe

Loads dropped DLL 64 IoCs

Processes:

itubego_pd.exeiTubeGo.exeiTubeGo.exe

pid	process
908	itubego_pd.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
1904	iTubeGo.exe
1904	iTubeGo.exe
1904	iTubeGo.exe
1904	iTubeGo.exe
1904	iTubeGo.exe
1904	iTubeGo.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

itubego_pd.tmp

description	ioc	process
File created	C:\Program Files (x86)\iTubeGo\is-J2BRU.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\is-IKP2P.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\is-6UAD8.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\images\is-41T4G.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\translations\is-D6Q8E.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\translations\is-57U9B.tmp	itubego_pd.tmp
File opened for modification	C:\Program Files (x86)\iTubeGo\libwinpthread-1.dll	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\is-ANU7K.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\is-NBRPG.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\OneClickedType\is-0I42P.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\qss\is-SE2UJ.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\translations\qtwebengine_locales\is-P30QK.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\translations\qtwebengine_locales\is-2PCVC.tmp	itubego_pd.tmp
File opened for modification	C:\Program Files (x86)\iTubeGo\Qt5Qml.dll	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\platforms\is-MP6EO.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\translations\qtwebengine_locales\is-LNOOS.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\translations\qtwebengine_locales\is-QDT9N.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\is-AE8QP.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\is-QBP2L.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\is-8IG9G.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\is-KB7HK.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\imageformats\is-ELCL5.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\images\is-RRO8F.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\images\is-OKP5J.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\qss\is-477T4.tmp	itubego_pd.tmp
File opened for modification	C:\Program Files (x86)\iTubeGo\spdlogCore.dll	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\translations\qtwebengine_locales\is-V7E6V.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\translations\is-UH0I8.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\is-FMPLI.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\is-PMJ12.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\position\is-I7692.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\printsupport\is-A48GV.tmp	itubego_pd.tmp
File opened for modification	C:\Program Files (x86)\iTubeGo\unins000.dat	itubego_pd.tmp
File opened for modification	C:\Program Files (x86)\iTubeGo\api-ms-win-core-util-l1-1-0.dll	itubego_pd.tmp
File opened for modification	C:\Program Files (x86)\iTubeGo\libeay32.dll	itubego_pd.tmp
File opened for modification	C:\Program Files (x86)\iTubeGo\api-ms-win-core-file-l1-2-0.dll	itubego_pd.tmp
File opened for modification	C:\Program Files (x86)\iTubeGo\api-ms-win-core-localization-l1-2-0.dll	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\is-H2IJ8.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\OneClickedType\is-131HJ.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\qss\is-B1P5R.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\qss\is-L90DJ.tmp	itubego_pd.tmp
File opened for modification	C:\Program Files (x86)\iTubeGo\Qt5Quick.dll	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\translations\is-SEIE3.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\translations\qtwebengine_locales\is-LL71P.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\styles\is-8CUPB.tmp	itubego_pd.tmp
File opened for modification	C:\Program Files (x86)\iTubeGo\QtWebEngineProcess.exe	itubego_pd.tmp
File opened for modification	C:\Program Files (x86)\iTubeGo\libGLESv2.dll	itubego_pd.tmp
File opened for modification	C:\Program Files (x86)\iTubeGo\qmltooling\qmldbg_messages.dll	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\is-UTBFT.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\is-VHI8T.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\is-STQTS.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\qmltooling\is-K9RBV.tmp	itubego_pd.tmp
File opened for modification	C:\Program Files (x86)\iTubeGo\qmltooling\qmldbg_local.dll	itubego_pd.tmp
File opened for modification	C:\Program Files (x86)\iTubeGo\msvcr120.dll	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\translations\is-5EACP.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\translations\qtwebengine_locales\is-IATDO.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\translations\qtwebengine_locales\is-VFIST.tmp	itubego_pd.tmp
File opened for modification	C:\Program Files (x86)\iTubeGo\qmltooling\qmldbg_debugger.dll	itubego_pd.tmp
File opened for modification	C:\Program Files (x86)\iTubeGo\qmltooling\qmldbg_profiler.dll	itubego_pd.tmp
File opened for modification	C:\Program Files (x86)\iTubeGo\7z.exe	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\OneClickedType\is-9UGDU.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\qmltooling\is-T7C2Q.tmp	itubego_pd.tmp
File created	C:\Program Files (x86)\iTubeGo\translations\qtwebengine_locales\is-RA0RI.tmp	itubego_pd.tmp
File opened for modification	C:\Program Files (x86)\iTubeGo\qmltooling\qmldbg_server.dll	itubego_pd.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 27 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9F563061-C1FA-11ED-9C96-EE84389A6D8F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9F563063-C1FA-11ED-9C96-EE84389A6D8F}.dat = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

iTubeGo.exeiTubeGo.exe

pid process

436 iTubeGo.exe
1904 iTubeGo.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

itubego_pd.tmpiTubeGo.exeiTubeGo.exe

pid process

952 itubego_pd.tmp
952 itubego_pd.tmp
436 iTubeGo.exe
1904 iTubeGo.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

iTubeGo.exe

pid process

436 iTubeGo.exe
Suspicious use of FindShellTrayWindow 7 IoCs

Processes:

itubego_pd.tmpiTubeGo.exeiexplore.exe

pid process

952 itubego_pd.tmp
436 iTubeGo.exe
436 iTubeGo.exe
436 iTubeGo.exe
436 iTubeGo.exe
436 iTubeGo.exe
1736 iexplore.exe
Suspicious use of SendNotifyMessage 5 IoCs

Processes:

iTubeGo.exe

pid process

436 iTubeGo.exe
436 iTubeGo.exe
436 iTubeGo.exe
436 iTubeGo.exe
436 iTubeGo.exe

pid	process
952	itubego_pd.tmp
952	itubego_pd.tmp
436	iTubeGo.exe
1904	iTubeGo.exe

pid	process
952	itubego_pd.tmp
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
1736	iexplore.exe

Suspicious use of SetWindowsHookEx 35 IoCs

Processes:

iTubeGo.exeiexplore.exeIEXPLORE.EXEiTubeGo.exe

pid	process
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
1736	iexplore.exe
1736	iexplore.exe
876	IEXPLORE.EXE
876	IEXPLORE.EXE
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
436	iTubeGo.exe
1904	iTubeGo.exe
1904	iTubeGo.exe
1904	iTubeGo.exe
1904	iTubeGo.exe
1904	iTubeGo.exe

Suspicious use of WriteProcessMemory 19 IoCs

Processes:

itubego_pd.exeitubego_pd.tmpiTubeGo.exeiexplore.exe

description	pid	process	target process
PID 908 wrote to memory of 952	908	itubego_pd.exe	itubego_pd.tmp
PID 908 wrote to memory of 952	908	itubego_pd.exe	itubego_pd.tmp
PID 908 wrote to memory of 952	908	itubego_pd.exe	itubego_pd.tmp
PID 908 wrote to memory of 952	908	itubego_pd.exe	itubego_pd.tmp
PID 908 wrote to memory of 952	908	itubego_pd.exe	itubego_pd.tmp
PID 908 wrote to memory of 952	908	itubego_pd.exe	itubego_pd.tmp
PID 908 wrote to memory of 952	908	itubego_pd.exe	itubego_pd.tmp
PID 952 wrote to memory of 436	952	itubego_pd.tmp	iTubeGo.exe
PID 952 wrote to memory of 436	952	itubego_pd.tmp	iTubeGo.exe
PID 952 wrote to memory of 436	952	itubego_pd.tmp	iTubeGo.exe
PID 952 wrote to memory of 436	952	itubego_pd.tmp	iTubeGo.exe
PID 436 wrote to memory of 1736	436	iTubeGo.exe	iexplore.exe
PID 436 wrote to memory of 1736	436	iTubeGo.exe	iexplore.exe
PID 436 wrote to memory of 1736	436	iTubeGo.exe	iexplore.exe
PID 436 wrote to memory of 1736	436	iTubeGo.exe	iexplore.exe
PID 1736 wrote to memory of 876	1736	iexplore.exe	IEXPLORE.EXE
PID 1736 wrote to memory of 876	1736	iexplore.exe	IEXPLORE.EXE
PID 1736 wrote to memory of 876	1736	iexplore.exe	IEXPLORE.EXE
PID 1736 wrote to memory of 876	1736	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\itubego_pd.exe
"C:\Users\Admin\AppData\Local\Temp\itubego_pd.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:908

C:\Users\Admin\AppData\Local\Temp\is-H6H07.tmp\itubego_pd.tmp
"C:\Users\Admin\AppData\Local\Temp\is-H6H07.tmp\itubego_pd.tmp" /SL5="$A0124,89968061,733696,C:\Users\Admin\AppData\Local\Temp\itubego_pd.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:952

C:\Program Files (x86)\iTubeGo\iTubeGo.exe
"C:\Program Files (x86)\iTubeGo\iTubeGo.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:436

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://itubego.com/thankyou/install-itubego/?affid=b1b849ce-e12b-4d9c-a0e8-62a08b5e99d8
4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1736

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:275457 /prefetch:2
5⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:876

C:\Program Files (x86)\iTubeGo\iTubeGo.exe
"C:\Program Files (x86)\iTubeGo\iTubeGo.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1904

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\iTubeGo\MSVCP140.dll
Filesize
429KB

MD5
cfbdf284c12056347e6773cb3949fbba

SHA1
ad3fa5fbbc4296d4a901ea94460762faf3d6a2b8

SHA256
bbecdfda2551b01aa16005c88305982c360a9fb9ba3d9be2fb15f2e9c6eb809f

SHA512
2f24eac94d51f8f28c8e6b6234ca2e481e0f8f1a73df62766ff4f5640480377fb2c4a469babedb87d303503994b469e570aaf725e16da6f9b2d6a77f15b4623f

Download Submit
C:\Program Files (x86)\iTubeGo\MSVCP140_1.dll
Filesize
22KB

MD5
2a31e80d4231ee1e21744b7cfc6d3b4e

SHA1
4ebb489e8eb1411a6c44d446669ee519a49e9656

SHA256
01d02cc706198987e0c616891b00fbd63d15329139dfb8af3475ad25294d3de6

SHA512
6ed116b62ee093aa40dd9ab45827b16f57d6bb2b7ba4d1d66147ed7a476d9f559fcd37ceb62d5df02c8c06aa8e402a37cfc428836ea00c52fd0cf5f4bf09f244

Download Submit
C:\Program Files (x86)\iTubeGo\OneClickedType\is-2DRF5.tmp
Filesize
279B

MD5
a33ff081ce9e3bf13fd0eed85636e1f9

SHA1
a13b54aef8fcfd533210668484bf1978e0302a65

SHA256
6a52f154d39a9e5072584e21008092f75a3613d0f442552f1c4b1015bb6c78a4

SHA512
45527d4ad183ca0c9bc384d35ef4c658e4e73855c20e373e2102f04408f32659317232a20abadd391d07eaa2b890bcb3827ffcd8ad6d9e93b86584f9dd389f55

Download Submit
C:\Program Files (x86)\iTubeGo\Qt5Core.dll
Filesize
5.2MB

MD5
26935dea5bc988a4d5a8bec36d6c2739

SHA1
789e86dd8f643faa31a92bb4d0c2c0a2c0ddd807

SHA256
842df61d0e96e86e4bc46d2d144af871c133ba3bf6dbf3881be0782d6528e030

SHA512
1813c62beed16870d2114ca39105a8694a96174398b5eddc1544a1845016571625cc7d4609f573ab069f15ca0550077fb6efc176ff8db8f22b7c7ea5f3abcfe3

Download Submit
C:\Program Files (x86)\iTubeGo\Qt5Gui.dll
Filesize
5.5MB

MD5
1b83ffee296d25c08b23500c12367269

SHA1
7a0608314e65f80756892cbdf2b79aa87c3f884e

SHA256
d75892ee35ad7f529b380a7b191c8b114dc531360776838332076d88e225c681

SHA512
8d990af34514e96fb6d8b101ccb8e257d1c2736af3eb69e39436d0e1ce59f8460c39d602f93a7652e7edec345262dc64fbb67c02020ecf82e8a0b21676331a97

Download Submit
C:\Program Files (x86)\iTubeGo\Qt5Quick.dll
Filesize
3.4MB

MD5
e80a1336a6b322db8e595c896d804071

SHA1
566b9e315c9ff6f57aa0411521cb38a9724e47ab

SHA256
282a2e8a70cdaed0ca23c6b6e171975b8b8ad6ea60249f158f24441d48999c5a

SHA512
c4c516155d07882b56bde8f3c6a01f20abd8375cb935717737253db0252f632232f6700a28f57c9b4ae18a5bdac28e6973be0d20feef0c32b4233f877ec27638

Download Submit
C:\Program Files (x86)\iTubeGo\Qt5WebEngineCore.dll
Filesize
78.2MB

MD5
a4573a53288be3278dab79e7a5949615

SHA1
0839b623b3a4db3401463743a384ce3c25678545

SHA256
84a4643e2e4b185a93fe3ac2d2f47a32513d9ac3c4fdf8335fc5f2b70c718272

SHA512
71b86b5216639c2b408011e2b18e2bd1837e39da71aa1569a435c17b3cca4e542275ff1dc6add49102378816961b1cd00939eb8a1845bef6f9ea146d6dbdd365

Download Submit
C:\Program Files (x86)\iTubeGo\Qt5WebEngineWidgets.dll
Filesize
217KB

MD5
601e97543a777df6919d24b61038c4b1

SHA1
4e8ba9e7563d3cd714898065f805e005760f9fa8

SHA256
44d92d747dd9aaeef9d516386aee4860d327fc9e68e55d16cd666f3c536c6683

SHA512
6508c166e81dd0bf193777cb3038140db15a0febe576a6495d0e991dfd6e711c10c55059722dbea3eb84e2d28995cb155124c2de53295ae7f8c168afa5a954cf

Download Submit
C:\Program Files (x86)\iTubeGo\VCRUNTIME140.dll
Filesize
81KB

MD5
8e65e033799eb9fd46bc5c184e7d1b85

SHA1
e1cc5313be1f7df4c43697f8f701305585fe4e71

SHA256
be38a38e22128af9a529af33d1f02dd24b2a344d29175939e229cf3a280673e4

SHA512
e0207fe2c327e7a66c42f23b3cbabc771d3819275dc970a9fa82d7af5f26606685644b8ea511f87ec511eb3a086a9506adec96c01c1b80b788c253bd0d459fbd

Download Submit
C:\Program Files (x86)\iTubeGo\api-ms-win-core-file-l1-2-0.dll
Filesize
18KB

MD5
f6d1216e974fb76585fd350ebdc30648

SHA1
f8f73aa038e49d9fcf3bd05a30dc2e8cbbe54a7c

SHA256
348b70e57ae0329ac40ac3d866b8e896b0b8fef7e8809a09566f33af55d33271

SHA512
756ee21ba895179a5b6836b75aeefb75389b0fe4ae2aaff9ed84f33075094663117133c810ab2e697ec04eaffd54ff03efa3b9344e467a847acea9f732935843

Download Submit
C:\Program Files (x86)\iTubeGo\api-ms-win-core-file-l2-1-0.dll
Filesize
18KB

MD5
bfb08fb09e8d68673f2f0213c59e2b97

SHA1
e1e5ff4e7dd1c902afbe195d3e9fd2a7d4a539f2

SHA256
6d5881719e9599bf10a4193c8e2ded2a38c10de0ba8904f48c67f2da6e84ed3e

SHA512
e4f33306f3d06ea5c8e539ebdb6926d5f818234f481ff4605a9d5698ae8f2afdf79f194acd0e55ac963383b78bb4c9311ee97f3a188e12fbf2ee13b35d409900

Download Submit
C:\Program Files (x86)\iTubeGo\api-ms-win-core-localization-l1-2-0.dll
Filesize
20KB

MD5
3b9d034ca8a0345bc8f248927a86bf22

SHA1
95faf5007daf8ba712a5d17f865f0e7938da662b

SHA256
a7ac7ece5e626c0b4e32c13299e9a44c8c380c8981ce4965cbe4c83759d2f52d

SHA512
04f0830878e0166ffd1220536592d0d7ec8aacd3f04340a8d91df24d728f34fbbd559432e5c35f256d231afe0ae926139d7503107cea09bfd720ad65e19d1cdc

Download Submit
C:\Program Files (x86)\iTubeGo\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
18KB

MD5
c2ead5fcce95a04d31810768a3d44d57

SHA1
96e791b4d217b3612b0263e8df2f00009d5af8d8

SHA256
42a9a3d8a4a7c82cb6ec42c62d3a522daa95beb01ecb776aac2bfd4aa1e58d62

SHA512
c90048481d8f0a5eda2eb6e7703b5a064f481bb7d8c78970408b374cb82e89febc2e36633f1f3e28323fb633d6a95aa1050a626cb0cb5ec62e9010491aae91f4

Download Submit
C:\Program Files (x86)\iTubeGo\api-ms-win-core-synch-l1-2-0.dll
Filesize
18KB

MD5
f6b4d8d403d22eb87a60bf6e4a3e7041

SHA1
b51a63f258b57527549d5331c405eacc77969433

SHA256
25687e95b65d0521f8c737df301bf90db8940e1c0758bb6ea5c217cf7d2f2270

SHA512
1acd8f7bc5d3ae1db46824b3a5548b33e56c9bac81dcd2e7d90fdbd1d3dd76f93cdf4d52a5f316728f92e623f73bc2ccd0bc505a259dff20c1a5a2eb2f12e41b

Download Submit
C:\Program Files (x86)\iTubeGo\api-ms-win-core-timezone-l1-1-0.dll
Filesize
18KB

MD5
a20084f41b3f1c549d6625c790b72268

SHA1
e3669b8d89402a047bfbf9775d18438b0d95437e

SHA256
0fa42237fd1140fd125c6edb728d4c70ad0276c72fa96c2faabf7f429fa7e8f1

SHA512
ddf294a47dd80b3abfb3a0d82bc5f2b510d3734439f5a25da609edbbd9241ed78045114d011925d61c3d80b1ccd0283471b1dad4cf16e2194e9bc22e8abf278f

Download Submit
C:\Program Files (x86)\iTubeGo\api-ms-win-crt-convert-l1-1-0.dll
Filesize
22KB

MD5
5245f303e96166b8e625dd0a97e2d66a

SHA1
1c9ed748763f1ff5b14b8c791a4c29de753a96ab

SHA256
90a63611d9169a8cd7d030cd2b107b6e290e50e2beba6fa640a7497a8599aff5

SHA512
af51f341670f925449e69c4b5f0a82f4fc4eb32913943272c32e3f3f18ee43b4afb78c0d7d2f965c1abe6a0f3a368616dd7a4fb74d83d22d1b69b405aef1e043

Download Submit
C:\Program Files (x86)\iTubeGo\api-ms-win-crt-environment-l1-1-0.dll
Filesize
18KB

MD5
45c54a21261180410091cefb23f6a5ae

SHA1
80eee466d086d30c61eaefc559d57e5e64f56f61

SHA256
2b0fea07db507b7266346eab3ca7ede3821876aadc519daf059b130b85640918

SHA512
4962f85c94162fe2e35979fff4e4b3752f322c61d801419769916f5e3a0e0c406284d95c22709c690212d4572eb688d9311a8f85f17c4f5d1a5a9f00e732808c

Download Submit
C:\Program Files (x86)\iTubeGo\api-ms-win-crt-filesystem-l1-1-0.dll
Filesize
20KB

MD5
ab8734c2328a46e7e9583befeb7085a2

SHA1
b4686f07d1217c77eb013153e6ff55b34be0af65

SHA256
921b7cf74744c4336f976db6750921b2a0960e8aa11268457f5ed27c0e13b2c8

SHA512
fd7e828f842deabf2dcdcea3e947dc3aa909c0b6a35c75fd64edc63c359ab97020876e6c59ad335a2a166437fa65f57433f86c1c2fe10a34b90d15d8592fe911

Download Submit
C:\Program Files (x86)\iTubeGo\api-ms-win-crt-heap-l1-1-0.dll
Filesize
19KB

MD5
39d81596a7308e978d67ad6fdccdd331

SHA1
a0b2d43dd1c27d8244d11495e16d9f4f889e34c4

SHA256
3d109fd01f6684414d8a1d0d2f5e6c5b4e24de952a0695884744a6cbd44a8ec7

SHA512
0ef6578de4e6ba55eda64691892d114e154d288c419d05d6cff0ef4240118c20a4ce7f4174eec1a33397c6cd0135d13798dc91cc97416351775f9abf60fcae76

Download Submit
C:\Program Files (x86)\iTubeGo\api-ms-win-crt-locale-l1-1-0.dll
Filesize
18KB

MD5
e70d8fe9d21841202b4fd1cf55d37ac5

SHA1
fa62fb609d15c8ad3b5a12618bcc50f0d95cdea3

SHA256
e087f611b3659151dfb674728202944a7c0fe71710f280840e00a5c4b640632d

SHA512
bd38bdf80defd4548580e7973d89ed29e1edd401f202c367a3ba0020678206da3acc9b4436c9a122e4efc32e80dbb39eb9bf08587e4febc8f14ec86a8993bcc8

Download Submit
C:\Program Files (x86)\iTubeGo\api-ms-win-crt-math-l1-1-0.dll
Filesize
28KB

MD5
d0d380af839124368a96d6aa82c7c8ae

SHA1
e2ac42f829085e0e5beea29fcff09e467810a777

SHA256
06985d00bf4985024e95442702bbdb53c2127e99f16440424f3380a88883f1a5

SHA512
daf3997922e18c0be088a15209c9f01cc1dda90972a6aadcf76de867b85d34483ad5e138e3fa321c7140bf8e455c2b908d0a4db6a9e35011786398656b886479

Download Submit
C:\Program Files (x86)\iTubeGo\api-ms-win-crt-multibyte-l1-1-0.dll
Filesize
26KB

MD5
809bc1010eaf714cd095189af236ce2f

SHA1
10dbc383f7c49de17fc50e830e3cb494cc873dd1

SHA256
b52f2b9de19d12b0e727e13e3dde93009e487bfb2dd97fd23952c7080949d97e

SHA512
f72ec10a0005e7023187ef6ccedf2af81d16174e628369fb834af78e4ef2f3d44bf8b70e9b894abc6791d7b9720c62c52a697ff0ade0edddcaa52b6f14630d1d

Download Submit
C:\Program Files (x86)\iTubeGo\api-ms-win-crt-runtime-l1-1-0.dll
Filesize
22KB

MD5
ae3fa6bf777b0429b825fb6b028f8a48

SHA1
b53dbfdb7c8deaa9a05381f5ac2e596830039838

SHA256
66b86ed0867fe22e80b9b737f3ee428be71f5e98d36f774abbf92e3aaca71bfb

SHA512
1339e7ce01916573e7fdd71e331eeee5e27b1ddd968cadfa6cbc73d58070b9c9f8d9515384af004e5e015bd743c7a629eb0c62a6c0fa420d75b069096c5d1ece

Download Submit
C:\Program Files (x86)\iTubeGo\api-ms-win-crt-stdio-l1-1-0.dll
Filesize
24KB

MD5
32d7b95b1bce23db9fbd0578053ba87f

SHA1
7e14a34ac667a087f66d576c65cd6fe6c1dfdd34

SHA256
104a76b41cbd9a945dba43a6ffa8c6de99db2105d4ce93a717729a9bd020f728

SHA512
7dad74a0e3820a8237bab48f4962fe43e5b60b00f003a5de563b4cf61ee206353c9689a639566dc009f41585b54b915ff04f014230f0f38416020e08c8a44cb4

Download Submit
C:\Program Files (x86)\iTubeGo\api-ms-win-crt-string-l1-1-0.dll
Filesize
24KB

MD5
5e72659b38a2977984bbc23ed274f007

SHA1
ea622d608cc942bdb0fad118c8060b60b2e985c9

SHA256
44a4db6080f6bdae6151f60ae5dc420faa3be50902e88f8f14ad457dec3fe4ea

SHA512
ed3cb656a5f5aee2cc04dd1f25b1390d52f3e85f0c7742ed0d473a117d2ac49e225a0cb324c31747d221617abcd6a9200c16dd840284bb29155726a3aa749bb1

Download Submit
C:\Program Files (x86)\iTubeGo\api-ms-win-crt-time-l1-1-0.dll
Filesize
20KB

MD5
1fa7c2b81cdfd7ace42a2a9a0781c946

SHA1
f5b7117d18a7335228829447e3eccc7b806ef478

SHA256
cafdb772a1d7acf0807478fdba1e00fd101fc29c136547b37131f80d21dacffd

SHA512
339cdaf8de445cf05bc201400d65bb9037ea7a3782ba76864842adb6fbe5445d06863227dd774ab50e6f582b75886b302d5dd152aff1825cf90e4f252398ace0

Download Submit
C:\Program Files (x86)\iTubeGo\api-ms-win-crt-utility-l1-1-0.dll
Filesize
18KB

MD5
d6abf5c056d80592f8e2439e195d61ac

SHA1
33f793fd6a28673e766ad11ee1cf8eb8ef351bc0

SHA256
8858d883d180cea63e3bf4a3f5bc9e0f9fa16c9a35a84c4efe65308cea13a364

SHA512
6678f17f2274aabba5279ba40a0159ff8a54241d811845a48d845172f4aa6f7397cfd07bf2368299a613df1f3ff12e06c0e62c26683dfb08d82122609c3a3f62

Download Submit
C:\Program Files (x86)\iTubeGo\dbghelp.dll
Filesize
1.0MB

MD5
5c5e3afd499e5146fef1da5ef8a23205

SHA1
8245691416e509a3a1bd8e321aa6d2ff1925a224

SHA256
9a26ffaffb26fa6549c6da75f76238a903ca723f9dad356fba8d91067fe312fd

SHA512
595eb2a4928092a64224077a3fee0dc80a58cb12cf174bf648efe381f81846f345f1f1556cfd90026715ae4fd5c7913eeb46cc7df08f97118a76c58422e7d0dc

Download Submit
C:\Program Files (x86)\iTubeGo\iTubeGo.exe
Filesize
2.2MB

MD5
366d86e9e2a91fbdca12309e9fd3455a

SHA1
61492a335845085f289c5e6f8f67524b179a2b26

SHA256
e328501f7d96fdda004fb544c57887c7c8e81e27c88c418c30954fd5753b2913

SHA512
f58783d8079eb07ee8cdb609d1756027ec436658da035d8470e1c542ada2aed90f69be2c65565baf2ed76fa79d863fa25df3bf4e1fb561817ac8007f23ad18cb

Download Submit
C:\Program Files (x86)\iTubeGo\iTubeGo.exe
Filesize
2.2MB

MD5
366d86e9e2a91fbdca12309e9fd3455a

SHA1
61492a335845085f289c5e6f8f67524b179a2b26

SHA256
e328501f7d96fdda004fb544c57887c7c8e81e27c88c418c30954fd5753b2913

SHA512
f58783d8079eb07ee8cdb609d1756027ec436658da035d8470e1c542ada2aed90f69be2c65565baf2ed76fa79d863fa25df3bf4e1fb561817ac8007f23ad18cb

Download Submit
C:\Program Files (x86)\iTubeGo\libcryptoMD.dll
Filesize
1.8MB

MD5
7e7afcc0f4ea34dc378b351fbd051aa3

SHA1
2bb6ade7fb990d88487cfff8c96e498d9393ec5e

SHA256
63a216dac279e1039864b514b499fff625ce9bc783e2b6b25b7c54376668ce6d

SHA512
e205538220c50931aea25ee31f67aa86fb8e640e870ca6c4b33ac507c57996f656867a2e589deb7ea4e0cf4548dce78c78656db58616f097830c8afd3f60043f

Download Submit
C:\Program Files (x86)\iTubeGo\spdlogCore.dll
Filesize
263KB

MD5
2bc87dcb642e02f288f29824fb3d5f1a

SHA1
66dc17e3f64efe1a7658beabb3dada7a7958c507

SHA256
f2969d63c1e1c5e7d4f502cf84ef289cad43027ef9076c2e88bfa3ab87f4c161

SHA512
01f7af7dda66bd7eb7fca36c0a2e03d6043ca2288e2f4872a35aa54fb8ec8748e68858129d3d6e2b00845e3fb45d7ecc4ae8651053315703d846caceee05207f

Download Submit
C:\Program Files (x86)\iTubeGo\ucrtbase.DLL
Filesize
879KB

MD5
3e0303f978818e5c944f5485792696fd

SHA1
3b6e3ea9f5a6bbdeda20d68b84e4b51dc48deb1d

SHA256
7041885b2a8300bf12a46510228ce8d103d74e83b1baf696b84ff3e5ab785dd1

SHA512
c2874029bd269e6b9f7000c48d0710c52664c44e91c3086df366c3456b8bce0ed4d7e5bcfe4bdd3d03b11b8245c65f4b848b6dc58e6ea7b1de9b3ca2fb3348bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-H6H07.tmp\itubego_pd.tmp
Filesize
2.4MB

MD5
47bb561a0504895bf52056b2f8f1e15e

SHA1
423e45d22a832ff6c8294fc8f9e4aed663333920

SHA256
c97b4256642f8e53001dfd069da54899693c91a5f60bd9adb480d5148a4ba637

SHA512
5e54476da418a3b48c47f716379091e5e9357a31592dd09589f85f936334af71c8137044ecb8429bd6e1d6662075fd085f4adcd1fb8a4cd3fd4762caf7e4fe51

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-H6H07.tmp\itubego_pd.tmp
Filesize
2.4MB

MD5
47bb561a0504895bf52056b2f8f1e15e

SHA1
423e45d22a832ff6c8294fc8f9e4aed663333920

SHA256
c97b4256642f8e53001dfd069da54899693c91a5f60bd9adb480d5148a4ba637

SHA512
5e54476da418a3b48c47f716379091e5e9357a31592dd09589f85f936334af71c8137044ecb8429bd6e1d6662075fd085f4adcd1fb8a4cd3fd4762caf7e4fe51

Download Submit
\Program Files (x86)\iTubeGo\Qt5Core.dll
Filesize
5.2MB

MD5
26935dea5bc988a4d5a8bec36d6c2739

SHA1
789e86dd8f643faa31a92bb4d0c2c0a2c0ddd807

SHA256
842df61d0e96e86e4bc46d2d144af871c133ba3bf6dbf3881be0782d6528e030

SHA512
1813c62beed16870d2114ca39105a8694a96174398b5eddc1544a1845016571625cc7d4609f573ab069f15ca0550077fb6efc176ff8db8f22b7c7ea5f3abcfe3

Download Submit
\Program Files (x86)\iTubeGo\Qt5Gui.dll
Filesize
5.5MB

MD5
1b83ffee296d25c08b23500c12367269

SHA1
7a0608314e65f80756892cbdf2b79aa87c3f884e

SHA256
d75892ee35ad7f529b380a7b191c8b114dc531360776838332076d88e225c681

SHA512
8d990af34514e96fb6d8b101ccb8e257d1c2736af3eb69e39436d0e1ce59f8460c39d602f93a7652e7edec345262dc64fbb67c02020ecf82e8a0b21676331a97

Download Submit
\Program Files (x86)\iTubeGo\Qt5Quick.dll
Filesize
3.4MB

MD5
e80a1336a6b322db8e595c896d804071

SHA1
566b9e315c9ff6f57aa0411521cb38a9724e47ab

SHA256
282a2e8a70cdaed0ca23c6b6e171975b8b8ad6ea60249f158f24441d48999c5a

SHA512
c4c516155d07882b56bde8f3c6a01f20abd8375cb935717737253db0252f632232f6700a28f57c9b4ae18a5bdac28e6973be0d20feef0c32b4233f877ec27638

Download Submit
\Program Files (x86)\iTubeGo\Qt5WebEngineCore.dll
Filesize
78.2MB

MD5
a4573a53288be3278dab79e7a5949615

SHA1
0839b623b3a4db3401463743a384ce3c25678545

SHA256
84a4643e2e4b185a93fe3ac2d2f47a32513d9ac3c4fdf8335fc5f2b70c718272

SHA512
71b86b5216639c2b408011e2b18e2bd1837e39da71aa1569a435c17b3cca4e542275ff1dc6add49102378816961b1cd00939eb8a1845bef6f9ea146d6dbdd365

Download Submit
\Program Files (x86)\iTubeGo\Qt5WebEngineWidgets.dll
Filesize
217KB

MD5
601e97543a777df6919d24b61038c4b1

SHA1
4e8ba9e7563d3cd714898065f805e005760f9fa8

SHA256
44d92d747dd9aaeef9d516386aee4860d327fc9e68e55d16cd666f3c536c6683

SHA512
6508c166e81dd0bf193777cb3038140db15a0febe576a6495d0e991dfd6e711c10c55059722dbea3eb84e2d28995cb155124c2de53295ae7f8c168afa5a954cf

Download Submit
\Program Files (x86)\iTubeGo\api-ms-win-core-file-l1-2-0.dll
Filesize
18KB

MD5
f6d1216e974fb76585fd350ebdc30648

SHA1
f8f73aa038e49d9fcf3bd05a30dc2e8cbbe54a7c

SHA256
348b70e57ae0329ac40ac3d866b8e896b0b8fef7e8809a09566f33af55d33271

SHA512
756ee21ba895179a5b6836b75aeefb75389b0fe4ae2aaff9ed84f33075094663117133c810ab2e697ec04eaffd54ff03efa3b9344e467a847acea9f732935843

Download Submit
\Program Files (x86)\iTubeGo\api-ms-win-core-file-l2-1-0.dll
Filesize
18KB

MD5
bfb08fb09e8d68673f2f0213c59e2b97

SHA1
e1e5ff4e7dd1c902afbe195d3e9fd2a7d4a539f2

SHA256
6d5881719e9599bf10a4193c8e2ded2a38c10de0ba8904f48c67f2da6e84ed3e

SHA512
e4f33306f3d06ea5c8e539ebdb6926d5f818234f481ff4605a9d5698ae8f2afdf79f194acd0e55ac963383b78bb4c9311ee97f3a188e12fbf2ee13b35d409900

Download Submit
\Program Files (x86)\iTubeGo\api-ms-win-core-localization-l1-2-0.dll
Filesize
20KB

MD5
3b9d034ca8a0345bc8f248927a86bf22

SHA1
95faf5007daf8ba712a5d17f865f0e7938da662b

SHA256
a7ac7ece5e626c0b4e32c13299e9a44c8c380c8981ce4965cbe4c83759d2f52d

SHA512
04f0830878e0166ffd1220536592d0d7ec8aacd3f04340a8d91df24d728f34fbbd559432e5c35f256d231afe0ae926139d7503107cea09bfd720ad65e19d1cdc

Download Submit
\Program Files (x86)\iTubeGo\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
18KB

MD5
c2ead5fcce95a04d31810768a3d44d57

SHA1
96e791b4d217b3612b0263e8df2f00009d5af8d8

SHA256
42a9a3d8a4a7c82cb6ec42c62d3a522daa95beb01ecb776aac2bfd4aa1e58d62

SHA512
c90048481d8f0a5eda2eb6e7703b5a064f481bb7d8c78970408b374cb82e89febc2e36633f1f3e28323fb633d6a95aa1050a626cb0cb5ec62e9010491aae91f4

Download Submit
\Program Files (x86)\iTubeGo\api-ms-win-core-synch-l1-2-0.dll
Filesize
18KB

MD5
f6b4d8d403d22eb87a60bf6e4a3e7041

SHA1
b51a63f258b57527549d5331c405eacc77969433

SHA256
25687e95b65d0521f8c737df301bf90db8940e1c0758bb6ea5c217cf7d2f2270

SHA512
1acd8f7bc5d3ae1db46824b3a5548b33e56c9bac81dcd2e7d90fdbd1d3dd76f93cdf4d52a5f316728f92e623f73bc2ccd0bc505a259dff20c1a5a2eb2f12e41b

Download Submit
\Program Files (x86)\iTubeGo\api-ms-win-core-timezone-l1-1-0.dll
Filesize
18KB

MD5
a20084f41b3f1c549d6625c790b72268

SHA1
e3669b8d89402a047bfbf9775d18438b0d95437e

SHA256
0fa42237fd1140fd125c6edb728d4c70ad0276c72fa96c2faabf7f429fa7e8f1

SHA512
ddf294a47dd80b3abfb3a0d82bc5f2b510d3734439f5a25da609edbbd9241ed78045114d011925d61c3d80b1ccd0283471b1dad4cf16e2194e9bc22e8abf278f

Download Submit
\Program Files (x86)\iTubeGo\api-ms-win-crt-convert-l1-1-0.dll
Filesize
22KB

MD5
5245f303e96166b8e625dd0a97e2d66a

SHA1
1c9ed748763f1ff5b14b8c791a4c29de753a96ab

SHA256
90a63611d9169a8cd7d030cd2b107b6e290e50e2beba6fa640a7497a8599aff5

SHA512
af51f341670f925449e69c4b5f0a82f4fc4eb32913943272c32e3f3f18ee43b4afb78c0d7d2f965c1abe6a0f3a368616dd7a4fb74d83d22d1b69b405aef1e043

Download Submit
\Program Files (x86)\iTubeGo\api-ms-win-crt-environment-l1-1-0.dll
Filesize
18KB

MD5
45c54a21261180410091cefb23f6a5ae

SHA1
80eee466d086d30c61eaefc559d57e5e64f56f61

SHA256
2b0fea07db507b7266346eab3ca7ede3821876aadc519daf059b130b85640918

SHA512
4962f85c94162fe2e35979fff4e4b3752f322c61d801419769916f5e3a0e0c406284d95c22709c690212d4572eb688d9311a8f85f17c4f5d1a5a9f00e732808c

Download Submit
\Program Files (x86)\iTubeGo\api-ms-win-crt-filesystem-l1-1-0.dll
Filesize
20KB

MD5
ab8734c2328a46e7e9583befeb7085a2

SHA1
b4686f07d1217c77eb013153e6ff55b34be0af65

SHA256
921b7cf74744c4336f976db6750921b2a0960e8aa11268457f5ed27c0e13b2c8

SHA512
fd7e828f842deabf2dcdcea3e947dc3aa909c0b6a35c75fd64edc63c359ab97020876e6c59ad335a2a166437fa65f57433f86c1c2fe10a34b90d15d8592fe911

Download Submit
\Program Files (x86)\iTubeGo\api-ms-win-crt-heap-l1-1-0.dll
Filesize
19KB

MD5
39d81596a7308e978d67ad6fdccdd331

SHA1
a0b2d43dd1c27d8244d11495e16d9f4f889e34c4

SHA256
3d109fd01f6684414d8a1d0d2f5e6c5b4e24de952a0695884744a6cbd44a8ec7

SHA512
0ef6578de4e6ba55eda64691892d114e154d288c419d05d6cff0ef4240118c20a4ce7f4174eec1a33397c6cd0135d13798dc91cc97416351775f9abf60fcae76

Download Submit
\Program Files (x86)\iTubeGo\api-ms-win-crt-locale-l1-1-0.dll
Filesize
18KB

MD5
e70d8fe9d21841202b4fd1cf55d37ac5

SHA1
fa62fb609d15c8ad3b5a12618bcc50f0d95cdea3

SHA256
e087f611b3659151dfb674728202944a7c0fe71710f280840e00a5c4b640632d

SHA512
bd38bdf80defd4548580e7973d89ed29e1edd401f202c367a3ba0020678206da3acc9b4436c9a122e4efc32e80dbb39eb9bf08587e4febc8f14ec86a8993bcc8

Download Submit
\Program Files (x86)\iTubeGo\api-ms-win-crt-math-l1-1-0.dll
Filesize
28KB

MD5
d0d380af839124368a96d6aa82c7c8ae

SHA1
e2ac42f829085e0e5beea29fcff09e467810a777

SHA256
06985d00bf4985024e95442702bbdb53c2127e99f16440424f3380a88883f1a5

SHA512
daf3997922e18c0be088a15209c9f01cc1dda90972a6aadcf76de867b85d34483ad5e138e3fa321c7140bf8e455c2b908d0a4db6a9e35011786398656b886479

Download Submit
\Program Files (x86)\iTubeGo\api-ms-win-crt-multibyte-l1-1-0.dll
Filesize
26KB

MD5
809bc1010eaf714cd095189af236ce2f

SHA1
10dbc383f7c49de17fc50e830e3cb494cc873dd1

SHA256
b52f2b9de19d12b0e727e13e3dde93009e487bfb2dd97fd23952c7080949d97e

SHA512
f72ec10a0005e7023187ef6ccedf2af81d16174e628369fb834af78e4ef2f3d44bf8b70e9b894abc6791d7b9720c62c52a697ff0ade0edddcaa52b6f14630d1d

Download Submit
\Program Files (x86)\iTubeGo\api-ms-win-crt-runtime-l1-1-0.dll
Filesize
22KB

MD5
ae3fa6bf777b0429b825fb6b028f8a48

SHA1
b53dbfdb7c8deaa9a05381f5ac2e596830039838

SHA256
66b86ed0867fe22e80b9b737f3ee428be71f5e98d36f774abbf92e3aaca71bfb

SHA512
1339e7ce01916573e7fdd71e331eeee5e27b1ddd968cadfa6cbc73d58070b9c9f8d9515384af004e5e015bd743c7a629eb0c62a6c0fa420d75b069096c5d1ece

Download Submit
\Program Files (x86)\iTubeGo\api-ms-win-crt-stdio-l1-1-0.dll
Filesize
24KB

MD5
32d7b95b1bce23db9fbd0578053ba87f

SHA1
7e14a34ac667a087f66d576c65cd6fe6c1dfdd34

SHA256
104a76b41cbd9a945dba43a6ffa8c6de99db2105d4ce93a717729a9bd020f728

SHA512
7dad74a0e3820a8237bab48f4962fe43e5b60b00f003a5de563b4cf61ee206353c9689a639566dc009f41585b54b915ff04f014230f0f38416020e08c8a44cb4

Download Submit
\Program Files (x86)\iTubeGo\api-ms-win-crt-string-l1-1-0.dll
Filesize
24KB

MD5
5e72659b38a2977984bbc23ed274f007

SHA1
ea622d608cc942bdb0fad118c8060b60b2e985c9

SHA256
44a4db6080f6bdae6151f60ae5dc420faa3be50902e88f8f14ad457dec3fe4ea

SHA512
ed3cb656a5f5aee2cc04dd1f25b1390d52f3e85f0c7742ed0d473a117d2ac49e225a0cb324c31747d221617abcd6a9200c16dd840284bb29155726a3aa749bb1

Download Submit
\Program Files (x86)\iTubeGo\api-ms-win-crt-time-l1-1-0.dll
Filesize
20KB

MD5
1fa7c2b81cdfd7ace42a2a9a0781c946

SHA1
f5b7117d18a7335228829447e3eccc7b806ef478

SHA256
cafdb772a1d7acf0807478fdba1e00fd101fc29c136547b37131f80d21dacffd

SHA512
339cdaf8de445cf05bc201400d65bb9037ea7a3782ba76864842adb6fbe5445d06863227dd774ab50e6f582b75886b302d5dd152aff1825cf90e4f252398ace0

Download Submit
\Program Files (x86)\iTubeGo\api-ms-win-crt-utility-l1-1-0.dll
Filesize
18KB

MD5
d6abf5c056d80592f8e2439e195d61ac

SHA1
33f793fd6a28673e766ad11ee1cf8eb8ef351bc0

SHA256
8858d883d180cea63e3bf4a3f5bc9e0f9fa16c9a35a84c4efe65308cea13a364

SHA512
6678f17f2274aabba5279ba40a0159ff8a54241d811845a48d845172f4aa6f7397cfd07bf2368299a613df1f3ff12e06c0e62c26683dfb08d82122609c3a3f62

Download Submit
\Program Files (x86)\iTubeGo\dbghelp.dll
Filesize
1.0MB

MD5
5c5e3afd499e5146fef1da5ef8a23205

SHA1
8245691416e509a3a1bd8e321aa6d2ff1925a224

SHA256
9a26ffaffb26fa6549c6da75f76238a903ca723f9dad356fba8d91067fe312fd

SHA512
595eb2a4928092a64224077a3fee0dc80a58cb12cf174bf648efe381f81846f345f1f1556cfd90026715ae4fd5c7913eeb46cc7df08f97118a76c58422e7d0dc

Download Submit
\Program Files (x86)\iTubeGo\libcryptoMD.dll
Filesize
1.8MB

MD5
7e7afcc0f4ea34dc378b351fbd051aa3

SHA1
2bb6ade7fb990d88487cfff8c96e498d9393ec5e

SHA256
63a216dac279e1039864b514b499fff625ce9bc783e2b6b25b7c54376668ce6d

SHA512
e205538220c50931aea25ee31f67aa86fb8e640e870ca6c4b33ac507c57996f656867a2e589deb7ea4e0cf4548dce78c78656db58616f097830c8afd3f60043f

Download Submit
\Program Files (x86)\iTubeGo\msvcp140.dll
Filesize
429KB

MD5
cfbdf284c12056347e6773cb3949fbba

SHA1
ad3fa5fbbc4296d4a901ea94460762faf3d6a2b8

SHA256
bbecdfda2551b01aa16005c88305982c360a9fb9ba3d9be2fb15f2e9c6eb809f

SHA512
2f24eac94d51f8f28c8e6b6234ca2e481e0f8f1a73df62766ff4f5640480377fb2c4a469babedb87d303503994b469e570aaf725e16da6f9b2d6a77f15b4623f

Download Submit
\Program Files (x86)\iTubeGo\msvcp140_1.dll
Filesize
22KB

MD5
2a31e80d4231ee1e21744b7cfc6d3b4e

SHA1
4ebb489e8eb1411a6c44d446669ee519a49e9656

SHA256
01d02cc706198987e0c616891b00fbd63d15329139dfb8af3475ad25294d3de6

SHA512
6ed116b62ee093aa40dd9ab45827b16f57d6bb2b7ba4d1d66147ed7a476d9f559fcd37ceb62d5df02c8c06aa8e402a37cfc428836ea00c52fd0cf5f4bf09f244

Download Submit
\Program Files (x86)\iTubeGo\spdlogCore.dll
Filesize
263KB

MD5
2bc87dcb642e02f288f29824fb3d5f1a

SHA1
66dc17e3f64efe1a7658beabb3dada7a7958c507

SHA256
f2969d63c1e1c5e7d4f502cf84ef289cad43027ef9076c2e88bfa3ab87f4c161

SHA512
01f7af7dda66bd7eb7fca36c0a2e03d6043ca2288e2f4872a35aa54fb8ec8748e68858129d3d6e2b00845e3fb45d7ecc4ae8651053315703d846caceee05207f

Download Submit
\Program Files (x86)\iTubeGo\ucrtbase.dll
Filesize
879KB

MD5
3e0303f978818e5c944f5485792696fd

SHA1
3b6e3ea9f5a6bbdeda20d68b84e4b51dc48deb1d

SHA256
7041885b2a8300bf12a46510228ce8d103d74e83b1baf696b84ff3e5ab785dd1

SHA512
c2874029bd269e6b9f7000c48d0710c52664c44e91c3086df366c3456b8bce0ed4d7e5bcfe4bdd3d03b11b8245c65f4b848b6dc58e6ea7b1de9b3ca2fb3348bc

Download Submit
\Program Files (x86)\iTubeGo\vcruntime140.dll
Filesize
81KB

MD5
8e65e033799eb9fd46bc5c184e7d1b85

SHA1
e1cc5313be1f7df4c43697f8f701305585fe4e71

SHA256
be38a38e22128af9a529af33d1f02dd24b2a344d29175939e229cf3a280673e4

SHA512
e0207fe2c327e7a66c42f23b3cbabc771d3819275dc970a9fa82d7af5f26606685644b8ea511f87ec511eb3a086a9506adec96c01c1b80b788c253bd0d459fbd

Download Submit
\Users\Admin\AppData\Local\Temp\is-H6H07.tmp\itubego_pd.tmp
Filesize
2.4MB

MD5
47bb561a0504895bf52056b2f8f1e15e

SHA1
423e45d22a832ff6c8294fc8f9e4aed663333920

SHA256
c97b4256642f8e53001dfd069da54899693c91a5f60bd9adb480d5148a4ba637

SHA512
5e54476da418a3b48c47f716379091e5e9357a31592dd09589f85f936334af71c8137044ecb8429bd6e1d6662075fd085f4adcd1fb8a4cd3fd4762caf7e4fe51

Download Submit
memory/436-678-0x0000000000210000-0x0000000000220000-memory.dmp

Filesize
64KB

Download
memory/436-681-0x0000000000780000-0x000000000078A000-memory.dmp

Filesize
40KB

Download
memory/436-679-0x0000000000440000-0x000000000044A000-memory.dmp

Filesize
40KB

Download
memory/436-682-0x0000000000780000-0x000000000078A000-memory.dmp

Filesize
40KB

Download
memory/436-692-0x0000000000780000-0x000000000078A000-memory.dmp

Filesize
40KB

Download
memory/436-693-0x0000000000780000-0x000000000078A000-memory.dmp

Filesize
40KB

Download
memory/908-63-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/908-54-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/908-676-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/952-164-0x0000000000400000-0x000000000067C000-memory.dmp

Filesize
2.5MB

Download
memory/952-671-0x0000000000400000-0x000000000067C000-memory.dmp

Filesize
2.5MB

Download
memory/952-61-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/952-64-0x0000000000400000-0x000000000067C000-memory.dmp

Filesize
2.5MB

Download
memory/952-152-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/952-580-0x0000000000400000-0x000000000067C000-memory.dmp

Filesize
2.5MB

Download
memory/1904-684-0x00000000002B0000-0x00000000002C0000-memory.dmp

Filesize
64KB

Download