babadeda | ca64b1e99580e69332a4ab3075c51f39880f6e291e802535a887b52b626f1937

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
26-06-2022 18:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca64b1e99580e69332a4ab3075c51f39880f6e291e802535a887b52b626f1937.msi
Size

22.0MB
MD5

9c1c49947a2cb029af26cb301d936974
SHA1

1a4450f3719b505904c6b36de8c13ea6f838bb4a
SHA256

ca64b1e99580e69332a4ab3075c51f39880f6e291e802535a887b52b626f1937
SHA512

5f0c89d766980857285fff9dc8293f60b82624ef0e51a9b647f03f192433338437320db42062fa8494d63dd9ef65ac1cc1b6bef47cd1da858e0568346d90553a

Score

10^/10

babadeda remcos win32lux crypter loader rat

Malware Config

Extracted

Family

remcos

Botnet

Win32LUX

144.91.79.86:4783

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
Win32_64.exe
copy_folder
Logs
delete_file
false
hide_file
true
hide_keylog_file
true
install_flag
false
install_path
%UserProfile%
keylog_crypt
false
keylog_file
log.dat
keylog_flag
false
keylog_folder
Logs
keylog_path
%AppData%
mouse_option
false
mutex
GDSGFDS42424FSAF-RP31EK
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 2 IoCs

resource	yara_rule
behavioral2/files/0x0002000000022b52-168.dat	family_babadeda
behavioral2/memory/5084-176-0x00000000078C0000-0x000000000AFC0000-memory.dmp	family_babadeda

Remcos
Remcos is a closed-source remote control and surveillance software.
rat remcos

Blocklisted process makes network request 1 IoCs

flow	pid	Process
3	3124	msiexec.exe

Executes dropped EXE 1 IoCs

pid	Process
5084	Mp3tag.exe

Loads dropped DLL 17 IoCs

pid	Process
4992	MsiExec.exe
4992	MsiExec.exe
4992	MsiExec.exe
4992	MsiExec.exe
5084	Mp3tag.exe
5084	Mp3tag.exe
5084	Mp3tag.exe
5084	Mp3tag.exe
5084	Mp3tag.exe
5084	Mp3tag.exe
5084	Mp3tag.exe
5084	Mp3tag.exe
5084	Mp3tag.exe
5084	Mp3tag.exe
5084	Mp3tag.exe
5084	Mp3tag.exe
5084	Mp3tag.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe

Drops file in Windows directory 11 IoCs

description	ioc	Process
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7F7A.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI794B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7C7A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7CF8.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\e5677d4.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5677d4.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7BDD.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{69BFD9CA-DA8C-401C-BC6E-AA448E05D6D2}	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Detects BABADEDA Crypter 2 IoCs

Detects BABADEDA Crypter.

resource	yara_rule
behavioral2/files/0x0002000000022b52-168.dat	BABADEDA_Crypter
behavioral2/memory/5084-176-0x00000000078C0000-0x000000000AFC0000-memory.dmp	BABADEDA_Crypter

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
724	msiexec.exe
724	msiexec.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3124	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3124	msiexec.exe
Token: SeSecurityPrivilege	724	msiexec.exe
Token: SeCreateTokenPrivilege	3124	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3124	msiexec.exe
Token: SeLockMemoryPrivilege	3124	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3124	msiexec.exe
Token: SeMachineAccountPrivilege	3124	msiexec.exe
Token: SeTcbPrivilege	3124	msiexec.exe
Token: SeSecurityPrivilege	3124	msiexec.exe
Token: SeTakeOwnershipPrivilege	3124	msiexec.exe
Token: SeLoadDriverPrivilege	3124	msiexec.exe
Token: SeSystemProfilePrivilege	3124	msiexec.exe
Token: SeSystemtimePrivilege	3124	msiexec.exe
Token: SeProfSingleProcessPrivilege	3124	msiexec.exe
Token: SeIncBasePriorityPrivilege	3124	msiexec.exe
Token: SeCreatePagefilePrivilege	3124	msiexec.exe
Token: SeCreatePermanentPrivilege	3124	msiexec.exe
Token: SeBackupPrivilege	3124	msiexec.exe
Token: SeRestorePrivilege	3124	msiexec.exe
Token: SeShutdownPrivilege	3124	msiexec.exe
Token: SeDebugPrivilege	3124	msiexec.exe
Token: SeAuditPrivilege	3124	msiexec.exe
Token: SeSystemEnvironmentPrivilege	3124	msiexec.exe
Token: SeChangeNotifyPrivilege	3124	msiexec.exe
Token: SeRemoteShutdownPrivilege	3124	msiexec.exe
Token: SeUndockPrivilege	3124	msiexec.exe
Token: SeSyncAgentPrivilege	3124	msiexec.exe
Token: SeEnableDelegationPrivilege	3124	msiexec.exe
Token: SeManageVolumePrivilege	3124	msiexec.exe
Token: SeImpersonatePrivilege	3124	msiexec.exe
Token: SeCreateGlobalPrivilege	3124	msiexec.exe
Token: SeRestorePrivilege	724	msiexec.exe
Token: SeTakeOwnershipPrivilege	724	msiexec.exe
Token: SeRestorePrivilege	724	msiexec.exe
Token: SeTakeOwnershipPrivilege	724	msiexec.exe
Token: SeRestorePrivilege	724	msiexec.exe
Token: SeTakeOwnershipPrivilege	724	msiexec.exe
Token: SeRestorePrivilege	724	msiexec.exe
Token: SeTakeOwnershipPrivilege	724	msiexec.exe
Token: SeRestorePrivilege	724	msiexec.exe
Token: SeTakeOwnershipPrivilege	724	msiexec.exe
Token: SeRestorePrivilege	724	msiexec.exe
Token: SeTakeOwnershipPrivilege	724	msiexec.exe
Token: SeRestorePrivilege	724	msiexec.exe
Token: SeTakeOwnershipPrivilege	724	msiexec.exe
Token: SeRestorePrivilege	724	msiexec.exe
Token: SeTakeOwnershipPrivilege	724	msiexec.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
3124	msiexec.exe
3124	msiexec.exe
5084	Mp3tag.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
5084	Mp3tag.exe
5084	Mp3tag.exe
5084	Mp3tag.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 724 wrote to memory of 4992	724	msiexec.exe	84
PID 724 wrote to memory of 4992	724	msiexec.exe	84
PID 724 wrote to memory of 4992	724	msiexec.exe	84
PID 724 wrote to memory of 5084	724	msiexec.exe	85
PID 724 wrote to memory of 5084	724	msiexec.exe	85
PID 724 wrote to memory of 5084	724	msiexec.exe	85

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ca64b1e99580e69332a4ab3075c51f39880f6e291e802535a887b52b626f1937.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3124

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:724
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding C222B2CADEAAAB4DB439342F62AFABC9
  2⤵
  - Loads dropped DLL
  PID:4992
- C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\Mp3tag.exe
  "C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\Mp3tag.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:5084

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\MSVCP140.dll

Filesize
428KB

MD5
fdd04dbbcf321eee5f4dd67266f476b0

SHA1
65ffdfe2664a29a41fcf5039229ccecad5b825b9

SHA256
21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794

SHA512
04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\Mp3tag.exe

Filesize
8.6MB

MD5
92c1655770e49b1dc19359ea1f02e780

SHA1
16b459328f086dd988bfb2b45288d32652400301

SHA256
bf9a506f8c9409fe9609c9590477fdb5cbd185c7b76344260a2494ec064feb28

SHA512
b5e7d6eb435411449402840161d47ec17a6d7f24853e3536d0619dfec5b5fead9de9336560a434735c343e2d96f22d97b9be6c5a52e708c97ced6999808946f6

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\Qt5Core.dll

Filesize
4.3MB

MD5
cec46037eb661c06d4ec201b3f83bf63

SHA1
805005dadefabaded3abfdbde0f08a335f79075b

SHA256
fbe41ebb5d2481195ab6e05b80bc6ebf6cc4061fc55f9449aa976fafbaa1be51

SHA512
5adc8edce66b1255ebcdd52fa97cd6c403947749675b14c145adf74a20db39e9bbc026148a3f681817ec589403348689cfcc4d68f2e32bf2bcf4cdb0cb6acb4d

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\Qt5Core.dll

Filesize
4.3MB

MD5
cec46037eb661c06d4ec201b3f83bf63

SHA1
805005dadefabaded3abfdbde0f08a335f79075b

SHA256
fbe41ebb5d2481195ab6e05b80bc6ebf6cc4061fc55f9449aa976fafbaa1be51

SHA512
5adc8edce66b1255ebcdd52fa97cd6c403947749675b14c145adf74a20db39e9bbc026148a3f681817ec589403348689cfcc4d68f2e32bf2bcf4cdb0cb6acb4d

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\VCRUNTIME140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\effects.dat

Filesize
452KB

MD5
8be35e234332d62efa23e2a3a155bc6b

SHA1
af1e8eb9fb32a685c7b65eea73634b52530dbce1

SHA256
5f7b5f2fe88dcfb1235e0d2a9edcd2b510f486ddb15920910d59d746101f9be9

SHA512
a34c6a77ef6fc923e3d7e6c87e6fc4346f24bce0734db8bd4a4cf77646e311e8a9ad33bdad6ee924e4e5e76d232765f457faf86a0750b2e18f6aefbbd84c7900

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\height

Filesize
1.3MB

MD5
4c96063ccbdae803a0d7d71793faf091

SHA1
20d50a604fbb1035b056bc1dcc311ef83ee5e217

SHA256
fbc641d06ff462b71c6f4f809b474a0974e32e565d63e43e29ada7805ba70a31

SHA512
56dd62da908878e6eb5dcfbcaeedc0688dee0dc649fc0e079b175637f34b0da75a0f0b1280d786b24b7c7ba9459bb33173aacd25793e8cba29b0dc9a917ebb0f

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\icudt71.dll

Filesize
29.0MB

MD5
4e1cb54c8066528623f4d041f066e6c5

SHA1
e0968d21cf45af4c38647236501bcfac395e10e9

SHA256
ea4baf6dd53921d866cf8df487b63001cbbde5f68daa15f80d3192a6251d88a5

SHA512
56c30c5438184f8827cab1de568fc5e0a97c7e3397b42dc841f9cef8fbbad44a6c445181cde791a2457d061b5f9b36409d3cfd6719584882a3d9d40f33545cb6

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\icudt71.dll

Filesize
29.0MB

MD5
4e1cb54c8066528623f4d041f066e6c5

SHA1
e0968d21cf45af4c38647236501bcfac395e10e9

SHA256
ea4baf6dd53921d866cf8df487b63001cbbde5f68daa15f80d3192a6251d88a5

SHA512
56c30c5438184f8827cab1de568fc5e0a97c7e3397b42dc841f9cef8fbbad44a6c445181cde791a2457d061b5f9b36409d3cfd6719584882a3d9d40f33545cb6

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\icuin71.dll

Filesize
2.3MB

MD5
713e2d3461f3c884e1ff5d3f4deaa630

SHA1
29b55b6e033d0b1af8b74015589335967954e6d8

SHA256
c834709dcebbdaaca41e59257c7775cd09edd74aa57fa2214a2b2169af9512bd

SHA512
bf1bd99299ce9b446dfaced73ae65210eddc0112ccf63e08a08dff6ae9d5260d33dfc4678e12ec8175a5eaa590dd4c578a41f7f3f2ab05d21d445f2e812d3d47

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\icuin71.dll

Filesize
2.3MB

MD5
713e2d3461f3c884e1ff5d3f4deaa630

SHA1
29b55b6e033d0b1af8b74015589335967954e6d8

SHA256
c834709dcebbdaaca41e59257c7775cd09edd74aa57fa2214a2b2169af9512bd

SHA512
bf1bd99299ce9b446dfaced73ae65210eddc0112ccf63e08a08dff6ae9d5260d33dfc4678e12ec8175a5eaa590dd4c578a41f7f3f2ab05d21d445f2e812d3d47

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\icuuc71.dll

Filesize
1.4MB

MD5
5324cb24f59e94ee160ce15a0bd728fe

SHA1
17a76f3122a02ae430fb4af466d6845ab9be9871

SHA256
7525f8a6de91d0481c875a655322de6e5a9b51aff974ce37a2a8ebdd70a23c96

SHA512
cece7ff4b2be71508b0a8e0615be47a0a06e41532b495f6a5f8e75ca2b323ab2a4d70d924e4b8689e2b938b491485be94f3091411f94ef9c8ac52f4365479f5f

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\icuuc71.dll

Filesize
1.4MB

MD5
5324cb24f59e94ee160ce15a0bd728fe

SHA1
17a76f3122a02ae430fb4af466d6845ab9be9871

SHA256
7525f8a6de91d0481c875a655322de6e5a9b51aff974ce37a2a8ebdd70a23c96

SHA512
cece7ff4b2be71508b0a8e0615be47a0a06e41532b495f6a5f8e75ca2b323ab2a4d70d924e4b8689e2b938b491485be94f3091411f94ef9c8ac52f4365479f5f

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\librfont-20.dll

Filesize
19KB

MD5
d920122b19425ddb92bdf3f6f25a95da

SHA1
e69553dfb32f22cb6ceb85186bb2789e3841344b

SHA256
5967d43ecde96f44d068c5e3b59a2e5f206d94b245307a60797e1db270ac4559

SHA512
b26e5f86c583a833ab53beb214283437bd1f5cb527047d8708cc3943099ae7cfee6f7aba399832a92cd0366bbe5be9eef3e59e621da5d12dd976e1fe668ef24f

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\librfont-20.dll

Filesize
19KB

MD5
d920122b19425ddb92bdf3f6f25a95da

SHA1
e69553dfb32f22cb6ceb85186bb2789e3841344b

SHA256
5967d43ecde96f44d068c5e3b59a2e5f206d94b245307a60797e1db270ac4559

SHA512
b26e5f86c583a833ab53beb214283437bd1f5cb527047d8708cc3943099ae7cfee6f7aba399832a92cd0366bbe5be9eef3e59e621da5d12dd976e1fe668ef24f

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\msvcp140.dll

Filesize
428KB

MD5
fdd04dbbcf321eee5f4dd67266f476b0

SHA1
65ffdfe2664a29a41fcf5039229ccecad5b825b9

SHA256
21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794

SHA512
04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\pcre2-16.dll

Filesize
435KB

MD5
95a46fa2ad9f33dd995aad7d1f43ef46

SHA1
45769d5e69d2dfc190c30fce24b725335d44b645

SHA256
3b79d54b04774467c0b1d46b4d857c878c703cd3b057b513426d6b8169e36990

SHA512
b8003e0b8a173974d9c4ef284443d1a815272d7f153c991fd11109fcfc2c9ae3ddc240316d06a826a53ec9dca8c6ae681867f4b53278f6c3e4e0952514223fe6

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\pcre2-16.dll

Filesize
435KB

MD5
95a46fa2ad9f33dd995aad7d1f43ef46

SHA1
45769d5e69d2dfc190c30fce24b725335d44b645

SHA256
3b79d54b04774467c0b1d46b4d857c878c703cd3b057b513426d6b8169e36990

SHA512
b8003e0b8a173974d9c4ef284443d1a815272d7f153c991fd11109fcfc2c9ae3ddc240316d06a826a53ec9dca8c6ae681867f4b53278f6c3e4e0952514223fe6

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\tak_deco_lib.dll

Filesize
131KB

MD5
2b2296a44e05f2ab00721ca622c33909

SHA1
b717fd92138c26150bdd0044139334e99fd8080c

SHA256
2dd7c166a1decb135a4495956aaa1b617f42844ae6d97f32e93b1fb75e105063

SHA512
dfdc927ce0ac8465cf66432094be9a034fe3420b4a2461862800355e554693077c79c997029b0dfbe620c6bcd8b298c4b7e55f1b4176d9b02412a578c626976d

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\tak_deco_lib.dll

Filesize
131KB

MD5
2b2296a44e05f2ab00721ca622c33909

SHA1
b717fd92138c26150bdd0044139334e99fd8080c

SHA256
2dd7c166a1decb135a4495956aaa1b617f42844ae6d97f32e93b1fb75e105063

SHA512
dfdc927ce0ac8465cf66432094be9a034fe3420b4a2461862800355e554693077c79c997029b0dfbe620c6bcd8b298c4b7e55f1b4176d9b02412a578c626976d

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\tak_deco_lib.dll

Filesize
131KB

MD5
2b2296a44e05f2ab00721ca622c33909

SHA1
b717fd92138c26150bdd0044139334e99fd8080c

SHA256
2dd7c166a1decb135a4495956aaa1b617f42844ae6d97f32e93b1fb75e105063

SHA512
dfdc927ce0ac8465cf66432094be9a034fe3420b4a2461862800355e554693077c79c997029b0dfbe620c6bcd8b298c4b7e55f1b4176d9b02412a578c626976d

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\vcruntime140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\vcruntime140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\zlib1.dll

Filesize
76KB

MD5
3e1ed8b1f5c5dff123e81b34ab028745

SHA1
9964a9a3be31902b2d3eb59baf478520c2997558

SHA256
4168bc413807f789b48ae83892a92db0f49eb9ce7c781b59b0444dc78c0c39e9

SHA512
04e74d44916b5886e3a8109ab2aab467ec2a7130e7f52ff9a8aceadd4d7c3b64087885749c47b12a52fdd4c814aa67177725ec4e5b035aba0dc6947111bfe78b

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\zlib1.dll

Filesize
76KB

MD5
3e1ed8b1f5c5dff123e81b34ab028745

SHA1
9964a9a3be31902b2d3eb59baf478520c2997558

SHA256
4168bc413807f789b48ae83892a92db0f49eb9ce7c781b59b0444dc78c0c39e9

SHA512
04e74d44916b5886e3a8109ab2aab467ec2a7130e7f52ff9a8aceadd4d7c3b64087885749c47b12a52fdd4c814aa67177725ec4e5b035aba0dc6947111bfe78b

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\zstd.dll

Filesize
499KB

MD5
5cf3a8ea1c642d6e22f34a756310d222

SHA1
f420f402120d5b60e88a5a4091716318ab062a39

SHA256
8ba8b1095f5982e59793fe5887c791ba033e885eefa38dc3810998ca618afcbe

SHA512
febe8c8e2cc709bb800f71f72b3e3d06f0b18d4ff8be4da130c2aeacf84c002757d27bf330e9566bd7eeebbad75e20d07f257220dc48d2225e94241d90ce2e11

Download Submit
C:\Users\Admin\AppData\Roaming\PDFsam Basic\PDFsam Basic\zstd.dll

Filesize
499KB

MD5
5cf3a8ea1c642d6e22f34a756310d222

SHA1
f420f402120d5b60e88a5a4091716318ab062a39

SHA256
8ba8b1095f5982e59793fe5887c791ba033e885eefa38dc3810998ca618afcbe

SHA512
febe8c8e2cc709bb800f71f72b3e3d06f0b18d4ff8be4da130c2aeacf84c002757d27bf330e9566bd7eeebbad75e20d07f257220dc48d2225e94241d90ce2e11

Download Submit
C:\Windows\Installer\MSI794B.tmp

Filesize
524KB

MD5
6ea65025106536eb75f026e46643b099

SHA1
d6f5801e370c92d8e5c2336b4022cc6cb6ec1f99

SHA256
dae76cce74d63e7935fde4383020659d75b68632f8a01f2053ec895e69bb4efb

SHA512
062aed4c7541346b7338e1d234a50aa9af76f103a65268ba65a42508a26c10cc27ccfce6131485403afa36d8a8cd69f3bf1e55cd1a1f675357b87228aacbb988

Download Submit
C:\Windows\Installer\MSI794B.tmp

Filesize
524KB

MD5
6ea65025106536eb75f026e46643b099

SHA1
d6f5801e370c92d8e5c2336b4022cc6cb6ec1f99

SHA256
dae76cce74d63e7935fde4383020659d75b68632f8a01f2053ec895e69bb4efb

SHA512
062aed4c7541346b7338e1d234a50aa9af76f103a65268ba65a42508a26c10cc27ccfce6131485403afa36d8a8cd69f3bf1e55cd1a1f675357b87228aacbb988

Download Submit
C:\Windows\Installer\MSI7BDD.tmp

Filesize
524KB

MD5
6ea65025106536eb75f026e46643b099

SHA1
d6f5801e370c92d8e5c2336b4022cc6cb6ec1f99

SHA256
dae76cce74d63e7935fde4383020659d75b68632f8a01f2053ec895e69bb4efb

SHA512
062aed4c7541346b7338e1d234a50aa9af76f103a65268ba65a42508a26c10cc27ccfce6131485403afa36d8a8cd69f3bf1e55cd1a1f675357b87228aacbb988

Download Submit
C:\Windows\Installer\MSI7BDD.tmp

Filesize
524KB

MD5
6ea65025106536eb75f026e46643b099

SHA1
d6f5801e370c92d8e5c2336b4022cc6cb6ec1f99

SHA256
dae76cce74d63e7935fde4383020659d75b68632f8a01f2053ec895e69bb4efb

SHA512
062aed4c7541346b7338e1d234a50aa9af76f103a65268ba65a42508a26c10cc27ccfce6131485403afa36d8a8cd69f3bf1e55cd1a1f675357b87228aacbb988

Download Submit
C:\Windows\Installer\MSI7C7A.tmp

Filesize
524KB

MD5
6ea65025106536eb75f026e46643b099

SHA1
d6f5801e370c92d8e5c2336b4022cc6cb6ec1f99

SHA256
dae76cce74d63e7935fde4383020659d75b68632f8a01f2053ec895e69bb4efb

SHA512
062aed4c7541346b7338e1d234a50aa9af76f103a65268ba65a42508a26c10cc27ccfce6131485403afa36d8a8cd69f3bf1e55cd1a1f675357b87228aacbb988

Download Submit
C:\Windows\Installer\MSI7C7A.tmp

Filesize
524KB

MD5
6ea65025106536eb75f026e46643b099

SHA1
d6f5801e370c92d8e5c2336b4022cc6cb6ec1f99

SHA256
dae76cce74d63e7935fde4383020659d75b68632f8a01f2053ec895e69bb4efb

SHA512
062aed4c7541346b7338e1d234a50aa9af76f103a65268ba65a42508a26c10cc27ccfce6131485403afa36d8a8cd69f3bf1e55cd1a1f675357b87228aacbb988

Download Submit
C:\Windows\Installer\MSI7CF8.tmp

Filesize
524KB

MD5
6ea65025106536eb75f026e46643b099

SHA1
d6f5801e370c92d8e5c2336b4022cc6cb6ec1f99

SHA256
dae76cce74d63e7935fde4383020659d75b68632f8a01f2053ec895e69bb4efb

SHA512
062aed4c7541346b7338e1d234a50aa9af76f103a65268ba65a42508a26c10cc27ccfce6131485403afa36d8a8cd69f3bf1e55cd1a1f675357b87228aacbb988

Download Submit
C:\Windows\Installer\MSI7CF8.tmp

Filesize
524KB

MD5
6ea65025106536eb75f026e46643b099

SHA1
d6f5801e370c92d8e5c2336b4022cc6cb6ec1f99

SHA256
dae76cce74d63e7935fde4383020659d75b68632f8a01f2053ec895e69bb4efb

SHA512
062aed4c7541346b7338e1d234a50aa9af76f103a65268ba65a42508a26c10cc27ccfce6131485403afa36d8a8cd69f3bf1e55cd1a1f675357b87228aacbb988

Download Submit
memory/5084-144-0x0000000000F10000-0x0000000000F36000-memory.dmp

Filesize
152KB

Download
memory/5084-148-0x0000000000F10000-0x0000000000F36000-memory.dmp

Filesize
152KB

Download
memory/5084-169-0x0000000005F60000-0x0000000005FF9000-memory.dmp

Filesize
612KB

Download
memory/5084-176-0x00000000078C0000-0x000000000AFC0000-memory.dmp

Filesize
55.0MB

Download
memory/5084-177-0x000000000B3C0000-0x000000000B437000-memory.dmp

Filesize
476KB

Download
memory/5084-178-0x000000000B3C0000-0x000000000B437000-memory.dmp

Filesize
476KB

Download