6c0d68f540576b53b24a28d1c0b404a2c6e1c3633ec5a9b7f0d5959f281a4cda

Analysis

max time kernel
150s
max time network
69s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 07:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
Size

38.7MB
MD5

b4b567ca1891125a3fc403f4f7836417
SHA1

211cb4f0d73617eac9268e8681d9119505fea594
SHA256

bfd5135fb86ec881732283e700ac1432453c7b2e69592637f392b0d9091ff26f
SHA512

2795fd0840fc0209976f478fd2113d9ed93bcb099d6c388b495fec3f9319ec59917779232b5c611ae2ea83dcde192f89873cb86b1f0f1a206e719c0f3a480d52
SSDEEP

786432:f7owP035xSXvfpEotHqIGH29D89cpvmtUjrg9P8m:DonpwvQ8D892vmtA5m

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2284	ToolBox.exe
2668	minTray.exe

Loads dropped DLL 64 IoCs

pid	Process
2948	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
2948	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
2948	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
2948	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
2948	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
2948	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
2948	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
2948	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
2948	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
2948	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
2948	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
2948	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
2948	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
2948	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
2948	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
2948	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2948	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2284	ToolBox.exe
2668	minTray.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\ToolBox\Skin\Banner_accessories.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\Bar_btn_account2_d.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\bgColorWait.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\update_number1.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\user_icon.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\ToolIcon\1493253799114.gif	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\ProductPrivacyPolicyEng.txt	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\api-ms-win-crt-heap-l1-1-0.dll	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\video_pre.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\ToolTypeIcon\1488935607507.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\imageformats\qsvg.dll	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\translations\qt_ru.qm	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Protocol_load.txt	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\api-ms-win-core-file-l1-2-0.dll	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\Frame.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\icon_pre_loading.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\ok.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\ToolIcon\1504005692092.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\VisitorPermission.xml	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\Banner_cunchu.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\min-pressed.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\tree_more_open.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\plugins\access\libaccess_concat_plugin.dll	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\button_ok_d.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\SDKIcon\1500360974276.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\plugins\access\libfilesystem_plugin.dll	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\plugins\access\libftp_plugin.dll	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\plugins\access\libsdp_plugin.dll	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\plugins\video_filter\libfps_plugin.dll	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\step_normal.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\plugins\audio_filter\libugly_resampler_plugin.dll	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\plugins\video_filter\libblend_plugin.dll	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\plugins\video_filter\libscene_plugin.dll	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\arrow_left_pressed.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\bombbox_btn_close_pressed.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\border.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\down_nor.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\SDKIcon\1506499785446.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\ToolIcon\1503474684350.gif	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\plugins\access\libcdda_plugin.dll	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\plugins\video_output\libvmem_plugin.dll	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Config.xml	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\arrow_left_hover.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\tool.gif	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\ToolIcon\1524136750491.gif	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\imageformats\qwebp.dll	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\plugins\video_output\libwingdi_plugin.dll	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\btn_timeout_normal.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\btn_timeout_pressed.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\nav_up.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\plugins\video_filter\libmotionblur_plugin.dll	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\VisitorServer.xml	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\apply_icon.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\outglow.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\shousuo_nor.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\plugins\video_output\libflaschen_plugin.dll	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\libprotobuf-lite.dll	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\min-disabled.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\ToolIcon\1506390527102.gif	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\ToolTypeIcon\1491531413685.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\platforms\qwindows.dll	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\Collection_check.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\bombbox_btn_cancel_normal.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
File created	C:\Program Files (x86)\ToolBox\Skin\icon_nor_transfer.png	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ToolBox.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	minTray.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2284	ToolBox.exe
2668	minTray.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2948	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
2284	ToolBox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2284	ToolBox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
2668	minTray.exe
2668	minTray.exe
2668	minTray.exe
2668	minTray.exe
2668	minTray.exe
2668	minTray.exe

Suspicious use of SendNotifyMessage 6 IoCs

pid	Process
2668	minTray.exe
2668	minTray.exe
2668	minTray.exe
2668	minTray.exe
2668	minTray.exe
2668	minTray.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2284	ToolBox.exe
2668	minTray.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 2284	2948	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe	30
PID 2948 wrote to memory of 2284	2948	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe	30
PID 2948 wrote to memory of 2284	2948	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe	30
PID 2948 wrote to memory of 2284	2948	General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe	30
PID 2284 wrote to memory of 2668	2284	ToolBox.exe	31
PID 2284 wrote to memory of 2668	2284	ToolBox.exe	31
PID 2284 wrote to memory of 2668	2284	ToolBox.exe	31
PID 2284 wrote to memory of 2668	2284	ToolBox.exe	31
PID 2284 wrote to memory of 660	2284	ToolBox.exe	32
PID 2284 wrote to memory of 660	2284	ToolBox.exe	32
PID 2284 wrote to memory of 660	2284	ToolBox.exe	32
PID 2284 wrote to memory of 660	2284	ToolBox.exe	32

C:\Users\Admin\AppData\Local\Temp\General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe
"C:\Users\Admin\AppData\Local\Temp\General_ToolBox_Eng_Extranet_Install_V1.010.0000001.0.R.20220302.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Program Files (x86)\ToolBox\ToolBox.exe
  "C:\Program Files (x86)\ToolBox\ToolBox.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2284
- - C:\Program Files (x86)\ToolBox\minTray.exe
    "C:\Program Files (x86)\ToolBox\minTray.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:2668
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c ""C:/Program Files (x86)/ToolBox/SystemCache.bat""
    3⤵
    - System Location Discovery: System Language Discovery
    PID:660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\ToolBox\SystemCache.bat

Filesize
93B

MD5
a286a815b5b16c77915fc870d336038a

SHA1
acb330d33deab6817fa8fade19dcb77fb164f171

SHA256
2c384f416d4f6266ab001b107501e579f27251b1f5a7462f2ee1dd8634b343aa

SHA512
569f0fe0c8b29f0e34610ecb404085835cd6021a5e35d54c66b62ccbdb52a1467658c70382e6c107aa8d914385334a8a14ee63303456fa9718f835ba17807e98

Download Submit
C:\Program Files (x86)\ToolBox\activemq-cpp.dll

Filesize
5.6MB

MD5
f1426d74eb62c5cf7470d03418e479b6

SHA1
705b421ef250615060d9cb2e7921d903e854896e

SHA256
73dd3f5009d4aca0a3d5b99d996d499229d1553378a423c80a61257afa14daff

SHA512
351c65f6d876ffe3c198fb9eacc82d31b7006931d2a2d7cc4d23a8d517f52fd37123c573129176a092faefa72a89dbcf9455bf39d210f82d6c5d38f7dfbe1da4

Download Submit
C:\Program Files (x86)\ToolBox\libprotobuf.dll

Filesize
2.1MB

MD5
77fda54baaf5c4496bfe07ca06adb17f

SHA1
86a26488bb2c9109b179313c02ac0805df3e3f77

SHA256
d2d1bc9e4356f740b9f12b627a44f2e171639568fb7077fe5caaf80194cc4609

SHA512
bcb7de9b7c4a3799cc71b238a4930abc6d2da63c88628ace8778243c9b21d00ae3641995b677161f5a9ddba21b8fedae32ffc8f050f2c9b826f897a13ce0362a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu4C3.tmp\MsgDLL.dll

Filesize
404KB

MD5
0ad4a1201285c6acca5b8fb61b5db4b9

SHA1
b9234c5bdc6d175b40b5837e8e129c2aa243e903

SHA256
4ae2012d63d66f479fb9838477839520c50ae3f2c3f9d51b51be495b1ac3c4ec

SHA512
9fbc90ff196171da5bb1fbe6bee033180f0f96b878ab9082c78712049c4fee4ccc716b00e1a95b97040983bb3be0648443c71f8c34e331ec290d32577194769a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu4C3.tmp\button1.bmp

Filesize
29KB

MD5
fb511c9b046f29263c9e1dab9ee99781

SHA1
5fb041fa1cb2e56757ae14956cea2329467dc42c

SHA256
050e6d7b6b8083ebca0529f76e9f7c90456a5dc48db5485729e44d33dead64e5

SHA512
b3a2f07daa5fa8a78e5148b03223061a8bc2fe9e86f44ec3a7cfb83b25277d3e6472d7be70e36c202da3b1755eb276b84d134f5357c44c6a79f3f55904003cc3

Download Submit
\Program Files (x86)\ToolBox\ToolBox.exe

Filesize
5.3MB

MD5
12f3847ce5f745c701ab56dabad2cc8f

SHA1
fd9e71ee3584b3a7deb0cc819253112168b03788

SHA256
0a4ddee1c746792c627f2dff59de813b88e2ead4d8f4f1f330aca4717264ab41

SHA512
1366ed5f3b0cbb32df77f6d6c4283ef57ad36a268137dba8d52ea203b010afa81019e043a86b308a1cc3f07ff2bdc2537a89ac00d5404d4376910389a30566ed

Download Submit
\Program Files (x86)\ToolBox\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
395d39f6ec3e09c5194899434150cdf7

SHA1
abd262b486e1adc39b40dbfe012a551c732dfd69

SHA256
ecc40b2c80300b94615b450d5a97ed15ce51aa929c73da22c906ab01856f8223

SHA512
0f55725eb8609ae52c45ff7e255c3e23bff0b9e049f2f37cb4fc12841ad9f5ed8264307961cbd27031997c29ce04677b646f9c859fc629b25186ec52f735ba36

Download Submit
\Program Files (x86)\ToolBox\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
f2cd3227975bd33ae08e34221d223ca6

SHA1
26b19fd814ea86825244e7a7cf82e7eddc189895

SHA256
f88209bb4993bfbcfc9727d101a4f1ecf84649ca5fd15b264faac11daf19ac7f

SHA512
690408ba6d88ad97334a8f9012c5db5c4d46d70cd9519f1d8e9131d1044805dce992d89167ef12d0192f4e5ab079722b88700df9601c05674267fc4f8d5486e3

Download Submit
\Program Files (x86)\ToolBox\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
b178f49844a5168d29d5cce20a6303e3

SHA1
29dd5bd890addbba1d8a9aeacb68716f8208da73

SHA256
9358400795afcc41f5e748e20b139cfbb1ac976b3e460597b0b21893d647276d

SHA512
b65308d482342291069314e9f99964c3479ea41579db17d3cbe3888318bb7605ee67c11a40f14609665a419f44a61809513bddb8b3657b24a4bac16bb274664f

Download Submit
\Program Files (x86)\ToolBox\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
19KB

MD5
da1c671169dd183afca9ac76f46fd86e

SHA1
47a1bd0c45d5b87351870b8dd2122da30638ec83

SHA256
e5c2478571ab260776b547579acd847bdecac9b4b9b4590d4ac7c80135c68930

SHA512
5e6eb5525a77ac63bbae2288fecfd5712aff5c194e55d93239ae6171b8602de9d029ca725f15efb03890dff57a34c07435687e87a20839d614cc9c90fdf06f5d

Download Submit
\Program Files (x86)\ToolBox\api-ms-win-core-synch-l1-2-0.dll

Filesize
19KB

MD5
500dc43299f083fbdccd7043d8665c6f

SHA1
ad084aad23cc9e18fd4b436fb53aeff4484a7e14

SHA256
829c05601bac069db875dc89c713ee2f54b350cd5a1a96ecd1ea8ea46ac59ad5

SHA512
4b6490b9d4890b5c8d7fe2e2b31b88841f239daf6756034f14d3ded247eaece8290dc078d69e934de49ab623dcbf69c22b32a0fde72d31accef91f6c5cc496fd

Download Submit
\Program Files (x86)\ToolBox\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
c54a336fdc425291b1d972f6fbaca6c7

SHA1
ea3872c198f3f41e41dcc42cf92aabbc6540579d

SHA256
8d1f5410f8b4326876410b45fcdcabb96bea4941f71ea5b11cb6dae80e6bdd49

SHA512
abe7694493ce2e367582be1155fb5100a7840e67eb1f646dbd5360a47b430ec03634a3f1a940a8a5f555d96da0fdab66a4a2de544b847234e38b588cf597e0e9

Download Submit
\Program Files (x86)\ToolBox\api-ms-win-crt-convert-l1-1-0.dll

Filesize
22KB

MD5
6486f7508afd3ea4791ccd434c5ee39c

SHA1
071ff44f4a625ff5b0ac601efc8210648d5309bc

SHA256
82c4085866e4293759d9c9a5fed599f3fbff3abfa15f6c6ff0a8a82600592e37

SHA512
fe9d16bb25942f5b08509cdfae37c2a2846e2798142c9749b4965d244bccd65b7d7e5e6c82d73489c2c858d7313ee3f2543d3bbc4148646385ffaeb14f9b159d

Download Submit
\Program Files (x86)\ToolBox\api-ms-win-crt-environment-l1-1-0.dll

Filesize
19KB

MD5
e1c852f7771c28cea12da3084345b9a5

SHA1
5413f005fce127893c547927a4c7324ad07f1ad4

SHA256
f1634bfc7d08c588e85b6b6745084dd1b59bd5ece9fb2817243eb3b877601fdb

SHA512
46b457b05168ca2ba4efbbe4fdf3dd094c955a6494e3275508a0f98153d6432263d8cff8a07c557c713ed3005db905279581f4302398f05687655c0639d75995

Download Submit
\Program Files (x86)\ToolBox\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
20KB

MD5
c4d92c5ccf85f577b213b8f93f7db782

SHA1
94958c96a31b716c2a1d3d4f08739d7e95e100fa

SHA256
86fc8c1ed25712db755c21d3d61e597a115d5750261de443ee55a2f8d10ee640

SHA512
3a16f9f9c9def96c090286181b9a6affc8670a1781db7f57c1bfd4ee97ea9e159bc406c561f9e05bea60de41699b5539a36abcdcdffd3a9fb5aef14c9e19b200

Download Submit
\Program Files (x86)\ToolBox\api-ms-win-crt-heap-l1-1-0.dll

Filesize
19KB

MD5
c3aa45f69ceeedae8799c3c71ce4d64b

SHA1
92b24bedb8782f7b4baa73679b7f43e39dcf3b09

SHA256
4e756b8ab0e0047c838a29bc809e68945e9c10a4d054f33ee3ebd9b79546a23b

SHA512
4249079f1c4fe4b25361b73442ddd60c12651dfe5190b928a8fd97c78ca09f017420c78f714b90d043e11e17b075667617a7f9a9cf0fa8f0342e5f11cb8c2dc2

Download Submit
\Program Files (x86)\ToolBox\api-ms-win-crt-locale-l1-1-0.dll

Filesize
19KB

MD5
8f1bf32b70d388ec06393d04e16eec0a

SHA1
7b2dafe0e97d192e51d7c4bf0c7ab61319740d9e

SHA256
33f5a6d56bee34de3866587fabc5be9040d30d69638b53d0301028f113ed2613

SHA512
a03f9673861f6e42461e102f7ca6d11aac9c23648930fe5f7f6eaffc9bff19aee4ee005d20c272bf6a733ad1030ebf197bf3116ac3b055bba5621188f3f3f6ff

Download Submit
\Program Files (x86)\ToolBox\api-ms-win-crt-math-l1-1-0.dll

Filesize
29KB

MD5
c723f17218f1c0ce46c69b76783bc15a

SHA1
bc0f24d817a8641069a1f92a09ba47bd6618c46f

SHA256
6c38011a0bcf7d46fb2262029466d8fd731cf9ed9d10062c55894df68adfaa22

SHA512
135ee4afcf04793e4141c1a75f28b152a8819d3411d3221670ea160a6a9b6802128528e023cca01f6425dae1dffeccae335f7c4f0e49d04a4d7249995a0731d5

Download Submit
\Program Files (x86)\ToolBox\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
26KB

MD5
dd768ccc1b0297dfdac99029ba4ba7ab

SHA1
4086bc4920d49d99854d16b4e0c1387f75a30452

SHA256
25338fbf5d4bd5b99499bb1885867fc026e0fa61f92f876a79e5972a023f4c12

SHA512
766d03b2e8cd2f1f2f96abb779d49df77a0ca35009a86d9b9264bfb35c0a43f1edb27836084d5858bbeaecc9e4fa6b6272e688d2620f115c84401fc3ea49f7e1

Download Submit
\Program Files (x86)\ToolBox\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
23KB

MD5
da9cb6b2a96ca5f3d8ef55ef2f7165ba

SHA1
eccc29dc737032ac602bdb6da1561064dc2aec49

SHA256
057991c1da75cefbe544992d78db72ba476f6861819055aa011875abea3195cc

SHA512
580ed6a8b779b4be7380f159f2cb22b729fe6f6c30e01cd824ef34873816ac9aa4b20c62d4c611aae9e229804407e181f89b146089cabae3e1e86dbf8480ea48

Download Submit
\Program Files (x86)\ToolBox\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
24KB

MD5
5e7bdf944b1c9a987665156393680e01

SHA1
4bb997c4ecc09a76b38005431bbdf5a69b0e8aec

SHA256
daf29d2df289a7794f7e52ad2cf3644f7fdff36efe54e9771cc1a5c7467c93ae

SHA512
22af27df1d05f037e1363a4ae4dd3bd23dff82ff257d6f72acc6bd087f6f8085d2f68b35f68ea37143ec50a14fe15628ad25514a291e5c12b57dcba5a1667cac

Download Submit
\Program Files (x86)\ToolBox\api-ms-win-crt-string-l1-1-0.dll

Filesize
24KB

MD5
e27ce56b6565c66171f7fa29b240cf98

SHA1
1c1ae84e7d9d68674f3ca156dbba675dc913b5cd

SHA256
58e11bcc6ce7a7a2cad717340b7e3e31ab017e8c242b7c72cea19a2ba0c664ac

SHA512
afb75f8e8ccc8d790aa32a9a5f821532d4128fb291721b5ac0bc09a542da954cd9e32a47099bc243cdb2471528337686f3f4888ea0f1d3d4605445271121734b

Download Submit
\Program Files (x86)\ToolBox\api-ms-win-crt-time-l1-1-0.dll

Filesize
21KB

MD5
ad41d7793e8e931d6edb8fe72d70c190

SHA1
750fdf2dcc52d40be1ac6764bbd96f5ddab6ba20

SHA256
df4524b35b88023f7bc4c8741776e1b4f933fe5ebf241e1ed5230fd10205b133

SHA512
f7e81989944f15cf2e590b54bc53b934683f31f0aceb672541c1138b7654d63cc3703369c39be3ccbc49232f7ffaaf9f51fdcbbe30d77f6238e671261fcf84b5

Download Submit
\Program Files (x86)\ToolBox\api-ms-win-crt-utility-l1-1-0.dll

Filesize
19KB

MD5
371dfcd9218a52fa7a4cf2b187926b47

SHA1
a7e0726383e4caffaa8b7ae87248f5ae5a62ab7e

SHA256
7043b82592d65977d920579a2bcf695d1321515e4733ee9881cdf65ee5dc7818

SHA512
faa3e4cc6a4db7c976d1c14877f3557cafeb83547ba1a3965a292af75731307552ee0e4c3de81c59239e1d5b9ba705cc4faaf4b845232f6e33457de2d5128559

Download Submit
\Program Files (x86)\ToolBox\msvcp140.dll

Filesize
432KB

MD5
54628f77144e17530a8b8882d1789c90

SHA1
6b63d1cb13524b664330574fd7911f1f25dfad16

SHA256
21ecd8652ef68418a68dab73d01c1eb8a8b1fa7f6001f1c688ad78da8f7463d5

SHA512
61e90e751912a84c258e0a5662226e38ddb1a9fc5060cb4b257d3ec7a47569af1a0e402e77b5c8a258554504f40c373a49718c2296cede7cda64bc26dc469730

Download Submit
\Program Files (x86)\ToolBox\ucrtbase.dll

Filesize
862KB

MD5
06061c7202850986560adb7d10fdba1c

SHA1
f7242996d8370c76c1ba608c5ed5b08a043e1fe1

SHA256
27cfdf615cd83cc4e9ad0e1eda64d51e9910fb253c2332ff463e808e6bea5eeb

SHA512
481a8ca9e99684460d3fa6abc9f44d2ac1a0d3310acbe3960aedc22f9382e80e4a05509ff06f61e0ae30914aa5f3c7985423c1d0dd0644178b74b2dde6c97021

Download Submit
\Program Files (x86)\ToolBox\vcruntime140.dll

Filesize
81KB

MD5
e445c800c093efb77397825b4f5150d0

SHA1
6ee626de91b04cfece053e02abbfdc685c83c333

SHA256
1676bffca4b8f024e5f1896f9f26612028cc46fcc0a2fe408098846929f9b200

SHA512
49f4905d665701f6355ebda03bd23acaca8d76c80f698fffea61b47966184cdc83aa7f5dc2146e16e9110889ef374a024c4a0e2422f67d355cf23ed22c9bc2a2

Download Submit
\Users\Admin\AppData\Local\Temp\nsu4C3.tmp\ButtonEvent.dll

Filesize
4KB

MD5
55788069d3fa4e1daf80f3339fa86fe2

SHA1
d64e05c1879a92d5a8f9ff2fd2f1a53e1a53ae96

SHA256
d6e429a063adf637f4d19d4e2eb094d9ff27382b21a1f6dccf9284afb5ff8c7f

SHA512
d3b1eec76e571b657df444c59c48cad73a58d1a10ff463ce9f3acd07acce17d589c3396ad5bdb94da585da08d422d863ffe1de11f64298329455f6d8ee320616

Download Submit
\Users\Admin\AppData\Local\Temp\nsu4C3.tmp\FindProcDLL.dll

Filesize
31KB

MD5
83cd62eab980e3d64c131799608c8371

SHA1
5b57a6842a154997e31fab573c5754b358f5dd1c

SHA256
a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

SHA512
91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

Download Submit
\Users\Admin\AppData\Local\Temp\nsu4C3.tmp\ShellLink.dll

Filesize
4KB

MD5
aad75be0bdd1f1bac758b521c9f1d022

SHA1
5d444b8432c8834f5b5cd29225101856cebb8ecf

SHA256
d1d1642f3e70386af125ec32f41734896427811770d617729d8d5ebdf18f8aa7

SHA512
4c6e155cdf62cc8b65f3d0699c73c9032accefaa0f51e8b9a5c2f340ec8c6f5fab0ea02aad0abed476b3537292ba22d898589812850968e105ac83680d2f87d0

Download Submit
\Users\Admin\AppData\Local\Temp\nsu4C3.tmp\SkinBtn.dll

Filesize
4KB

MD5
e4ec95271ff1bcebab49bdfed6817a22

SHA1
2c03e97f4773aea80ecdb98a1482e5896fe4677b

SHA256
ee1c06692a757473737b0ebdef16f77b63afac864d0890022d905e4873737dd6

SHA512
771a527133806307a1b17b7e956d6a3c16e9bc675bf084b43204ae784a057dac2726dbf90645692876043a4e7365ba8825c167621fde4760c79cd84679e2aa3d

Download Submit
\Users\Admin\AppData\Local\Temp\nsu4C3.tmp\SkinProgress.dll

Filesize
4KB

MD5
cc037c4703d3ec257efeef2ce0a1a20e

SHA1
b3d6cc8f687a31fb2c1a5921a38de9429af20502

SHA256
888b32ecbc37ce67d4edc28d894cba0a4f4e2488cfc2212d1af011bd0bfe97ff

SHA512
120bfa0a68775bef04c1863023b0e73a41982284fb36da7f497fbb7d5ed8631ad02fa09951424d339f6fefaa90a17c12f949dd68bb33bad64b1b7cace489d2a7

Download Submit
\Users\Admin\AppData\Local\Temp\nsu4C3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsu4C3.tmp\TestDLL.dll

Filesize
388KB

MD5
281c94835476af29fb723e7db3507c9c

SHA1
8921c61eaff715b11c30050b756f0e62f59fa171

SHA256
1f04c14f43471a5a4d885275e704abcba460e06ce22a7e17c731a9aa83ea1ce1

SHA512
b9d6477e0c4ae8f563ea460b9fb5bc477c19ed82c3942eb0ea3c5fc58d8d54959121dc12eb4d1fc75892d2f0e16296c6fcce4f4c8db0de964f91d6c004081d30

Download Submit
\Users\Admin\AppData\Local\Temp\nsu4C3.tmp\nsDialogs.dll

Filesize
9KB

MD5
c10e04dd4ad4277d5adc951bb331c777

SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

Download Submit
\Users\Admin\AppData\Local\Temp\nsu4C3.tmp\nsisSlideshow.dll

Filesize
8KB

MD5
379fc69af4ffaf5cd5d0e3f6ded9376f

SHA1
e7685656d854c464a1a1299abc24177849496a54

SHA256
ef4be0f68c8ca2ea4434e9daf2b36e5443327a9b2a0fb8857c820183a757b9a4

SHA512
c8db8caed243ee80038af4a74f1898762167b952febccd9b4974d0e93938040aad9c8d53ff288aafd1e388845c3cd6ea24a13aa37f893af4b2fa63c5add091e5

Download Submit
\Users\Admin\AppData\Local\Temp\nsu4C3.tmp\progress.dll

Filesize
208KB

MD5
10d73356f0dace1ddd9be92d52577375

SHA1
c29974f2c5c5ecaffdf3cabf570a885690647155

SHA256
7d936aebee57e04338308ed8c52ce2c24e21b2978721326be3eb9e90c080834e

SHA512
4864585412734b4d0c5ae7af0c5e5fd3f70646d5ce72ba55594a2051aded0750a9f727c78a28e5f34a0f4dcc9bd0581c53e87c0144f049070c801680c9258cee

Download Submit
memory/2284-879-0x0000000001050000-0x000000000105A000-memory.dmp

Filesize
40KB

Download
memory/2284-819-0x00000000010E0000-0x000000000182B000-memory.dmp

Filesize
7.3MB

Download
memory/2284-878-0x0000000001050000-0x000000000105A000-memory.dmp

Filesize
40KB

Download
memory/2284-880-0x00000000010E0000-0x000000000182B000-memory.dmp

Filesize
7.3MB

Download
memory/2284-881-0x0000000001050000-0x000000000105A000-memory.dmp

Filesize
40KB

Download
memory/2284-882-0x0000000001050000-0x000000000105A000-memory.dmp

Filesize
40KB

Download
memory/2948-72-0x00000000022E0000-0x0000000002344000-memory.dmp

Filesize
400KB

Download
memory/2948-81-0x00000000022E0000-0x0000000002318000-memory.dmp

Filesize
224KB

Download
memory/2948-777-0x00000000022E0000-0x00000000022F0000-memory.dmp

Filesize
64KB

Download
memory/2948-866-0x0000000002560000-0x00000000025C8000-memory.dmp

Filesize
416KB

Download
memory/2948-792-0x0000000002310000-0x0000000002320000-memory.dmp

Filesize
64KB

Download
memory/2948-801-0x0000000002310000-0x0000000002320000-memory.dmp

Filesize
64KB

Download