babadeda | 595e1545c53d27fb1315e70b241e66f44b28a49be59a717ca4936d167e121470

Analysis

max time kernel
146s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-en-20220112
submitted
09-03-2022 20:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

686b40dcb167653cb7a8463928c26af1.exe
Size

9.5MB
MD5

686b40dcb167653cb7a8463928c26af1
SHA1

d6146b6fdf516223735e4e881fa797432dff3923
SHA256

595e1545c53d27fb1315e70b241e66f44b28a49be59a717ca4936d167e121470
SHA512

c40d9c17e1b6d1100425b15d0f800562579b935a83e1c9b8f4099d8a4262b7287f545f4c0a00ab040c92e239fe946416242461dd712d4cb63deca5f651558f8f

Score

10^/10

babadeda systembc crypter loader trojan

Malware Config

Extracted

Family

systembc

5.101.78.2:4127

192.53.123.202:4127

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 3 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\asp	family_babadeda
behavioral2/memory/2852-164-0x0000000004880000-0x0000000008A80000-memory.dmp	family_babadeda
behavioral2/memory/3784-178-0x00000000025F0000-0x00000000067F0000-memory.dmp	family_babadeda

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc
Executes dropped EXE 5 IoCs

Processes:

686b40dcb167653cb7a8463928c26af1.tmp686b40dcb167653cb7a8463928c26af1.tmptracegen.exePDapp.exePDapp.exe

pid process

3704 686b40dcb167653cb7a8463928c26af1.tmp
652 686b40dcb167653cb7a8463928c26af1.tmp
620 tracegen.exe
2852 PDapp.exe
3784 PDapp.exe

pid	process
3704	686b40dcb167653cb7a8463928c26af1.tmp
652	686b40dcb167653cb7a8463928c26af1.tmp
620	tracegen.exe
2852	PDapp.exe
3784	PDapp.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

686b40dcb167653cb7a8463928c26af1.tmp686b40dcb167653cb7a8463928c26af1.tmp

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Control Panel\International\Geo\Nation	686b40dcb167653cb7a8463928c26af1.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Control Panel\International\Geo\Nation	686b40dcb167653cb7a8463928c26af1.tmp

Loads dropped DLL 16 IoCs

Processes:

PDapp.exePDapp.exe

pid	process
2852	PDapp.exe
2852	PDapp.exe
2852	PDapp.exe
2852	PDapp.exe
2852	PDapp.exe
2852	PDapp.exe
2852	PDapp.exe
2852	PDapp.exe
2852	PDapp.exe
3784	PDapp.exe
3784	PDapp.exe
3784	PDapp.exe
3784	PDapp.exe
3784	PDapp.exe
3784	PDapp.exe
3784	PDapp.exe

Drops file in Windows directory 2 IoCs

Processes:

PDapp.exe

description ioc process

File created C:\Windows\Tasks\wow64.job PDapp.exe
File opened for modification C:\Windows\Tasks\wow64.job PDapp.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

686b40dcb167653cb7a8463928c26af1.tmp

pid process

652 686b40dcb167653cb7a8463928c26af1.tmp
652 686b40dcb167653cb7a8463928c26af1.tmp
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 3448 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 3448 AUDIODG.EXE
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

686b40dcb167653cb7a8463928c26af1.tmp

pid process

652 686b40dcb167653cb7a8463928c26af1.tmp

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	PDapp.exe
File opened for modification	C:\Windows\Tasks\wow64.job	PDapp.exe

pid	process
652	686b40dcb167653cb7a8463928c26af1.tmp
652	686b40dcb167653cb7a8463928c26af1.tmp

description	pid	process
Token: 33	3448	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3448	AUDIODG.EXE

pid	process
652	686b40dcb167653cb7a8463928c26af1.tmp

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

686b40dcb167653cb7a8463928c26af1.exe686b40dcb167653cb7a8463928c26af1.tmp686b40dcb167653cb7a8463928c26af1.exe686b40dcb167653cb7a8463928c26af1.tmp

description	pid	process	target process
PID 2952 wrote to memory of 3704	2952	686b40dcb167653cb7a8463928c26af1.exe	686b40dcb167653cb7a8463928c26af1.tmp
PID 2952 wrote to memory of 3704	2952	686b40dcb167653cb7a8463928c26af1.exe	686b40dcb167653cb7a8463928c26af1.tmp
PID 2952 wrote to memory of 3704	2952	686b40dcb167653cb7a8463928c26af1.exe	686b40dcb167653cb7a8463928c26af1.tmp
PID 3704 wrote to memory of 2028	3704	686b40dcb167653cb7a8463928c26af1.tmp	686b40dcb167653cb7a8463928c26af1.exe
PID 3704 wrote to memory of 2028	3704	686b40dcb167653cb7a8463928c26af1.tmp	686b40dcb167653cb7a8463928c26af1.exe
PID 3704 wrote to memory of 2028	3704	686b40dcb167653cb7a8463928c26af1.tmp	686b40dcb167653cb7a8463928c26af1.exe
PID 2028 wrote to memory of 652	2028	686b40dcb167653cb7a8463928c26af1.exe	686b40dcb167653cb7a8463928c26af1.tmp
PID 2028 wrote to memory of 652	2028	686b40dcb167653cb7a8463928c26af1.exe	686b40dcb167653cb7a8463928c26af1.tmp
PID 2028 wrote to memory of 652	2028	686b40dcb167653cb7a8463928c26af1.exe	686b40dcb167653cb7a8463928c26af1.tmp
PID 652 wrote to memory of 620	652	686b40dcb167653cb7a8463928c26af1.tmp	tracegen.exe
PID 652 wrote to memory of 620	652	686b40dcb167653cb7a8463928c26af1.tmp	tracegen.exe
PID 652 wrote to memory of 620	652	686b40dcb167653cb7a8463928c26af1.tmp	tracegen.exe
PID 652 wrote to memory of 2852	652	686b40dcb167653cb7a8463928c26af1.tmp	PDapp.exe
PID 652 wrote to memory of 2852	652	686b40dcb167653cb7a8463928c26af1.tmp	PDapp.exe
PID 652 wrote to memory of 2852	652	686b40dcb167653cb7a8463928c26af1.tmp	PDapp.exe

C:\Users\Admin\AppData\Local\Temp\686b40dcb167653cb7a8463928c26af1.exe
"C:\Users\Admin\AppData\Local\Temp\686b40dcb167653cb7a8463928c26af1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2952

C:\Users\Admin\AppData\Local\Temp\is-OEDAI.tmp\686b40dcb167653cb7a8463928c26af1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-OEDAI.tmp\686b40dcb167653cb7a8463928c26af1.tmp" /SL5="$50116,9084029,780800,C:\Users\Admin\AppData\Local\Temp\686b40dcb167653cb7a8463928c26af1.exe"
2⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3704

C:\Users\Admin\AppData\Local\Temp\686b40dcb167653cb7a8463928c26af1.exe
"C:\Users\Admin\AppData\Local\Temp\686b40dcb167653cb7a8463928c26af1.exe" /VERYSILENT
3⤵
- Suspicious use of WriteProcessMemory
PID:2028

C:\Users\Admin\AppData\Local\Temp\is-JCBE9.tmp\686b40dcb167653cb7a8463928c26af1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-JCBE9.tmp\686b40dcb167653cb7a8463928c26af1.tmp" /SL5="$E002A,9084029,780800,C:\Users\Admin\AppData\Local\Temp\686b40dcb167653cb7a8463928c26af1.exe" /VERYSILENT
4⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:652

C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\tracegen.exe
"C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\tracegen.exe"
5⤵
- Executes dropped EXE
PID:620

C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\PDapp.exe
"C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\PDapp.exe"
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
PID:2852

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x4fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3448

C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\PDapp.exe
"C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\PDapp.exe" start
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3784

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-JCBE9.tmp\686b40dcb167653cb7a8463928c26af1.tmp
MD5
681f67c011ee0ac7fd112ed351fc07db

SHA1
cc02d9564dc3e29faf3e4945567d2ce6612d1f8c

SHA256
69d2e938368d9dc2fe5ae956d49ed1005dc4bb18b878cf2e55a0931c7a5eb003

SHA512
c2011f82d2bdb135b7db862cf89298df424a6f31719ce75a9c1fb89493ae65692d3fdfafe45515be5e0459ed6c40bd3db43fb19c8aa49f3e0e9a194ac36cab6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-OEDAI.tmp\686b40dcb167653cb7a8463928c26af1.tmp
MD5
681f67c011ee0ac7fd112ed351fc07db

SHA1
cc02d9564dc3e29faf3e4945567d2ce6612d1f8c

SHA256
69d2e938368d9dc2fe5ae956d49ed1005dc4bb18b878cf2e55a0931c7a5eb003

SHA512
c2011f82d2bdb135b7db862cf89298df424a6f31719ce75a9c1fb89493ae65692d3fdfafe45515be5e0459ed6c40bd3db43fb19c8aa49f3e0e9a194ac36cab6a

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\DBClient.dll
MD5
d64cbc9613edc8b8799dd36b8e3f8a62

SHA1
edacb98a4b6ac6407d0b0bdd86317b12a322ab51

SHA256
cdbe7dba0562816180f4d678a55b78c9675dbe09617fb7e3ecb0508bfe2b8681

SHA512
efdd78b35e5f24c0f3ec7a689eb8a53a24f819321cb2d790cc45ba1708209b462928ab5047a14933e4795d569d41a2ecc261158c84467698be2c57392810f19b

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\DBClient.dll
MD5
d64cbc9613edc8b8799dd36b8e3f8a62

SHA1
edacb98a4b6ac6407d0b0bdd86317b12a322ab51

SHA256
cdbe7dba0562816180f4d678a55b78c9675dbe09617fb7e3ecb0508bfe2b8681

SHA512
efdd78b35e5f24c0f3ec7a689eb8a53a24f819321cb2d790cc45ba1708209b462928ab5047a14933e4795d569d41a2ecc261158c84467698be2c57392810f19b

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\DBClient.dll
MD5
d64cbc9613edc8b8799dd36b8e3f8a62

SHA1
edacb98a4b6ac6407d0b0bdd86317b12a322ab51

SHA256
cdbe7dba0562816180f4d678a55b78c9675dbe09617fb7e3ecb0508bfe2b8681

SHA512
efdd78b35e5f24c0f3ec7a689eb8a53a24f819321cb2d790cc45ba1708209b462928ab5047a14933e4795d569d41a2ecc261158c84467698be2c57392810f19b

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\MSVCP140.dll
MD5
5ff1fca37c466d6723ec67be93b51442

SHA1
34cc4e158092083b13d67d6d2bc9e57b798a303b

SHA256
5136a49a682ac8d7f1ce71b211de8688fce42ed57210af087a8e2dbc8a934062

SHA512
4802ef62630c521d83a1d333969593fb00c9b38f82b4d07f70fbd21f495fea9b3f67676064573d2c71c42bc6f701992989742213501b16087bb6110e337c7546

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\MSVCP90.dll
MD5
30afaf23c37c439c2c83ec6518287076

SHA1
2ece38dc601315f4d05d034f66ad1d77f2845c00

SHA256
f5b6ed22ff07743402a2c90f469fa91f46fba8bf35b55312a5aaf26a448a9064

SHA512
0f87a1c55d54dccf5007a82d51ded65be9ee5619e0c82bd94b53c7d10b33237cd39e5b481dad00698bafdeac2687a7ff920ee5c5900468b5c0c93b996e803e1d

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\MSVCR90.dll
MD5
8d8325e8cdc31ffd3ba95e69d9a5bf91

SHA1
4bbe261d907e58a8487c27d2dc007ae98f1d3d2c

SHA256
1eab5f18a5733d746e681bc3d60175f8fca219dc1f94a7bb19db9e4c2c36224a

SHA512
49ba10c7ec86cff01568520c2092a993184df0b667a8bd197bc6cbe5918575028c1cd127e7d911344e5a88133827cda99aa3c1a331f26f809b04395da599c6b5

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\PDapp.exe
MD5
8c91eacff0f53860ecfc5fd67168927b

SHA1
4062cf4e7c5457849e60232f34afa2b9bbb3d827

SHA256
7e5f8c916e7359dd8a9cd4e476803cf0d89496668879aa34731a38c7ad13a45e

SHA512
dbc5f3f07b3f108d0ddc5e93256ed40cd70c8f32383dd58d698498a4cd8de3d970bd70da3c47b2e2bd9d19d5e90159ffaaf5d6e43039158b23c5cd74ae60403e

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\PDapp.exe
MD5
8c91eacff0f53860ecfc5fd67168927b

SHA1
4062cf4e7c5457849e60232f34afa2b9bbb3d827

SHA256
7e5f8c916e7359dd8a9cd4e476803cf0d89496668879aa34731a38c7ad13a45e

SHA512
dbc5f3f07b3f108d0ddc5e93256ed40cd70c8f32383dd58d698498a4cd8de3d970bd70da3c47b2e2bd9d19d5e90159ffaaf5d6e43039158b23c5cd74ae60403e

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\PDapp.exe
MD5
8c91eacff0f53860ecfc5fd67168927b

SHA1
4062cf4e7c5457849e60232f34afa2b9bbb3d827

SHA256
7e5f8c916e7359dd8a9cd4e476803cf0d89496668879aa34731a38c7ad13a45e

SHA512
dbc5f3f07b3f108d0ddc5e93256ed40cd70c8f32383dd58d698498a4cd8de3d970bd70da3c47b2e2bd9d19d5e90159ffaaf5d6e43039158b23c5cd74ae60403e

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\VCRUNTIME140.dll
MD5
a37ee36b536409056a86f50e67777dd7

SHA1
1cafa159292aa736fc595fc04e16325b27cd6750

SHA256
8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825

SHA512
3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\adbeape.dll
MD5
819b4664a21827749250288b514e2494

SHA1
2bc3885716b1d6b7de41c201ccb40a74a38d8e7b

SHA256
068302bd6b30978c739f4599bfe33f15c2ce3aefdf8abc2ef394139c94d09705

SHA512
cad17c78dfc4ffef030f677373a19fa045d9cbd627de87f35e5bf740147d894ac8c218f070d94b8832241a6dd35f81e6f1e0740f6f5412dd9fb6c5c7257b0734

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\adbeape.dll
MD5
819b4664a21827749250288b514e2494

SHA1
2bc3885716b1d6b7de41c201ccb40a74a38d8e7b

SHA256
068302bd6b30978c739f4599bfe33f15c2ce3aefdf8abc2ef394139c94d09705

SHA512
cad17c78dfc4ffef030f677373a19fa045d9cbd627de87f35e5bf740147d894ac8c218f070d94b8832241a6dd35f81e6f1e0740f6f5412dd9fb6c5c7257b0734

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\adbeape.dll
MD5
819b4664a21827749250288b514e2494

SHA1
2bc3885716b1d6b7de41c201ccb40a74a38d8e7b

SHA256
068302bd6b30978c739f4599bfe33f15c2ce3aefdf8abc2ef394139c94d09705

SHA512
cad17c78dfc4ffef030f677373a19fa045d9cbd627de87f35e5bf740147d894ac8c218f070d94b8832241a6dd35f81e6f1e0740f6f5412dd9fb6c5c7257b0734

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\asp
MD5
3c0f89972dfc853512bbf9069fbe4f36

SHA1
c9ac0d13094dd5beb8158cf2f2b9a2d9c5dc251f

SHA256
78799fa3535d592b5589a47b3af214cde9337b9e0255d3b1784d2827223c81b9

SHA512
87097c9d4314752ac499b3c56b1709eaf2e29a4b4dd9fa79e67ace4d34ca54432ecfe338b81c971411397b95ad4b7e0e35e39008852ec14fef3d776559cfd4d1

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\libchart.dll
MD5
79bf2c18072ee2a8831866e07646cf93

SHA1
fd7271b234a567127b47d687fafc88273ece3e8f

SHA256
af91253362b0451fee3f8d9faf946a09cc70b7f157d8281ef1c2f50e1d2f71f9

SHA512
2191ed7135845691afe9cc749f82f5278cdd3c2a1b816f32d2a21d5e8f1c23dd48a74579d5fbe305970533bc67b0ce1b5967e60b1da8fa101ce61f8d8e62a728

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\libchart.dll
MD5
79bf2c18072ee2a8831866e07646cf93

SHA1
fd7271b234a567127b47d687fafc88273ece3e8f

SHA256
af91253362b0451fee3f8d9faf946a09cc70b7f157d8281ef1c2f50e1d2f71f9

SHA512
2191ed7135845691afe9cc749f82f5278cdd3c2a1b816f32d2a21d5e8f1c23dd48a74579d5fbe305970533bc67b0ce1b5967e60b1da8fa101ce61f8d8e62a728

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\libchart.dll
MD5
79bf2c18072ee2a8831866e07646cf93

SHA1
fd7271b234a567127b47d687fafc88273ece3e8f

SHA256
af91253362b0451fee3f8d9faf946a09cc70b7f157d8281ef1c2f50e1d2f71f9

SHA512
2191ed7135845691afe9cc749f82f5278cdd3c2a1b816f32d2a21d5e8f1c23dd48a74579d5fbe305970533bc67b0ce1b5967e60b1da8fa101ce61f8d8e62a728

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\msvcp140.dll
MD5
5ff1fca37c466d6723ec67be93b51442

SHA1
34cc4e158092083b13d67d6d2bc9e57b798a303b

SHA256
5136a49a682ac8d7f1ce71b211de8688fce42ed57210af087a8e2dbc8a934062

SHA512
4802ef62630c521d83a1d333969593fb00c9b38f82b4d07f70fbd21f495fea9b3f67676064573d2c71c42bc6f701992989742213501b16087bb6110e337c7546

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\msvcp140.dll
MD5
5ff1fca37c466d6723ec67be93b51442

SHA1
34cc4e158092083b13d67d6d2bc9e57b798a303b

SHA256
5136a49a682ac8d7f1ce71b211de8688fce42ed57210af087a8e2dbc8a934062

SHA512
4802ef62630c521d83a1d333969593fb00c9b38f82b4d07f70fbd21f495fea9b3f67676064573d2c71c42bc6f701992989742213501b16087bb6110e337c7546

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\msvcp90.dll
MD5
30afaf23c37c439c2c83ec6518287076

SHA1
2ece38dc601315f4d05d034f66ad1d77f2845c00

SHA256
f5b6ed22ff07743402a2c90f469fa91f46fba8bf35b55312a5aaf26a448a9064

SHA512
0f87a1c55d54dccf5007a82d51ded65be9ee5619e0c82bd94b53c7d10b33237cd39e5b481dad00698bafdeac2687a7ff920ee5c5900468b5c0c93b996e803e1d

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\msvcp90.dll
MD5
30afaf23c37c439c2c83ec6518287076

SHA1
2ece38dc601315f4d05d034f66ad1d77f2845c00

SHA256
f5b6ed22ff07743402a2c90f469fa91f46fba8bf35b55312a5aaf26a448a9064

SHA512
0f87a1c55d54dccf5007a82d51ded65be9ee5619e0c82bd94b53c7d10b33237cd39e5b481dad00698bafdeac2687a7ff920ee5c5900468b5c0c93b996e803e1d

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\msvcr90.dll
MD5
8d8325e8cdc31ffd3ba95e69d9a5bf91

SHA1
4bbe261d907e58a8487c27d2dc007ae98f1d3d2c

SHA256
1eab5f18a5733d746e681bc3d60175f8fca219dc1f94a7bb19db9e4c2c36224a

SHA512
49ba10c7ec86cff01568520c2092a993184df0b667a8bd197bc6cbe5918575028c1cd127e7d911344e5a88133827cda99aa3c1a331f26f809b04395da599c6b5

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\msvcr90.dll
MD5
8d8325e8cdc31ffd3ba95e69d9a5bf91

SHA1
4bbe261d907e58a8487c27d2dc007ae98f1d3d2c

SHA256
1eab5f18a5733d746e681bc3d60175f8fca219dc1f94a7bb19db9e4c2c36224a

SHA512
49ba10c7ec86cff01568520c2092a993184df0b667a8bd197bc6cbe5918575028c1cd127e7d911344e5a88133827cda99aa3c1a331f26f809b04395da599c6b5

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\msvcr90.dll
MD5
8d8325e8cdc31ffd3ba95e69d9a5bf91

SHA1
4bbe261d907e58a8487c27d2dc007ae98f1d3d2c

SHA256
1eab5f18a5733d746e681bc3d60175f8fca219dc1f94a7bb19db9e4c2c36224a

SHA512
49ba10c7ec86cff01568520c2092a993184df0b667a8bd197bc6cbe5918575028c1cd127e7d911344e5a88133827cda99aa3c1a331f26f809b04395da599c6b5

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\tracegen.exe
MD5
f0ce1fc1ef4cdae853428faf62c7e0bb

SHA1
cc68f5f4922095219de0ed10c39e225ddd1bd99c

SHA256
1381c53093d2bc83d20e466a0e07f7d6963347862283d64582aa9960c187ad75

SHA512
d8301bc03acd774d8216cbf95e6fa59d220c5d7a6182deafcc8d9af78fa53fb89964128b81f2b6247ec48a44c538cd604159415b69754368e3dcf62b98776837

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\tracegen.exe
MD5
f0ce1fc1ef4cdae853428faf62c7e0bb

SHA1
cc68f5f4922095219de0ed10c39e225ddd1bd99c

SHA256
1381c53093d2bc83d20e466a0e07f7d6963347862283d64582aa9960c187ad75

SHA512
d8301bc03acd774d8216cbf95e6fa59d220c5d7a6182deafcc8d9af78fa53fb89964128b81f2b6247ec48a44c538cd604159415b69754368e3dcf62b98776837

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\vcruntime140.dll
MD5
a37ee36b536409056a86f50e67777dd7

SHA1
1cafa159292aa736fc595fc04e16325b27cd6750

SHA256
8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825

SHA512
3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\vcruntime140.dll
MD5
a37ee36b536409056a86f50e67777dd7

SHA1
1cafa159292aa736fc595fc04e16325b27cd6750

SHA256
8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825

SHA512
3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356

Download Submit
C:\Users\Admin\AppData\Roaming\Sure Cuts A Lot 5\vcruntime140.dll
MD5
a37ee36b536409056a86f50e67777dd7

SHA1
1cafa159292aa736fc595fc04e16325b27cd6750

SHA256
8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825

SHA512
3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356

Download Submit
memory/652-139-0x00000000007F0000-0x00000000007F1000-memory.dmp

Filesize
4KB

Download
memory/2028-137-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2028-135-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2852-164-0x0000000004880000-0x0000000008A80000-memory.dmp

Filesize
66.0MB

Download
memory/2852-163-0x0000000003060000-0x0000000003067000-memory.dmp

Filesize
28KB

Download
memory/2952-130-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2952-132-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/3704-134-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/3784-173-0x0000000001EE0000-0x0000000001EE7000-memory.dmp

Filesize
28KB

Download
memory/3784-178-0x00000000025F0000-0x00000000067F0000-memory.dmp

Filesize
66.0MB

Download