644005919100b501e0c1430c987bfeb343917b155a42d15faa1bfa40b9fd3f96

Analysis

max time kernel
150s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 06:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

i4Tools8_v8.28_Setup_x64.exe
Size

326.7MB
MD5

4a5e338aaa8ca0057ccb196bdf12c89c
SHA1

1345ae4b716ca70b941e629c0f035d0f9d7dcd52
SHA256

644005919100b501e0c1430c987bfeb343917b155a42d15faa1bfa40b9fd3f96
SHA512

0c31c58f4e16d00d6ddb5c3ab6a60a78440b34d76412f884cc14e9f63a9dd8305ad0db58415c9f26c6acf09e9e02ecbe0d95fa57ad7459afa8266345b36a3ca5
SSDEEP

6291456:UKHHLxhHqMBuXa+doOL7TQzg1z818mgHm/iewd+oujbGj3jWZruPWURC:zHrxhHqM0XTaUSYATQQwd+oujbGj3jMT

Score

7^/10

discovery spyware stealer upx

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
2700	i4Tools8_v8.28_Setup_x64.tmp
3136	InsfInnsttallserx.exe
2168	i4Tools.exe
1468	luminati.exe
3572	WinHelp32.exe

Loads dropped DLL 64 IoCs

pid	Process
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1468-1279-0x0000000010000000-0x0000000010011000-memory.dmp	upx
behavioral2/memory/1468-1283-0x0000000010000000-0x0000000010011000-memory.dmp	upx
behavioral2/memory/1468-1282-0x0000000010000000-0x0000000010011000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\iCloudDll\iCloud_main.dll	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\cache\devices_table\is-CJS7A.tmp	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\setting.cfg.PyxRGM	i4Tools.exe
File created	C:\Program Files (x86)\i4Tools8\x64\cache\devices_table\is-T9TEL.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\translations\is-7O760.tmp	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\i4Viewer.exe	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\sqlite.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\Uninstall.exe	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\iCloudDll\api-ms-win-crt-filesystem-l1-1-0.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\iCloudDll\api-ms-win-crt-process-l1-1-0.dll	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\is-3NE5D.tmp	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\avdevice-58.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\api-ms-win-crt-utility-l1-1-0.dll	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\is-7C7AK.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\cache\devices_table\is-MOP6U.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\translations\is-KGKT3.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\files\is-2GQA5.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\itunesFlashDll\is-OQM8P.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\translations\is-F1J3I.tmp	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\api-ms-win-crt-multibyte-l1-1-0.dll	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\iCloudDll\is-SSS5M.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\itunesFlashDll\is-JE81V.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\iCloudDll\is-9FAKO.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\itunesFlashDll\is-40QRS.tmp	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\iCloudDll\CoreFoundation.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\plugins\playlistformats\qtmultimedia_m3u.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\files\inf\InfInstallerx86.exe	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\is-24BET.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\files\Openhiddenncm\iosdriver\is-4DL7F.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\files\OpenStreetMap\is-DDMPP.tmp	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\Qt5PrintSupport.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\itunesFlashDll\api-ms-win-core-profile-l1-1-0.dll	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\translations\is-70E4F.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\iCloudDll\is-MSCEQ.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\itunesFlashDll\is-CJMBJ.tmp	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\api-ms-win-core-localization-l1-2-0.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\Qt5Positioning.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\plugins\styles\qwindowsvistastyle.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\itunesFlashDll\zlib1.dll	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\iCloudDll\is-4PGQH.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\iCloudDll\is-G62S2.tmp	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\idm_jb.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\MediaInfo.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\iCloudDll\CoreText.dll	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\cache\devices_table\is-DGQG2.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\iCloudDll\is-TLHOF.tmp	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\api-ms-win-crt-runtime-l1-1-0.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\avresample-4.dll	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\translations\is-2LE7N.tmp	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\api-ms-win-crt-heap-l1-1-0.dll	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\itunesFlashDll\CFNetwork.dll	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\is-4Q082.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\files\Openhiddenncm\is-4CAJA.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\itunesFlashDll\is-IBUEI.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\plugins\imageformats\is-CD14U.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\translations\is-HP405.tmp	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\itunesFlashDll\api-ms-win-crt-string-l1-1-0.dll	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\itunesFlashDll\is-9E1V5.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\files\inf\is-9I6QH.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\files\OpenStreetMap\is-IO9GS.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\itunesFlashDll\is-78FVI.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\itunesFlashDll\is-BLGIE.tmp	i4Tools8_v8.28_Setup_x64.tmp
File created	C:\Program Files (x86)\i4Tools8\x64\cache\devices_table\is-F1CGV.tmp	i4Tools8_v8.28_Setup_x64.tmp
File opened for modification	C:\Program Files (x86)\i4Tools8\x64\itunesFlashDll\api-ms-win-core-string-l1-1-0.dll	i4Tools8_v8.28_Setup_x64.tmp

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\WinHelp32.exe	luminati.exe
File opened for modification	C:\Windows\lum_sdk32.dll	luminati.exe
File opened for modification	C:\Windows\lum_sdk32.dll.dat	luminati.exe
File created	C:\Windows\WinHelp32.exe	luminati.exe
File created	C:\Windows\lum_sdk32.dll	luminati.exe
File created	C:\Windows\lum_sdk32.dll.dat	luminati.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	i4Tools8_v8.28_Setup_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	i4Tools8_v8.28_Setup_x64.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InsfInnsttallserx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinHelp32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dllhost.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe

Modifies registry class 9 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PCi4Tools\ = "URL:PCi4Tools"	i4Tools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PCi4Tools\URL Protocol	i4Tools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PCi4Tools\DefaultIcon	i4Tools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PCi4Tools\DefaultIcon\ = "C:\\Program Files (x86)\\i4Tools8\\x64\\i4Tools.exe, 1"	i4Tools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PCi4Tools\shell	i4Tools.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PCi4Tools\shell\open\command\ = "\"C:\\Program Files (x86)\\i4Tools8\\x64\\i4Tools.exe\" /open \"%1\""	i4Tools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PCi4Tools	i4Tools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PCi4Tools\shell\open	i4Tools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PCi4Tools\shell\open\command	i4Tools.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2168	i4Tools.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2700	i4Tools8_v8.28_Setup_x64.tmp
2700	i4Tools8_v8.28_Setup_x64.tmp
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe
3136	InsfInnsttallserx.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2168	i4Tools.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2168	i4Tools.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
2700	i4Tools8_v8.28_Setup_x64.tmp
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe
2168	i4Tools.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 4192 wrote to memory of 2700	4192	i4Tools8_v8.28_Setup_x64.exe	82
PID 4192 wrote to memory of 2700	4192	i4Tools8_v8.28_Setup_x64.exe	82
PID 4192 wrote to memory of 2700	4192	i4Tools8_v8.28_Setup_x64.exe	82
PID 2700 wrote to memory of 3136	2700	i4Tools8_v8.28_Setup_x64.tmp	93
PID 2700 wrote to memory of 3136	2700	i4Tools8_v8.28_Setup_x64.tmp	93
PID 2700 wrote to memory of 3136	2700	i4Tools8_v8.28_Setup_x64.tmp	93
PID 2700 wrote to memory of 2168	2700	i4Tools8_v8.28_Setup_x64.tmp	94
PID 2700 wrote to memory of 2168	2700	i4Tools8_v8.28_Setup_x64.tmp	94
PID 3572 wrote to memory of 4488	3572	WinHelp32.exe	102
PID 3572 wrote to memory of 4488	3572	WinHelp32.exe	102
PID 3572 wrote to memory of 4488	3572	WinHelp32.exe	102
PID 3572 wrote to memory of 4488	3572	WinHelp32.exe	102
PID 4488 wrote to memory of 228	4488	svchost.exe	103
PID 4488 wrote to memory of 228	4488	svchost.exe	103
PID 4488 wrote to memory of 228	4488	svchost.exe	103
PID 4488 wrote to memory of 228	4488	svchost.exe	103

C:\Users\Admin\AppData\Local\Temp\i4Tools8_v8.28_Setup_x64.exe
"C:\Users\Admin\AppData\Local\Temp\i4Tools8_v8.28_Setup_x64.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4192
- C:\Users\Admin\AppData\Local\Temp\is-4QJNH.tmp\i4Tools8_v8.28_Setup_x64.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-4QJNH.tmp\i4Tools8_v8.28_Setup_x64.tmp" /SL5="$8006E,341696849,914944,C:\Users\Admin\AppData\Local\Temp\i4Tools8_v8.28_Setup_x64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2700
- - C:\Program Files (x86)\i4Tools8\x64\files\inf\InsfInnsttallserx.exe
    "C:\Program Files (x86)\i4Tools8\x64\files\inf\InsfInnsttallserx.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3136
- - C:\Program Files (x86)\i4Tools8\x64\i4Tools.exe
    "C:\Program Files (x86)\i4Tools8\x64\i4Tools.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Modifies registry class
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:2168

C:\Windows\system32\cmd.exe
cmd /c copy C:\Windows\temp\240659765 C:\luminati.exe
1⤵
PID:2612

C:\Windows\system32\cmd.exe
cmd /c copy C:\Windows\temp\240659875 C:\lum_sdk32.dll
1⤵
PID:720

C:\Windows\system32\cmd.exe
cmd /c copy C:\Windows\temp\240659984 C:\lum_sdk32.dll.dat
1⤵
PID:2380

C:\luminati.exe
C:\luminati.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:1468

C:\Windows\WinHelp32.exe
C:\Windows\WinHelp32.exe -svc
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3572
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\SysWOW64\svchost.exe -k netsvcs
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of WriteProcessMemory
  PID:4488
- - C:\Windows\SysWOW64\dllhost.exe
    C:\Windows\SysWOW64\dllhost.exe -ks
    3⤵
    - System Location Discovery: System Language Discovery
    PID:228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\i4Tools8\x64\Qt5Concurrent.dll

Filesize
48KB

MD5
635c8a9fef0344f0fb863473eca2b676

SHA1
bce37a018a3fee33bdf074610ff07a5101fc54f9

SHA256
9f1277abbbbcdedad6539edaac8fbe2c68b279dda050102d907a8bbd2375854d

SHA512
028fc5eea3fd2301eeb2195a6bc8fc7bd877c2d71de2a2378cd4f3137a9082eb8efcdaa40bafe461d8b44c03d5d46c0ba0e1068155042fef8ef955d4fe0af545

Download Submit
C:\Program Files (x86)\i4Tools8\x64\Qt5Core.dll

Filesize
5.4MB

MD5
97314786a675b0d6865f2a051655dda8

SHA1
f2917109d31e40bf4149812d43362908ed902957

SHA256
1f32c5cf6f94d713fbcb2951d5cca53a8243f2a55e21e0d9ff7345c41d0b5b27

SHA512
859290d82416ddbabf701d2a4b86800f6ad6dc5caf0e71efdc12ac80ad513e75d1b016f52230a282dee469af0ab78085403481582d93a9ccaec4cc855e3fcd1a

Download Submit
C:\Program Files (x86)\i4Tools8\x64\Qt5Gui.dll

Filesize
6.5MB

MD5
5f906f20cb96ff6051f18ffe2b1eaec8

SHA1
04c6e66336240882ed8f374714309ad55284a013

SHA256
bef361410e670810cad185e900573ca2135632e8dd94b5cbebc1aa4c43d41f58

SHA512
053a6e06cc8db08880c137ed61844a8f4622cea6529e52d4108102b086233842b6bb58660e552ace8bf2e5e122461ba0dde7d9364ee799f659b1489700a7da43

Download Submit
C:\Program Files (x86)\i4Tools8\x64\Qt5Multimedia.dll

Filesize
749KB

MD5
454c90bb797ba2f83c37017762d981be

SHA1
b917413c0efd09f668b9dcb19df9d9bf00035028

SHA256
9517566d624b17d194a9e83ad00d4e9338a2e4aae33758b83ca74c44f6de364e

SHA512
b90dacf9fa5e495d50e388ae00a2e5d2961ee7d84f197f2d3ec12c153c1b3009741b3297015a5e67fe981f77d586e3af25d140469f9dda666f340b0cfc6a94f3

Download Submit
C:\Program Files (x86)\i4Tools8\x64\Qt5Network.dll

Filesize
1.3MB

MD5
d274fd1778618b6728e3150226ea5650

SHA1
ec721c9fb6f9af2b20942ec281b98fadc576b548

SHA256
6402c9bd3f2631cf62f7258f7fd92a595e9aa5fe40e8cd05ed1f29836ab79260

SHA512
4494d9c4b3cf5fef045e51576c3e722e3d8a9c231b213125b6c6800549625505544b186bd2664d5c6967cdbdbfb271bc14ba9047e6805423a5c29401cab2352a

Download Submit
C:\Program Files (x86)\i4Tools8\x64\Qt5PrintSupport.dll

Filesize
325KB

MD5
a0b6ab00b356bb805decc1ff483c3122

SHA1
f411deb03a9c2f54845390690e8921f51b4c9834

SHA256
bcdae7ad673e56a3011e3a75d6b6719b31ba1d5218fe306d61e7ac0ef607c66e

SHA512
6f78f2f45613dba72ea3d5fb9bc5a5c3e3bee851e7ae0d2fcc1d9e5dcc5ef2dc6aebd303149101bf085ffa719fe20ee76eb30061a7645b5ff09abe4ea3b41400

Download Submit
C:\Program Files (x86)\i4Tools8\x64\Qt5Quick.dll

Filesize
3.9MB

MD5
07813f464732876f1b19a1ead043edc6

SHA1
19bdabe7faf1cd2832bd624d2584e8a2e6e9334b

SHA256
2481d3a832dc8680979375a52c108e7a2242b535cd7889f9c4b5225ea4a98fa9

SHA512
c1500e901d82004d3fa79b5cf64e2170aae9696bc1227bd191163a3116d8b796d6e329b90fb98a589a8b68822684365ce00aab66c1c113353c4048b661da0b78

Download Submit
C:\Program Files (x86)\i4Tools8\x64\Qt5Svg.dll

Filesize
341KB

MD5
e12e5408569d1b0b1cf7a40ce2e82488

SHA1
965127ddea66aa4fcfc3ce25ae19b7ab191040c9

SHA256
0bff053f9d667cca85b629f51de4878366927471263c66bd8cba63c17ec0646b

SHA512
51a75c262ac38a124d4890984020df8f47ee9da14cd9b2389f2eb4502c1c5580dcd52ae75c9fc97859550d47dcfa22bb3822f0dd4c3f3850dce2decd2b1f976e

Download Submit
C:\Program Files (x86)\i4Tools8\x64\Qt5WebEngineWidgets.dll

Filesize
259KB

MD5
774597723fe453e6f5a10335faf8dbc7

SHA1
988936bccab375ed7b5db2e9280cf2173530a9e8

SHA256
9f7055da4d061d0c9e1a9541ab92c164431a8ffa08333d4379c33e853969514f

SHA512
18a3e1382163595e5e312049e8c50ea72464b1bd8a875fbeb754269fd180ce8113d5255d963be56bb4d44cea5e7ee3e6111f6f9827a3c3c603fd05dab7edbdc7

Download Submit
C:\Program Files (x86)\i4Tools8\x64\Qt5Widgets.dll

Filesize
5.2MB

MD5
9851d7c86caade06f5f8091a3d836fdb

SHA1
d1b448255bc8060fec2b1c80d5c68f76e8a4ddf3

SHA256
b8ea57c9ba4f9b2652d5fce08feb910cc2887f4586b50b3382964d63c008c477

SHA512
0112e8d1a97b30a7a075ab257321620eebb7f80f20a221db87a42c3d2bc1b23eb92405d0183e7d929c5345e33cb9e7b17a50330c5268b2c2151197283a5a9d2a

Download Submit
C:\Program Files (x86)\i4Tools8\x64\Qt5Xml.dll

Filesize
227KB

MD5
b41893fee5d200fd9a4455f2a62f6fce

SHA1
77038e1615f5d965b8257bcb31b674f621c8951f

SHA256
6591c0fd9402e9dc501bf555c39f0ff91b5f9427d68a30d962bbe5c346253ada

SHA512
afde2a414bbc0e016896ff2063edc5f8555577988bcbee8ca600f714dad64c583f2e52fb21a7474a098adb9d54c1188e3ff21eec71420b6dd0fe9efc7aa19286

Download Submit
C:\Program Files (x86)\i4Tools8\x64\cache\devices_table\is-CER30.tmp

Filesize
25KB

MD5
c620224de82cfff68c96f7b16e4e91de

SHA1
82d2ca6f0e54c8468f543b57a302abee602c1f20

SHA256
baee673cb16257c076c884bc0314eb5e3eb31b6d799d78cb47310adfbe114c46

SHA512
593afcda4a7275357c39749e7cb8f9f1ad868797e1423a30f79fb982009be9900bbcaaa8277cbd16ba57cb81d48c236acc83a74e5d0a4a1b869d17f2457628ee

Download Submit
C:\Program Files (x86)\i4Tools8\x64\cache\hometmp\1727574373789.jpg

Filesize
163KB

MD5
5a6e2fa8a7d9f1d84a6b7910e9c80b90

SHA1
ad2449fa201d64b6274d64707c9a2c9d7eb50e8f

SHA256
4a65879b1f09c2e83955179a86bb197d52763ae445a263a23946c7da53598b80

SHA512
677945b845af935e89f5f6a4ef6cf86c687de84591c8ed36d004857ef0e1c3dbac1639ca8e9cca20183b62ed1156c3873dbf325b46792180da05020566a5f9ab

Download Submit
C:\Program Files (x86)\i4Tools8\x64\ffmpegCore.dll

Filesize
298KB

MD5
6e9a1ba44c37fab0e02afdce7705b227

SHA1
03d72044717db781da3fc85b8f21f6811d0cefa0

SHA256
a51e80f626a85fc3f391e6c3d46d62c980af225954e4f4b5cf7e2ef0b1b75932

SHA512
7566cae2200f4083e8cb9af292ac1c7922ac44b63b8b7f43be976183f5d68c7c4e8142c4c905336c9825c0eb8aca76fd71b5d124b0e6275963d9cc5a7346937e

Download Submit
C:\Program Files (x86)\i4Tools8\x64\files\inf\InsfInnsttallserx.exe

Filesize
95KB

MD5
d0f23e47419a7f1b22197fc1ffb03e39

SHA1
19f60304ceeee3302bc8e4cf755ecffa8ef97056

SHA256
a6402ac7b177d0947396e1aef8b39377e07b65f8cc510e6d137725fe723e32e6

SHA512
3768e163fa02e6e27defeb7cf520a8e7f6386d5f4b93dddb08d870da8a6b289d3e25f184904bbf7b92059d2aef6061f501a503e5752f13678ededada07212023

Download Submit
C:\Program Files (x86)\i4Tools8\x64\files\inf\VCRUNTIME140.dll

Filesize
78KB

MD5
1b171f9a428c44acf85f89989007c328

SHA1
6f25a874d6cbf8158cb7c491dcedaa81ceaebbae

SHA256
9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c

SHA512
99a06770eea07f36abc4ae0cecb2ae13c3acb362b38b731c3baed045bf76ea6b61efe4089cd2efac27701e9443388322365bdb039cd388987b24d4a43c973bd1

Download Submit
C:\Program Files (x86)\i4Tools8\x64\files\inf\python36.dll

Filesize
952KB

MD5
7c16c4cdb95654421fa11265380e17bd

SHA1
fd1d4472d22ffe350db8b1c7e9c1494fda011e86

SHA256
9574cdf6890cff714b5d994bcdfea20ff5f3d26b6496a75e83e02c7593d58a1c

SHA512
967f82da0aea556b41db4970971b565c4faabdcd75050184b1d76dbc0343552478e089eff741976ee78307f0231c67bc65f36d4a5dae0671bcd2d7d6a94f17b2

Download Submit
C:\Program Files (x86)\i4Tools8\x64\i4Tools.exe

Filesize
13.4MB

MD5
5736f450d9591a7d45fa1d6c5059b910

SHA1
8a628053b70fa250a87a43bc6d3933f586ac9530

SHA256
27fdd8b1bc9fa685d243129234e5e161e3bb45737e68dd6cef90258aa8617c59

SHA512
975353c84606f191f8f1267e2ffac62baa81f88a54a98c011d05bb1b9b226023a4c71cf5a60f22f7b111b8ff592c59d6ce9aac462ad4404448c62eac7576aab9

Download Submit
C:\Program Files (x86)\i4Tools8\x64\idm_aia.dll

Filesize
125KB

MD5
b1dc20d014f502a7ddd81c369e075c2b

SHA1
a44211aad2bc12d4c93f6e57c893572baa7a4677

SHA256
706bb25be4e043448174dfea9695d89437bcd71f7ed047705d9a355684e4d41d

SHA512
8c5e10ca87a39139543b5a1ae7756f0d03b285807a0392ddd06bc48cf820d4b1eb384cb781056b8e79549e1aba3aeacad1f86fc040c0377740ea854481d18af9

Download Submit
C:\Program Files (x86)\i4Tools8\x64\idm_app.dll

Filesize
145KB

MD5
092f7e7f426dba0703345d34645fda72

SHA1
59498dd12aa4c2db38cce7d92804a48842c4f394

SHA256
edec291f3ff81b0428068b2674b5a48c9dc5440e438e9879317e7eade362a260

SHA512
05fef7eb70ed7c6a42672b993bac8375b3ae006081b110bacdbe2ace96a96de66350dc65a3b5499413383f23df007871679a796f0dff7041180a8048191ee519

Download Submit
C:\Program Files (x86)\i4Tools8\x64\idm_backup.dll

Filesize
160KB

MD5
11826abe62f0c4477e1049d5ee97365b

SHA1
20335b944be9d7c02b1bb6706996d6d00a287d2f

SHA256
76602bfce846a963d1de7150548e5c6b09b9dbb479e5ef903153feacc015e581

SHA512
adb19ae45b2cf3c7a358d68903e8a16aed8c394c95d6df6bd63855a35916cfb5e2dbf418d9086a6a2a36c670ef042ab3f3446801eca3766fe5b5e245744fc849

Download Submit
C:\Program Files (x86)\i4Tools8\x64\idm_datamgr.dll

Filesize
128KB

MD5
2a22d843fb59e063c4d700a30649a99b

SHA1
b89a65640c0f47a0974b7095161bce223d59185e

SHA256
5314b45edc6dd137aaba42a2e23ca5d14a60d31e40f610f1e257c77e50a718bc

SHA512
d2e02775f4dc6886deda1ec26ad0d387b7b8e242f345e5e65f9784459c7e06f3c100ebc5945fc725ad5b563e129e11ce7404bfed60d2302d88a90d432c17bc4f

Download Submit
C:\Program Files (x86)\i4Tools8\x64\idm_fm.dll

Filesize
94KB

MD5
64a9739ea7a4d1262f28a33aea103531

SHA1
c145a89c8e2c47ab37503dc43ba34da1d42a3d71

SHA256
9a8cb9b9fc53b3ab34ab49c9e192b8659db208287a37b198de903f14e9d8e72b

SHA512
be5857f2e4b92d750e84623cb4dff3d965b2eef6961610a240d9e2336dca2e028a10a722cb2a5150c9629375e40bd5261778a0ae259c87ed8f13cf64021b12d6

Download Submit
C:\Program Files (x86)\i4Tools8\x64\idm_info.dll

Filesize
217KB

MD5
627d27d3521cc519ca0298d8572a6c14

SHA1
b920289ba0af3a45de0acc290bc609fc7d453e56

SHA256
e664ea3897bfbc4e443cb67fcbf66db0f738dd5b33898742039be672877457ec

SHA512
2009a52580f1c7c258acbeef2294127fd1fc14c9f5a414d976a576c9a800c4761b9cc5fffd0bbff6b146918a34d2f0754e44480fcc3bd7746af3a2cdfb9608fc

Download Submit
C:\Program Files (x86)\i4Tools8\x64\idm_jb.dll

Filesize
111KB

MD5
8c1466d635e33c87f512170eab129487

SHA1
c585f855e1861d82262b36f1e68468cc9dd04028

SHA256
1d92004fafbc765354487e4096478d7b4524fb7f7dacdd809ebb2547b09c0dfd

SHA512
7d3ad34eff8b9d7455d0170f58619881106f7e5a3a87619d4a1db8db9589fa627bcbb7b2b7c47dd2170873dcd1144b64c68bca000c2f6ad0759575fa8a13db70

Download Submit
C:\Program Files (x86)\i4Tools8\x64\idm_media.dll

Filesize
164KB

MD5
826425da9bab453838205abec3813997

SHA1
05d1543f4577f81c9a09b9a6f8c3cfa868b94e88

SHA256
7a84d62b4238cb8c4029c79643761696b6f6d98fa8db866ebf069bf2b104ebd2

SHA512
1e4ee56c3780f99afc914b2e4850f13c652b9d2facdec3f3844f2b00387c2e3c1c054ff6793fdf8548093d03d95cb89a1617d7caaf8dd98711c84b74390a543a

Download Submit
C:\Program Files (x86)\i4Tools8\x64\idm_other.dll

Filesize
201KB

MD5
73c84778ee4d69a8cca3aa931ee34bca

SHA1
dd09317459554852a3bd034fa6be6f0d62147137

SHA256
9a9a83523b3b7ce4f4b81ce9943050b1a27a8ef753d76d2780df8bd6621a9655

SHA512
d027a70d0e89005b6d3adefc5937835811993ffbf9c228577030854bf97a39dc241ce7e33bf0f199d66ccb0b0385cbdf327090e7767168b0389b3e36d6cacba5

Download Submit
C:\Program Files (x86)\i4Tools8\x64\idm_sync.dll

Filesize
89KB

MD5
6541282fa615268aab28aa33f9a2bb1b

SHA1
5fbb7e47bf3049c174acd5e7de1f52873a7a42b4

SHA256
1d31bf493faec6f6c3d0b862d17815305483168397ab88c84bd8ce5984e92a6d

SHA512
9f8822961419d06470e4247b2b14bb87bb0f951268deb6542c40306ba5bb1050362077fbf4b361f5575d45375f916293d91cf005a50668a449b66f7ffe371c16

Download Submit
C:\Program Files (x86)\i4Tools8\x64\libcjpeg.dll

Filesize
578KB

MD5
1b5f824c31c3506174a917d686fee18d

SHA1
2dec59e11334c4cd30a453b92207e618e1309254

SHA256
7aaab4d7ee4bebd0e4cb960c08ac47c34a806e3a31c1054717df3839cc2504d5

SHA512
197c95b996ee9c9f9ac94c1db27ac570683b1002052af52a6d06f424f7dc95fd50a77577e9db56d78b9b4d2ea8949ddeb42da364fca75cf06b514e1d38db07cb

Download Submit
C:\Program Files (x86)\i4Tools8\x64\libcurl.dll

Filesize
460KB

MD5
37d455c977f989c9e444e9fec4a245c2

SHA1
53d8a2a706b10e133953e5e14ea85f888cc4d865

SHA256
9649971273d00701bd4c51ac0a412a3f8e2ab7faf33241134deb9bc41a1a1ec3

SHA512
f902b1cc0cfcde8b80ae126cef461e9af9a814a36653df59a46833ca54c3eb699320f7bf2753498db94d2d8c590c4535a4b958397e491e6433f3c2b904d134d2

Download Submit
C:\Program Files (x86)\i4Tools8\x64\libhpdf.dll

Filesize
769KB

MD5
c6e3c689e729e8a3f7c5cb15e4b17092

SHA1
4cefea15563c5d40dc059e208c43e2d0eea24544

SHA256
398ad7f4baf7d0f47123114b1a913b8cfeb5b7553d6af1ef5ea9a4298a698874

SHA512
7729447d158bc4c45d104ffed51886c137fe01675f0eaaa9db4c11b697e2eb0108af01de64f0d3f1134a3a538e781135b183d95f7d330482973e25fe415bed48

Download Submit
C:\Program Files (x86)\i4Tools8\x64\msvcp140.dll

Filesize
571KB

MD5
5cde3aed10412762e83b7fe43694a22b

SHA1
4ffcdf063eafc901105836c27a634530ea614755

SHA256
10ddff48d704c6007e4c2d53fb4856b5e5e79479503366236246a323aaa76e9d

SHA512
fcd7bc262e7bbcbbac9258e31b8d62efb2e601ac1fffac4c86819c8f2aed26fc19403d992a57d48ec92752b2a0a8b04e8204423d6077c7800ea4015f016faa23

Download Submit
C:\Program Files (x86)\i4Tools8\x64\setting.cfg

Filesize
305B

MD5
96e1adac188dcb75b19e6c1bc2ef8ffa

SHA1
5a5ec225028489440bbcea09ab5c5db8d7d67b67

SHA256
ff63635229bf97c66d38955eedec961c6a26efee7e10a85f26901244110d9f4b

SHA512
f30be96c3c9a87f686efe6b1f31e29f97ed3d9f77198b1c421dcebe2f9edcb1d76315fdaf0c70ba4a207daa5363159d20e2faf0235bc74fd9b0c8ae1e20e21c5

Download Submit
C:\Program Files (x86)\i4Tools8\x64\setting.cfg.lock

Filesize
60B

MD5
36956c35ac5d264290761b50c94a3c6b

SHA1
3b43d43ca772b7f7d8197d5449084f1ed12d014a

SHA256
020df25cc3cdddd7fcb2e7ad22dcb762c436904c6544d63abb483b202fabf8be

SHA512
41f2eaf0f3cbbb2f804f3a2a87568afd98a514d4c988f1e0cc7c17d648c1258e6737af038c4bd93736ffe1ba12fa9c0ca8ab2f8b7b590ba36aef2a35bce98d6f

Download Submit
C:\Program Files (x86)\i4Tools8\x64\translations\is-7O760.tmp

Filesize
16B

MD5
bcebcf42735c6849bdecbb77451021dd

SHA1
4884fd9af6890647b7af1aefa57f38cca49ad899

SHA256
9959b510b15d18937848ad13007e30459d2e993c67e564badbfc18f935695c85

SHA512
f951b511ffb1a6b94b1bcae9df26b41b2ff829560583d7c83e70279d1b5304bde299b3679d863cad6bb79d0beda524fc195b7f054ecf11d2090037526b451b78

Download Submit
C:\Program Files (x86)\i4Tools8\x64\zlib.dll

Filesize
136KB

MD5
3ff5f56337f401c32047b0c1394c50ca

SHA1
9d9de9a01bcb1d0f6d523cd814259631285a447c

SHA256
ff1b2ebbe048827ee852e3e7290507d979a1ffab1e5937f64b0b915f4e943721

SHA512
73d00342283e74d2aa8cc436651145938ff65b38ecd8746f34c44df140a84f084b1fa470c18b68efe129f75d1480eb1aff37425795d1e82f163d6f1468f7e4f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4QJNH.tmp\i4Tools8_v8.28_Setup_x64.tmp

Filesize
2.6MB

MD5
90731cb2e8ea483cce3bf7eb2f1ef5b8

SHA1
6894582c1bd8603248f6780b15f537ee400af7f0

SHA256
5393fc612e69e55bce34d48d419777d9b0b0a7220440a3444e4ac4a0ad9c8727

SHA512
86a497f4bac1d8eb9ba1eff526f1e51eb90db83f128546651d16b3a17c054c62ca1c2f33b0fcb30915b069acdee9dc64c53320d55ab73372708008d89e0def70

Download Submit
C:\Windows\WinHelp32.exe

Filesize
199KB

MD5
7f35e75ef4b13631c6f2355a48467613

SHA1
8564cf0e105d0ab6d27dc879f77761152007204b

SHA256
28e9f726bf8c2710ff3c40b50fdb9d5ec2a60c0174e86d1d4e1960fd4db1bfde

SHA512
53bd5b2a6a3f1722d93c111381cd48140a8ff8d316d566297dc271b3a983febeb7bea3683c7f789b0455c234b1f0c7ee1374dc4109bb10f9b0c3f65c22bc2be8

Download Submit
C:\Windows\lum_sdk32.dll

Filesize
329KB

MD5
05d525320399f2a9e058cba5c5770345

SHA1
b83500d3664bc0524ac18dac9378e8ffd3dc1bb8

SHA256
9d2ec7782b85ae7c0a16f0f3ce61b3eb3e2ffec72325d8fee2c8103f69601d6b

SHA512
d1928fdc2eb7d4a6e4c2023b6bb9384b6ab70cdc9a54be69eded99b5c7e984acb777394886cd8c7e44a0e21972e7357d0cc6e2a2e40a40b812bf93ccff0bf80d

Download Submit
C:\Windows\lum_sdk32.dll.dat

Filesize
29KB

MD5
16453b46b2bc6d0159208ea75385da93

SHA1
45126df359f06e4489a87099a37345e3369a8201

SHA256
87ba524c8c614bf71432168452b7335d10d515fa98ce1c943de5e78da3796ca8

SHA512
d73f5e44b13c07083abe2746efcd994fbb0569119aade6bff1fc9df86679d2e36ff26e84f8f7fbfa572d248584b6f3113436aaa8eb75246204c7266bb99a390e

Download Submit
memory/1468-1276-0x00000000730B0000-0x0000000073101000-memory.dmp

Filesize
324KB

Download
memory/1468-1278-0x0000000000DF0000-0x0000000000DF8000-memory.dmp

Filesize
32KB

Download
memory/1468-1307-0x00000000006A0000-0x00000000006D0000-memory.dmp

Filesize
192KB

Download
memory/1468-1310-0x00000000730B0000-0x0000000073101000-memory.dmp

Filesize
324KB

Download
memory/1468-1282-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/1468-1283-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/1468-1279-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/2168-1258-0x00007FF7CC280000-0x00007FF7CCFE9000-memory.dmp

Filesize
13.4MB

Download
memory/2168-1257-0x00007FF99D840000-0x00007FF99DD7D000-memory.dmp

Filesize
5.2MB

Download
memory/2168-1256-0x00007FF99D390000-0x00007FF99D780000-memory.dmp

Filesize
3.9MB

Download
memory/2168-1291-0x00007FF9976B0000-0x00007FF9976DA000-memory.dmp

Filesize
168KB

Download
memory/2700-6-0x0000000000400000-0x00000000006AC000-memory.dmp

Filesize
2.7MB

Download
memory/2700-1319-0x0000000000400000-0x00000000006AC000-memory.dmp

Filesize
2.7MB

Download
memory/2700-10-0x0000000000400000-0x00000000006AC000-memory.dmp

Filesize
2.7MB

Download
memory/2700-355-0x0000000000400000-0x00000000006AC000-memory.dmp

Filesize
2.7MB

Download
memory/2700-671-0x0000000000400000-0x00000000006AC000-memory.dmp

Filesize
2.7MB

Download
memory/2700-1277-0x0000000000400000-0x00000000006AC000-memory.dmp

Filesize
2.7MB

Download
memory/2700-9-0x0000000000400000-0x00000000006AC000-memory.dmp

Filesize
2.7MB

Download
memory/3136-1260-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download
memory/3136-1259-0x0000000000A50000-0x0000000000A51000-memory.dmp

Filesize
4KB

Download
memory/3572-1300-0x0000000072BD0000-0x0000000072C21000-memory.dmp

Filesize
324KB

Download
memory/3572-1290-0x0000000072BD0000-0x0000000072C21000-memory.dmp

Filesize
324KB

Download
memory/4192-1320-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/4192-0-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/4192-8-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/4192-2-0x0000000000401000-0x00000000004A8000-memory.dmp

Filesize
668KB

Download