babadeda | 23bea1864fdf68b0b774208f921308d2ae0e5f3b76851c4b5dbb9e28e3a16bae

Resubmissions

01-08-2022 22:58

220801-2x541sbagp 10

01-08-2022 19:40

220801-ydnh3shffl 10

Analysis

max time kernel
221s
max time network
231s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2022 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Helium-dApp-v2.1.2.exe
Size

129.3MB
MD5

5f98efd920eff5241d487d12aaf24c23
SHA1

0be0ff093a58784af0f3e06e2183ce6fdd7f4ef9
SHA256

61b7877f85a4dc56e3cd9d34e80219f8d6fc0ea2f09aa3ae3cb9ea1d099030d1
SHA512

a7130040baf06c8b2dccba72308ef846e95b864802f7eb92e0b54240afa8937c34c2bdaabad522bbaab20cd6d141189dc0ad18cbb5328218b30a51d52a55e731

Score

10^/10

babadeda remcos sys32 crypter loader rat

Malware Config

Extracted

Family

remcos

Botnet

Sys32

65.108.9.124:4783

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
true
install_flag
false
install_path
%AppData%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
Logs
keylog_path
%AppData%
mouse_option
false
mutex
Sys32-PI9IVT
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 2 IoCs

resource	yara_rule
behavioral2/files/0x0006000000022fbd-157.dat	family_babadeda
behavioral2/memory/2716-200-0x00000000060E0000-0x00000000098E0000-memory.dmp	family_babadeda

Remcos
Remcos is a closed-source remote control and surveillance software.
rat remcos

Executes dropped EXE 3 IoCs

pid	Process
2248	Helium-dApp-v2.1.2.tmp
3540	Helium-dApp-v2.1.2.tmp
2716	Mp3tag.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2660308776-3705150086-26593515-1000\Control Panel\International\Geo\Nation	Helium-dApp-v2.1.2.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-2660308776-3705150086-26593515-1000\Control Panel\International\Geo\Nation	Helium-dApp-v2.1.2.tmp

Loads dropped DLL 6 IoCs

pid	Process
2716	Mp3tag.exe
2716	Mp3tag.exe
2716	Mp3tag.exe
2716	Mp3tag.exe
2716	Mp3tag.exe
2716	Mp3tag.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 23 IoCs

pid	Process
3540	Helium-dApp-v2.1.2.tmp
3540	Helium-dApp-v2.1.2.tmp
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2716	Mp3tag.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4268	taskmgr.exe
Token: SeSystemProfilePrivilege	4268	taskmgr.exe
Token: SeCreateGlobalPrivilege	4268	taskmgr.exe
Token: 33	4268	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4268	taskmgr.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
3540	Helium-dApp-v2.1.2.tmp
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe

Suspicious use of SendNotifyMessage 46 IoCs

pid	Process
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe
4268	taskmgr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2716	Mp3tag.exe
2716	Mp3tag.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 4524 wrote to memory of 2248	4524	Helium-dApp-v2.1.2.exe	83
PID 4524 wrote to memory of 2248	4524	Helium-dApp-v2.1.2.exe	83
PID 4524 wrote to memory of 2248	4524	Helium-dApp-v2.1.2.exe	83
PID 2248 wrote to memory of 3108	2248	Helium-dApp-v2.1.2.tmp	84
PID 2248 wrote to memory of 3108	2248	Helium-dApp-v2.1.2.tmp	84
PID 2248 wrote to memory of 3108	2248	Helium-dApp-v2.1.2.tmp	84
PID 3108 wrote to memory of 3540	3108	Helium-dApp-v2.1.2.exe	87
PID 3108 wrote to memory of 3540	3108	Helium-dApp-v2.1.2.exe	87
PID 3108 wrote to memory of 3540	3108	Helium-dApp-v2.1.2.exe	87
PID 3540 wrote to memory of 2716	3540	Helium-dApp-v2.1.2.tmp	89
PID 3540 wrote to memory of 2716	3540	Helium-dApp-v2.1.2.tmp	89
PID 3540 wrote to memory of 2716	3540	Helium-dApp-v2.1.2.tmp	89

C:\Users\Admin\AppData\Local\Temp\Helium-dApp-v2.1.2.exe
"C:\Users\Admin\AppData\Local\Temp\Helium-dApp-v2.1.2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4524
- C:\Users\Admin\AppData\Local\Temp\is-UUDRJ.tmp\Helium-dApp-v2.1.2.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-UUDRJ.tmp\Helium-dApp-v2.1.2.tmp" /SL5="$80052,134681852,886272,C:\Users\Admin\AppData\Local\Temp\Helium-dApp-v2.1.2.exe"
  2⤵
  - Executes dropped EXE
  - Checks computer location settings
  - Suspicious use of WriteProcessMemory
  PID:2248
- - C:\Users\Admin\AppData\Local\Temp\Helium-dApp-v2.1.2.exe
    "C:\Users\Admin\AppData\Local\Temp\Helium-dApp-v2.1.2.exe" /VERYSILENT
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\is-KBJQF.tmp\Helium-dApp-v2.1.2.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-KBJQF.tmp\Helium-dApp-v2.1.2.tmp" /SL5="$90052,134681852,886272,C:\Users\Admin\AppData\Local\Temp\Helium-dApp-v2.1.2.exe" /VERYSILENT
      4⤵
      Executes dropped EXE
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:3540
    - - C:\Users\Admin\AppData\Roaming\Strong Recovery Master\Mp3tag.exe
        
        "C:\Users\Admin\AppData\Roaming\Strong Recovery Master\Mp3tag.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of SetWindowsHookEx
        
        PID:2716

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3784

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4268

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-KBJQF.tmp\Helium-dApp-v2.1.2.tmp

Filesize
3.1MB

MD5
c84f8770d0702ea9e6cc2ae16502ec95

SHA1
541f4fe0980072e560e8e8b5910f23910a40499a

SHA256
2a693dce0e087c22990ababc2922bb1be50a10c888fb0d5ceb50c6a32734099d

SHA512
34c5d315854d7e34555779631ae0e38bfeb486ec8229b6c52b671e35af24713f23dbd64fb2aa2ea2b16b5c4a2310648a3ba9e6d2084a0c533c5af48bc6dec26d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-UUDRJ.tmp\Helium-dApp-v2.1.2.tmp

Filesize
3.1MB

MD5
c84f8770d0702ea9e6cc2ae16502ec95

SHA1
541f4fe0980072e560e8e8b5910f23910a40499a

SHA256
2a693dce0e087c22990ababc2922bb1be50a10c888fb0d5ceb50c6a32734099d

SHA512
34c5d315854d7e34555779631ae0e38bfeb486ec8229b6c52b671e35af24713f23dbd64fb2aa2ea2b16b5c4a2310648a3ba9e6d2084a0c533c5af48bc6dec26d

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\Help-English.chm

Filesize
587KB

MD5
2eb4f53ae6bd1b85c8a34020d37fbe22

SHA1
da2e015b284c777585055df22c2c83bda0a62f2d

SHA256
ff09f8496fbec5c9453f50cdeb06819d608b6194e657d029b2bc8744c53da7e0

SHA512
163899c6821e835c22f0043fcd39293b45c4c621b83389b603f3dfc86f3f53e8a69abdb5c9caf77de55e5e29c0ad6e26f52c4fc10751c41eccec23b20062b24c

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\Help-French.chm

Filesize
610KB

MD5
83352aae89bf34e7e06308e6be436a74

SHA1
4c3af7c0bb241a13c6debe6a536e51a9168a070a

SHA256
76de175d74cc0c76b22fed9cf92c27454f13291487d1c4862b22b44ec11f8394

SHA512
5f5aef9092db37fff8cd34243a89073aec3358ce3d6567f47bd943cd78d547e9f0d4ef20c24710f29e4af676683a5cd70421ab456eab85305924dd1cb9d8d67c

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\Help-German.chm

Filesize
630KB

MD5
37ea5ae1b45287977e65dbe1faaef1c9

SHA1
e5a459700198c3de5c658f67eedf749379c7cd97

SHA256
4fa129633bd035751f0fa7c376ad51731e78207408e5abe334e1542d5af2bb8f

SHA512
66a17761cfae732280f5a61d98514100f92e23699ab0116da6756890a53e971177b1ec11213e7080881c935ffe352ec4e0676a7152f63bbdcc35b74ae70a91b8

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\Help-Polish.chm

Filesize
629KB

MD5
d581f7b2554311d06abe30af742cdd23

SHA1
5a6daaf86bb5648fb5c0fcc7b0cd7ecff8a5bc98

SHA256
ab629a0a4e8b9d6ce427edda082dc2ce4710248f2ce95f96ec8f2a9b772f1f6e

SHA512
f62d096ae32a60ef5bc2d411be91caac0dc087a4cd433085f56bfdb89ade88742c112cdc1b2818ba5c5085a27e14c4f609fa8823ebe83e85e725c9da06973550

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\Help-Spanish.chm

Filesize
606KB

MD5
2e6bdff2f4fad5371a7186eb61b4620c

SHA1
6d9fda4bfe4732815cad0e7aa5366774a091e6e6

SHA256
cd6d7caeccf6297b7167dc5a7359056d442dc60bd6e0cc8365893a29d26111d8

SHA512
fca3230b529c6e9441dd4e4ff6ebdf6002cb093a69bfa3cc4e097273af6aa612715ff9f2f638a424599a12ce146d548cc4de9430c098a481e630fd1c5e98006f

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\History.txt

Filesize
28KB

MD5
a227ca2864720ddbb1ed98fa86c19144

SHA1
c203185d03f247fb6dd1bd1b7d930bddd0c8ffda

SHA256
120fe3d9c3ed32f75611e25955e5a1adfb22f3e73a846b8d535d4ea18659f2bb

SHA512
3ea6bc16e55250f6e505dc1ebcfe571c1af6f5a47475e7275fee1a53671482204bd7a3dc7356fc3689a074c9b759ec79bd4694f29f9fdd51b51371b11b5a5d62

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\MSVCP140.dll

Filesize
428KB

MD5
fdd04dbbcf321eee5f4dd67266f476b0

SHA1
65ffdfe2664a29a41fcf5039229ccecad5b825b9

SHA256
21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794

SHA512
04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\Mp3tag.exe

Filesize
8.6MB

MD5
92c1655770e49b1dc19359ea1f02e780

SHA1
16b459328f086dd988bfb2b45288d32652400301

SHA256
bf9a506f8c9409fe9609c9590477fdb5cbd185c7b76344260a2494ec064feb28

SHA512
b5e7d6eb435411449402840161d47ec17a6d7f24853e3536d0619dfec5b5fead9de9336560a434735c343e2d96f22d97b9be6c5a52e708c97ced6999808946f6

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\VCRUNTIME140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\intro.dat

Filesize
452KB

MD5
375add568d17aee03919c72bf76274a1

SHA1
68b830009f336cf68c0837630ad4acd39ee4fe02

SHA256
9e23405023848dacfd7eefa20d3eab91dda8054607c23ff0fed93ee7bd7c06c1

SHA512
3b264e40a190c442b81636b38604c03a3878f6f6a0d3d23c698958267fca57a9609db99a7c0387a8047b98e03291a192c1aedf5b2d84a1afd0254281d254e07b

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Chinese-H.ico

Filesize
1KB

MD5
1fc48b93562b46e428a2db1d4ea4a099

SHA1
772bc0d8527c5a0450fc0ff8ce525fca240564a5

SHA256
0b29a27f3d2ab4379cd99e9e7a93f6e40a0fe12cb73d1e6f3d296ec2c7e38a58

SHA512
55634f207c835a4dfd90ea1501a9ea5a0c406940def5f3b690d8b67085da8e61e890b29be679da61e8ce58a6f176b9f8927c02b81dea25a9de5561e1ea054a58

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Chinese.ico

Filesize
1KB

MD5
2ca29c521af17539d17968900ed650a1

SHA1
b508852a5febaa2ebd942229cc9104df4059430f

SHA256
1b8a834029f10ec10d796c8344b990df082a3b3c67e8f480d8ce48c07177d549

SHA512
90ba3bd6431912fa44458675eff9be42d99665b505d5dc4012591f4b018033ff95c6b7adceffe639040aa32ed2ef8c978c249fae9ede5a2db26e9b522d61d11d

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Chinese.lng

Filesize
33KB

MD5
6ffca121b98fe96e137fb02a96165844

SHA1
54c4a3a5f64793404e6432ee73cd813ff80d7987

SHA256
8fe61fa9fce770d0e38fa2c74bd81b926767bc31e70d3ae4445f283f9791e232

SHA512
cfb8f5a4d951bb2ed638cf95d3bdb5fce42e35f4ca2c2ec55a84fba06bb98e47b803099a19a009fbec09891ead41179f9781d3c6713a34374ffae63a2b0aff67

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\English-H.ico

Filesize
1KB

MD5
e5e33562181f5549042249668092b0db

SHA1
7103748dd38ec44a3dea582a9aea2123870a6937

SHA256
1dff252a4f45c471b8fc81d5d1c94ac1ca918a2ec0725b875f088cb75b53a938

SHA512
9cdf1a067383086d7ea79fe145e84ae6be8b1e476dcc357416941c8839c46eafd496f865aa8c553df6ad61ea1afe00004cc3df22a395cbbd53f4b45423468b6b

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\English.ico

Filesize
1KB

MD5
1a25e199fb242d852a2bd217fd038bc1

SHA1
9276090831fb29e65b781624ccef3c2390014c5e

SHA256
668c3afced3f33fa016a3b1ff65715acb80823172493ded605633e937000b235

SHA512
347d5b00be749330f173b8566f6a80d905342c099d6e41afc856ea5f5837342e40a3a0e376bb50f62fe7f841a53aa04e93161d6053159324c51e7ff89decedbc

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\English.lng

Filesize
51KB

MD5
e89dffc6ef81076aa3d6c5f44b7a9ee6

SHA1
f93acb2fd61275a661072e991dd8d2d70da32f07

SHA256
793b6104102eafe70dc608eed2a9b5aa71faa19f068c8dd0339457f3ed3da31c

SHA512
0f99bfb3902dc2a4c94bd61e4e8249e2ab0bc1a1015a556f0aca3038858385c839e26a3c03b19c88bf9b8ed7d30f8ccb9f6f1bab851f935689ccdb4b8907b94d

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\French-H.ico

Filesize
1KB

MD5
76872d444ab4c1719b42cf5417f1105f

SHA1
a6a1a7e596dd4068e9960d30525e4589b79bd4f8

SHA256
82ea4ec8fbfe3cbd3cae19132d23455ee2bea3ab65f2eba353359f0a45183257

SHA512
4415de96db7510a01369d8357522e41676d0be3249f3f35c03553d100714ea2bb4181ce9c8c5fa0d87700060574cbed56c9e8867023716beb8aa23ba67b6ff5e

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\French.ico

Filesize
1KB

MD5
31593b847d0959e8cf06ce0d6e55a95f

SHA1
e9a160d5c941b64d4f27f563410e5974d8f4adeb

SHA256
86486cb827bc98405ccc888170a08eb0772a82a88c3408060c5d271358f27a00

SHA512
9c75add56ca25c473b00f4c4c87c2e12ddc3ab1c95eaf969ae3dedb81c3c5804a9a445d7507f7698833cf3b22f734b50091d1b47b7d8d3062d27d58924dc20ea

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\French.lng

Filesize
57KB

MD5
1eb77a05522e233582f3b5c0f8e7adc2

SHA1
6d9ca22c95112162f1d68917d14e22c49fd05ab5

SHA256
700a3566f97fa9881b340a7adf9883868bdc2e6ac6068c1ce9018860a533b01e

SHA512
77cd27845b29c729dafeaa821a3b8699c3a571af0fa0b8434671869e625f92c722d7f19bea967e7670a25f8e9ed498b08fb3e66cf4fc4016b71feaa9165bd14d

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\German-H.ico

Filesize
1KB

MD5
9c782f29599fa09859e1941a6539ede3

SHA1
62ac8a8edaf2be1ae5e552e662566f1ac7d5a4f7

SHA256
71d4e770225df363d73cb78cfdb7b4c12170e4c1ce88a51668d944e162cac55d

SHA512
d5f878471c1f1d48670051e8ec3ab0fa713b3bfea193e37ae4ac1179a78813d3710b0d1d208b994ded33dda21f88f99b803e445c800039457ae6dd2bef0e8250

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\German.ico

Filesize
1KB

MD5
aa8483bc62f65bc8f9d7a55f58d2b0bb

SHA1
31d4ed6f4922d18aa21bce30065fe218d5c66708

SHA256
6277806c8d03094a4f62ce8c7a2d93ba5d207eb8180300f8ab2b9375eb56bbe2

SHA512
bbc67477c76744ed761b2f6765559bc3cb63408ae93924dac085365ffa7a1d4eaa1efbab991be5629573a47e9a42c52e7b301271af4531ce7a89788efd481a6b

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\German.lng

Filesize
53KB

MD5
8d3658d1bbf7bd1bccb2d0dc3a866625

SHA1
b8119d0d0ebfdf334ee53dd25a5fd86a23207eb7

SHA256
14e9f290930517e935f25257244c8152ab1cff1a0298b211d2e9acffd823f48f

SHA512
43d2b29861d9a3db4243080b272e36b36f015662c07d6e1662e0c56d6e6f0ee38eb53196937171fc759e1848db69f047dc9015dabc3db34be4601eb12c8eaea5

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Polish-H.ico

Filesize
1KB

MD5
d4a2b48b3aa4bc93096ac3b5767e08d2

SHA1
46af87c4f45f4bc6766a89b535b3992248d56505

SHA256
d606afab07684101fbc4e6bfe5cf35e5c5ef55e24dc13e6bb44afd0fa39ca3ee

SHA512
e0172ed88675c51ddc2ac38f68eef02e55dc028aa6e9e33f606bd73293748e11b194a53f2ce2853681ae627a1f3a1b0b57fafc6f2343ab7bb1e412a681b749d1

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Polish.ico

Filesize
1KB

MD5
ad8bbac74c6010604a7bbd9e4df43688

SHA1
eb18b66c38b2a5ad5fe98177b677b4ed36c898aa

SHA256
5a98fc48378b8772579632706747d35d3f16c542fa5f0493b44100a0104eb559

SHA512
6df720edc81ce9af7e26028073219fcf3d8a503285bac95e9bbf2f6e7dd51e05624d72d9cd7bf670bc9c081ebf25dcde728ff7d21386d5a1d8330b1988527c56

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Polish.lng

Filesize
57KB

MD5
510bf502e1c75b32b93149b5fe4cad32

SHA1
87817f340c57a54c6afbbca340ebee1255b7d184

SHA256
9a4e8473fcf1a0a551ef9f03b260f751f27eb9f0384f23dc12c060daf6c1c2e0

SHA512
5985b2ac20e6a5495e9f1d8aff6cb460cac2042213a73c4477eb09c36c2141467bc7a8966330be22bea59212a32cca51307b49fd42d3a27bad8a338f08f175c3

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Russian-H.ico

Filesize
1KB

MD5
ee464ce2c72dc4a01afccf12b318ea23

SHA1
9cebc61498162ca4847519cdd0739f97399cd396

SHA256
596b46cdafb26774740466a73d4031813511db5840d2fe5c4d90284278a08d99

SHA512
0645f8d741feea1debe9b7ee484922499d44270783ba3d4d65232d7b6f2bb113cf4adb8278b78fb8dc725228fe21e912a2b8b228cb08d58015a537d4774e7a62

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Russian.ico

Filesize
1KB

MD5
ed0fa2d2cd41dbb442b010b4bd2cca9f

SHA1
783d3843a976bd91829398f9ccbfa5b98150023e

SHA256
7c24485ad1023a46521ed10a38ea762cd9c185aeed7dfd32a717d274606d8074

SHA512
4b2134844bfb56b9ba266f6687359117d5f0c0d5040213c025d906fab5ac8711a09673bdac342c59bfd1bb0fc8294c5a4f97cbc29567bd2c52b90dbabddc1d3b

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Russian.lng

Filesize
55KB

MD5
c9e1ab651d7b4224dda2f0ab26cb6ea4

SHA1
f20014009b702b0394542e1a783543c45f3848e5

SHA256
1344db026c57382d39bd9d70ca19c8061ed6bc030993957c8062593b70fd36d7

SHA512
48d290c098dcc2e5f14c72527b2a9ea9982a762c4c8e01deb4862d596df0c695d2eb1e24dc0a0a87fed7d5e31330c61a5adbe06193e4b0ac772a3cd5d68caae0

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Spanish-H.ico

Filesize
1KB

MD5
959a045dcfc52077692f0d091db9054d

SHA1
ecd119a1e382f059bb9b04e37222ac3257272994

SHA256
73fca4e5f38e65f21b2b7251231178e64ce8cb288044d064e176965a1b4dc699

SHA512
022939b3cf3bc0555b190ea61b7594fe24f87cce44ce371f081d67202fe085e19a550898a4372bf8cca0d492a9ec837ff3a9d680998d2d5b35c26a5b0f042a98

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Spanish.ico

Filesize
1KB

MD5
603afd32d12ed4bdc1bdfbb11040f271

SHA1
ac68f01be1f873330333ccacebd8079e2a72adfc

SHA256
9eb18c0dacb6e60abdf315b853fd6c9db8968ced959b7d31d1dcbc80b561bfb6

SHA512
b93869f43ae9cd0c1cac0d21b588527a3f93eeaf972ecf1f6d167f36d5f8e3d677daee6db0e1d409294e939cc8f2be2c65f4c0fbd5ca5918a09b01571a630c33

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Spanish.lng

Filesize
55KB

MD5
e823235f336b6a582f4ac01a37d02f28

SHA1
00432df7a112aaadc5f0bdf0d6d1e08cbd0a24b9

SHA256
64fa7bea1e6ff8edb8b7b1b153919ac85a727e70ed16525cbbaa3083d1285cc1

SHA512
1906fcee08ab24ce108d246f7a969694cf85096b97dd662b5dc62e8ec42a8af108c5a737c7ba81fd6a34ae5c45375dac55f8da690da0fa6098b3a0b5ebf70c51

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Turkish-H.ico

Filesize
1KB

MD5
397c2b2e3b51a18e30f2dc89033cad0e

SHA1
7fa57dd3a500786ef134a784bdc4db1f63c084b3

SHA256
a55d201a33dac742a6822d01e61290f5ebd62972357d667387f10a53d72f59e3

SHA512
f0fa91cb28bcd5c78a900c5e19ac9a43536ade1e3eed5cb5fccbfb771600d50f0296888dd04f952507a609658a4c32ce92b55b71816688bc2e5ca483a845de78

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Turkish.ico

Filesize
1KB

MD5
cdf8c6bbf47aa67eaebcef92831cfb93

SHA1
ee98003799fd442e70fc5113963bf3f57c91d3e7

SHA256
6b8927d0ebc38f068dd9cb77d2ac25eb5204978af5b5d704d8efc0347ff68c8b

SHA512
d40b10b7a43c5cff6bf5e8baf2eab588b3fd624cbc38ceab27442d2a19a6f5b0246aa08ba3e40b02ee90f6e0b4a3a5e9994aa290ef7f950925bfda675a332ca5

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Turkish.lng

Filesize
50KB

MD5
0a3e015d0cca8a08681b18aab0dbd67f

SHA1
c42d98949471a156643922781d60c7fe60d47330

SHA256
a187afe5fa6b96b12d652cfdbe3e794a99611ab0a9031a1d45d6d0d1c727a898

SHA512
a4a07e6709d39fa89bccd1a7124522505b71abbab47562b339fdc17940154bc172366cf4b19c9a11253ac0b3fa496d0b06cd0438a250ccce42deed7abe1cf34d

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Ukrainian-H.ico

Filesize
1KB

MD5
bd34f886dd0e713843d66cfcd98077d7

SHA1
da7851fb81ad20ff81932de5b93f00015e9cb5d5

SHA256
23f586fa16d554822a5aa76b1cad46fa41d8e14cf82678444fbe99f5123d4cae

SHA512
c1d3f9ca95180d2e1eb8bce77f4447414bbdd938402186078c8acfdd72de419c5137bf477e80fa9c3eee43c0c27787dae19ec52cca1f371cfdd705e11971277c

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Ukrainian.ico

Filesize
1KB

MD5
131e22667b0d34d3dbf668c22baac5a2

SHA1
951630a3f4f9711cf34d30ff510f4c0d17f3c2c3

SHA256
5e3f5bbc477f138bc4729a72074fa9e028b96c0764ca8e010a6107ca16fc669c

SHA512
464ddfe3598fc675f938b2bb5c6ef2be228e0e22973b7042ebe5882520fa998dc47f5f7d477e4f66567a08ade0c71d93ed74f355b337e393ba18c6b869b6f248

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Ukrainian.lng

Filesize
54KB

MD5
7c9a627eb332759b81d41f7e40053ff6

SHA1
9d1568fc57bd016864c253f04f581f1a4a28e5ea

SHA256
ee8c8b69f362587e792fe86a63f8b7502393164bbb7c4db3f3993493af3660ad

SHA512
9cb6a3834b274319474a266ac7eedca614af37026d75e1e71fed9c60edb6f2378235e79f165f41c590816bcc1b83b2f4e41d373e9735e52555e10625ea5a529f

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\libwlp-20.dll

Filesize
19KB

MD5
fa847fa54c646c39fcf8e58c6fdcb46f

SHA1
d052ac0346c77be6d87c2da668543c63d3307036

SHA256
a15614de6f933f1941dbbb57641900439c02b3a90c40e409e32cae5c04426378

SHA512
3dca61429b7572d3106d095cea128b8b0bb8c685f0251b5920c8d69d828d33f90d507ba62033ab29cb8bb2d46e8574d0b52c7dba8181c2fa98ed304a8ed80cb2

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\libwlp-20.dll

Filesize
19KB

MD5
fa847fa54c646c39fcf8e58c6fdcb46f

SHA1
d052ac0346c77be6d87c2da668543c63d3307036

SHA256
a15614de6f933f1941dbbb57641900439c02b3a90c40e409e32cae5c04426378

SHA512
3dca61429b7572d3106d095cea128b8b0bb8c685f0251b5920c8d69d828d33f90d507ba62033ab29cb8bb2d46e8574d0b52c7dba8181c2fa98ed304a8ed80cb2

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\msvcp140.dll

Filesize
428KB

MD5
fdd04dbbcf321eee5f4dd67266f476b0

SHA1
65ffdfe2664a29a41fcf5039229ccecad5b825b9

SHA256
21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794

SHA512
04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\page

Filesize
1.3MB

MD5
bc23ffe164676054ce5e5314abeaf11a

SHA1
eebc94229ce1b1a51d4dc96399d1ebda0b52b075

SHA256
dc36a03e536fbc03b4a89caa83435ec57fd021386341b53e23b56b359d988ab0

SHA512
78262e6a18988981e8a4f82fbf84e00d9058480912947851c5491a822f8f3c27a3345acf37bc2aeff514251024a1304fba087cf63f699b99af0299e9b0b26cdf

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\srkey.ico

Filesize
23KB

MD5
82dc896b02d0657d99267ff4b75c816a

SHA1
dd2dc205f09e2edeebb49d3ba0943e3f4cfdcdad

SHA256
d53b3e723e6243543df5ae36eec85cf9470e32572409ec9cd1f2edd0b05479b5

SHA512
42dac91fe6e2767a70956aec8fb9734f8c3b8dc1db36a4cb8f6ef17e000482254083e01e9b1d7816a865291e0376f8a0a7fc126143b3a16f412604527404a2c3

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\tak_deco_lib.dll

Filesize
127KB

MD5
f0bf722006ebf17f9a194e892ba2bf37

SHA1
a483e46857f29e98535a992438006c962e0404e5

SHA256
a737f6f613c161938ef4c795fb0cf1a0a7bf7e1539cefebc030fc36ac37bf0af

SHA512
47e4113ef649539db6b7ba52106477ac415fafcc0fad5b9a92575d18d110d1fd21e906cecf2546ddc20ef554e09f3da418a5066b70b31dc1360e555eb2cbd0e4

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\tak_deco_lib.dll

Filesize
127KB

MD5
f0bf722006ebf17f9a194e892ba2bf37

SHA1
a483e46857f29e98535a992438006c962e0404e5

SHA256
a737f6f613c161938ef4c795fb0cf1a0a7bf7e1539cefebc030fc36ac37bf0af

SHA512
47e4113ef649539db6b7ba52106477ac415fafcc0fad5b9a92575d18d110d1fd21e906cecf2546ddc20ef554e09f3da418a5066b70b31dc1360e555eb2cbd0e4

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\tak_deco_lib.dll

Filesize
127KB

MD5
f0bf722006ebf17f9a194e892ba2bf37

SHA1
a483e46857f29e98535a992438006c962e0404e5

SHA256
a737f6f613c161938ef4c795fb0cf1a0a7bf7e1539cefebc030fc36ac37bf0af

SHA512
47e4113ef649539db6b7ba52106477ac415fafcc0fad5b9a92575d18d110d1fd21e906cecf2546ddc20ef554e09f3da418a5066b70b31dc1360e555eb2cbd0e4

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\vcruntime140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\vcruntime140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
\??\c:\users\admin\appdata\roaming\strong recovery master\mp3tag.exe

Filesize
8.6MB

MD5
92c1655770e49b1dc19359ea1f02e780

SHA1
16b459328f086dd988bfb2b45288d32652400301

SHA256
bf9a506f8c9409fe9609c9590477fdb5cbd185c7b76344260a2494ec064feb28

SHA512
b5e7d6eb435411449402840161d47ec17a6d7f24853e3536d0619dfec5b5fead9de9336560a434735c343e2d96f22d97b9be6c5a52e708c97ced6999808946f6

Download Submit
memory/2716-147-0x0000000000D30000-0x0000000000D55000-memory.dmp

Filesize
148KB

Download
memory/2716-202-0x0000000009E20000-0x0000000009E97000-memory.dmp

Filesize
476KB

Download
memory/2716-201-0x0000000009E20000-0x0000000009E97000-memory.dmp

Filesize
476KB

Download
memory/2716-151-0x0000000000D30000-0x0000000000D55000-memory.dmp

Filesize
148KB

Download
memory/2716-200-0x00000000060E0000-0x00000000098E0000-memory.dmp

Filesize
56.0MB

Download
memory/2716-159-0x0000000003330000-0x00000000033C9000-memory.dmp

Filesize
612KB

Download
memory/3108-136-0x0000000000400000-0x00000000004E6000-memory.dmp

Filesize
920KB

Download
memory/3108-138-0x0000000000400000-0x00000000004E6000-memory.dmp

Filesize
920KB

Download
memory/3108-158-0x0000000000400000-0x00000000004E6000-memory.dmp

Filesize
920KB

Download
memory/4524-134-0x0000000000400000-0x00000000004E6000-memory.dmp

Filesize
920KB

Download
memory/4524-139-0x0000000000400000-0x00000000004E6000-memory.dmp

Filesize
920KB

Download
memory/4524-130-0x0000000000400000-0x00000000004E6000-memory.dmp

Filesize
920KB

Download