babadeda | 5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540

Resubmissions

11-09-2022 22:54

220911-2vyl6acda9 10

11-09-2022 22:42

220911-2mpdhscch2 10

Analysis

max time kernel
141s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11-09-2022 22:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Size

24.0MB
MD5

7f9d539908b7af9249a0ee04f6033368
SHA1

476412ff81e197c7d024fc68097391e701cb4eab
SHA256

5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540
SHA512

857bdfc278464129c2b4abfaa4d5ada3ba79c068015caf324a0f99a1694fdf0ce983ac35b10e08edd760a62611442c946e3c65cceb9ace0406e848630d720c00
SSDEEP

393216:MHVeiu9W4kene3OsJ+FJ9bJVyurr5i/t8i83tHxM4N14VOfTHQGSEFW2lJNt41:MHwiu9W4AesJ+VtV9yep9HxMK4VOfTH+

Score

10^/10

babadeda crypter loader

Malware Config

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 1 IoCs

resource	yara_rule
behavioral2/files/0x00060000000226e2-180.dat	family_babadeda

Executes dropped EXE 1 IoCs

pid	Process
3524	thunderbird.exe

Loads dropped DLL 23 IoCs

pid	Process
4292	MsiExec.exe
1480	MsiExec.exe
1480	MsiExec.exe
1480	MsiExec.exe
1480	MsiExec.exe
1480	MsiExec.exe
3524	thunderbird.exe
3524	thunderbird.exe
3524	thunderbird.exe
3524	thunderbird.exe
3524	thunderbird.exe
3524	thunderbird.exe
3524	thunderbird.exe
3524	thunderbird.exe
3524	thunderbird.exe
3524	thunderbird.exe
3524	thunderbird.exe
3524	thunderbird.exe
3524	thunderbird.exe
3524	thunderbird.exe
3524	thunderbird.exe
3524	thunderbird.exe
3524	thunderbird.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\K:	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
File opened (read-only)	\??\S:	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\I:	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
File opened (read-only)	\??\T:	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
File opened (read-only)	\??\N:	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
File opened (read-only)	\??\U:	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
File opened (read-only)	\??\X:	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\R:	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\Q:	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\J:	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
File opened (read-only)	\??\Y:	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\L:	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
File opened (read-only)	\??\P:	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
File opened (read-only)	\??\Z:	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\M:	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\G:	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
File opened (read-only)	\??\O:	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
File opened (read-only)	\??\V:	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
File opened (read-only)	\??\W:	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\B:	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe

Drops file in Windows directory 12 IoCs

description	ioc	Process
File created	C:\Windows\Installer\e5673ae.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI74D7.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7602.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{43CF10D0-BACA-490D-937B-3BFD3E5F261F}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7C9C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5673ae.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7555.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7670.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI772D.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4928	msiexec.exe
4928	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	4928	msiexec.exe
Token: SeCreateTokenPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeAssignPrimaryTokenPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeLockMemoryPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeIncreaseQuotaPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeMachineAccountPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeTcbPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeSecurityPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeTakeOwnershipPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeLoadDriverPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeSystemProfilePrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeSystemtimePrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeProfSingleProcessPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeIncBasePriorityPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeCreatePagefilePrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeCreatePermanentPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeBackupPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeRestorePrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeShutdownPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeDebugPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeAuditPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeSystemEnvironmentPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeChangeNotifyPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeRemoteShutdownPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeUndockPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeSyncAgentPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeEnableDelegationPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeManageVolumePrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeImpersonatePrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeCreateGlobalPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeCreateTokenPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeAssignPrimaryTokenPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeLockMemoryPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeIncreaseQuotaPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeMachineAccountPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeTcbPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeSecurityPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeTakeOwnershipPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeLoadDriverPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeSystemProfilePrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeSystemtimePrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeProfSingleProcessPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeIncBasePriorityPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeCreatePagefilePrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeCreatePermanentPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeBackupPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeRestorePrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeShutdownPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeDebugPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeAuditPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeSystemEnvironmentPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeChangeNotifyPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeRemoteShutdownPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeUndockPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeSyncAgentPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeEnableDelegationPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeManageVolumePrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeImpersonatePrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeCreateGlobalPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeCreateTokenPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeAssignPrimaryTokenPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeLockMemoryPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeIncreaseQuotaPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
Token: SeMachineAccountPrivilege	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
4196	msiexec.exe
4196	msiexec.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 4928 wrote to memory of 4292	4928	msiexec.exe	84
PID 4928 wrote to memory of 4292	4928	msiexec.exe	84
PID 4928 wrote to memory of 4292	4928	msiexec.exe	84
PID 4552 wrote to memory of 4196	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe	85
PID 4552 wrote to memory of 4196	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe	85
PID 4552 wrote to memory of 4196	4552	5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe	85
PID 4928 wrote to memory of 1480	4928	msiexec.exe	86
PID 4928 wrote to memory of 1480	4928	msiexec.exe	86
PID 4928 wrote to memory of 1480	4928	msiexec.exe	86
PID 4928 wrote to memory of 3524	4928	msiexec.exe	91
PID 4928 wrote to memory of 3524	4928	msiexec.exe	91
PID 4928 wrote to memory of 3524	4928	msiexec.exe	91

C:\Users\Admin\AppData\Local\Temp\5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe
"C:\Users\Admin\AppData\Local\Temp\5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe"
1⤵
- Enumerates connected drives
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4552
- C:\Windows\SysWOW64\msiexec.exe
  "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Sysprogs\GDB Local Manager 3.30.13.1\install\GDBLocaManager-Setup.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\5f1f685f5e54bdf5cd5df850269613fe33807978eb17bd971dbd30b74ed1f540.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1662703562 " AI_EUIMSI=""
  2⤵
  - Enumerates connected drives
  - Suspicious use of FindShellTrayWindow
  PID:4196

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding FDACD35F8FD16FA905634C11F1F96A89 C
  2⤵
  - Loads dropped DLL
  PID:4292
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding E79C693A36B50E6D160B56FDF2DED74F
  2⤵
  - Loads dropped DLL
  PID:1480
- C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\thunderbird.exe
  "C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\thunderbird.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3524

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\MSVCP140.dll

Filesize
428KB

MD5
fdd04dbbcf321eee5f4dd67266f476b0

SHA1
65ffdfe2664a29a41fcf5039229ccecad5b825b9

SHA256
21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794

SHA512
04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\VCRUNTIME140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\blend2d.dll

Filesize
1.3MB

MD5
27288ee5541ca1f2b9b19139ed4e9d84

SHA1
5c6c8cacc363f6d2cc1ce4421b06e45c6e6202ed

SHA256
afbdb370f738500773d98aa638206e4892ebbbbab1adffd2a6a146a40bc14733

SHA512
3861434bc8cbc09fecc3b14b36355f667c6232354253915ed79d89fccca963aaa694600f41e5a739acab3ae1cc4ec9feceda9dc195b3b3e3247edd37c602f285

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\blend2d.dll

Filesize
1.3MB

MD5
27288ee5541ca1f2b9b19139ed4e9d84

SHA1
5c6c8cacc363f6d2cc1ce4421b06e45c6e6202ed

SHA256
afbdb370f738500773d98aa638206e4892ebbbbab1adffd2a6a146a40bc14733

SHA512
3861434bc8cbc09fecc3b14b36355f667c6232354253915ed79d89fccca963aaa694600f41e5a739acab3ae1cc4ec9feceda9dc195b3b3e3247edd37c602f285

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\brotlicommon.dll

Filesize
132KB

MD5
0e868ec6a67e491d43ca20ed71c8345d

SHA1
b45397b8bafa891a04476f7ffa55fb5bba0e57b9

SHA256
441039fe954cfb6e3545aeca5d5750b7e3322eb9efc633508cca1dbefb26b24b

SHA512
45e6588671c65ef5eb39abd5f6db790bf1bc8414bfa9073cc9cbbd2bdcd6b9f82a4c6ba47a059521836c34c0504b86b6aa51a19a12317084459d6a6c544829b0

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\brotlicommon.dll

Filesize
132KB

MD5
0e868ec6a67e491d43ca20ed71c8345d

SHA1
b45397b8bafa891a04476f7ffa55fb5bba0e57b9

SHA256
441039fe954cfb6e3545aeca5d5750b7e3322eb9efc633508cca1dbefb26b24b

SHA512
45e6588671c65ef5eb39abd5f6db790bf1bc8414bfa9073cc9cbbd2bdcd6b9f82a4c6ba47a059521836c34c0504b86b6aa51a19a12317084459d6a6c544829b0

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\brotlidec.dll

Filesize
42KB

MD5
1616310c08ec85ab5f0437fbf82faf84

SHA1
c65cb7266cd21f45728097009147596ca08c0a73

SHA256
d9fce48811df001c7f8fe60361f1ea270fc37df7aa73a06a853fd102317cf49d

SHA512
ddb8a547367cb40d29a5b3ae54edeb157a707d21993b4cbf5f83617d50795fe8c5235e1afe850515f5b3ddd286c5bd704c7a2fec14f5eb6998d4719e79bf9a85

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\brotlidec.dll

Filesize
42KB

MD5
1616310c08ec85ab5f0437fbf82faf84

SHA1
c65cb7266cd21f45728097009147596ca08c0a73

SHA256
d9fce48811df001c7f8fe60361f1ea270fc37df7aa73a06a853fd102317cf49d

SHA512
ddb8a547367cb40d29a5b3ae54edeb157a707d21993b4cbf5f83617d50795fe8c5235e1afe850515f5b3ddd286c5bd704c7a2fec14f5eb6998d4719e79bf9a85

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\bz2.dll

Filesize
63KB

MD5
37b38a8e9fbc70f3ed962e5720795a04

SHA1
171692daf0a136154edde6e22c791d238ae8c1d0

SHA256
f004cd4113a8d832fc4a57f0e28a9001c2fddf67b3544590dd36d0f60d0cef8c

SHA512
9d34222337bf50122c613f2132346b7dca0df51990921ff0c7372463f0be69a441eab18122c02e1a94c8fcaa71b533dd477282d74dbc769fb490f4d46aba2607

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\bz2.dll

Filesize
63KB

MD5
37b38a8e9fbc70f3ed962e5720795a04

SHA1
171692daf0a136154edde6e22c791d238ae8c1d0

SHA256
f004cd4113a8d832fc4a57f0e28a9001c2fddf67b3544590dd36d0f60d0cef8c

SHA512
9d34222337bf50122c613f2132346b7dca0df51990921ff0c7372463f0be69a441eab18122c02e1a94c8fcaa71b533dd477282d74dbc769fb490f4d46aba2607

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\dependentlibs.list

Filesize
446B

MD5
c35d2da6df0f7abb4d0bd534c5d5b6b0

SHA1
a4da4ca15d97746796412c2bad3fc8fbea716869

SHA256
ce638d544efe50176888e17bfbf78f118dc733ce5c2fee2eb66436ba96341345

SHA512
d27f58fb344b2303db2f4a48a153c9f11eec1663020ba8b5b973fd001c4a8c27c11e29a54b6d1913888b4ddf376aa7f45c8218378abe39a64ebdae4feb6b25cc

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\freetype.dll

Filesize
554KB

MD5
839c270a8ba5444eebddd293c61e6333

SHA1
0fcfab6030a91c722aebea4bfd1bcbe2138c71f9

SHA256
ac40311bc17fc9eaf16f4aaf08c07d8a256e07aa4af081c9db9b552b56119e6e

SHA512
d34c0f4fcd77c70fa131af3ca19ed82a1d991f599ef8bf69295be25618a0c94af859a67cd80d4893ce105559a432202281ea2ee67af352878c69f8438a1e48cd

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\freetype.dll

Filesize
554KB

MD5
839c270a8ba5444eebddd293c61e6333

SHA1
0fcfab6030a91c722aebea4bfd1bcbe2138c71f9

SHA256
ac40311bc17fc9eaf16f4aaf08c07d8a256e07aa4af081c9db9b552b56119e6e

SHA512
d34c0f4fcd77c70fa131af3ca19ed82a1d991f599ef8bf69295be25618a0c94af859a67cd80d4893ce105559a432202281ea2ee67af352878c69f8438a1e48cd

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\lgpllibs.dll

Filesize
41KB

MD5
9616551bf5d32b5f09a05c42bfd944bf

SHA1
4d9310aea5fb156cb58633baff315164d68661be

SHA256
dc204fb1e134ae1600aa60e4fbd8a23fdb9d7ec906f5196ac7f739b8429b2722

SHA512
30b18d5ca4e3e9906f3ce519ad07bcb093ff814a7ab437e8626a968e83a93af26f131cd96abe1fedd8db229e4053d688629985c9b490925f94a0bbf9a6889fe7

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\lgpllibs.dll

Filesize
41KB

MD5
9616551bf5d32b5f09a05c42bfd944bf

SHA1
4d9310aea5fb156cb58633baff315164d68661be

SHA256
dc204fb1e134ae1600aa60e4fbd8a23fdb9d7ec906f5196ac7f739b8429b2722

SHA512
30b18d5ca4e3e9906f3ce519ad07bcb093ff814a7ab437e8626a968e83a93af26f131cd96abe1fedd8db229e4053d688629985c9b490925f94a0bbf9a6889fe7

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\libcm30.dll

Filesize
324.4MB

MD5
51b7c81cdab6bf70041d1e6f468d4447

SHA1
89d7d5b35c1b97f8446c36532bf78cc6692ef9aa

SHA256
711a14d5e7de32a1f7dc43b20560e7ff440d831027210563bfd1cb34702aada6

SHA512
88cc73993268e377799b1385844dd58d7165fa942ea34492857ab2081cfddfd8c932eccfd7b1eb9989c36f427ce0816efc3035c646c9b1447a3e6aa7db953856

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\libcm30.dll

Filesize
324.4MB

MD5
51b7c81cdab6bf70041d1e6f468d4447

SHA1
89d7d5b35c1b97f8446c36532bf78cc6692ef9aa

SHA256
711a14d5e7de32a1f7dc43b20560e7ff440d831027210563bfd1cb34702aada6

SHA512
88cc73993268e377799b1385844dd58d7165fa942ea34492857ab2081cfddfd8c932eccfd7b1eb9989c36f427ce0816efc3035c646c9b1447a3e6aa7db953856

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\libpng16.dll

Filesize
162KB

MD5
8bb4c17afdeadb4c81da2f407dcb9809

SHA1
ce2bb6eddedf31e9dee7e43d4535250da442e852

SHA256
1ceae383d27ef1b45d19f7bff2ab8fe02d553c861342ac8c2d6a32f9a6c1b825

SHA512
b944a4b1e0e9a3b5418169429810c8933910bcdfe13b87d01027d0a4786ca7ddd44b4540da07a09b9a56a196f7681d31a878b72766991fa3dddc5221bfee82bd

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\libpng16.dll

Filesize
162KB

MD5
8bb4c17afdeadb4c81da2f407dcb9809

SHA1
ce2bb6eddedf31e9dee7e43d4535250da442e852

SHA256
1ceae383d27ef1b45d19f7bff2ab8fe02d553c861342ac8c2d6a32f9a6c1b825

SHA512
b944a4b1e0e9a3b5418169429810c8933910bcdfe13b87d01027d0a4786ca7ddd44b4540da07a09b9a56a196f7681d31a878b72766991fa3dddc5221bfee82bd

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\mozglue.dll

Filesize
603KB

MD5
3db516a28e6f57f03f211a97f37f7d40

SHA1
2e11e182425bf400d060e372a411f0d122012625

SHA256
2cca9bce657a80e3714fdcd2bb4d318b932bb4e967e2efd49c553954665e2bad

SHA512
760e8dca2b8160708d5c55781a6c1a9e4835976e240aeac6d842ccf8544fc00cd0be7908dd14a60597051622d61eee3696c10332198b655c697be74a71686e01

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\mozglue.dll

Filesize
603KB

MD5
3db516a28e6f57f03f211a97f37f7d40

SHA1
2e11e182425bf400d060e372a411f0d122012625

SHA256
2cca9bce657a80e3714fdcd2bb4d318b932bb4e967e2efd49c553954665e2bad

SHA512
760e8dca2b8160708d5c55781a6c1a9e4835976e240aeac6d842ccf8544fc00cd0be7908dd14a60597051622d61eee3696c10332198b655c697be74a71686e01

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\msvcp140.dll

Filesize
428KB

MD5
fdd04dbbcf321eee5f4dd67266f476b0

SHA1
65ffdfe2664a29a41fcf5039229ccecad5b825b9

SHA256
21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794

SHA512
04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\nss3.dll

Filesize
2.2MB

MD5
c21fbee0e891e185c3f861ef4cee648c

SHA1
1265d1ee99745428d15ab4ee203b33a2d19b509e

SHA256
f0dc4d5d21450922d7fa87b5fb6972d8b33d406e8efc56360d7870dc50b48c2b

SHA512
92ae80205fbebd4ced39d126e0f283460ad82b0e7bdd38b2300c3f90066a29ba3cebefec048c6502af9bdca86313487beedc4069c0400bb5db99e17b6c163e93

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\nss3.dll

Filesize
2.2MB

MD5
c21fbee0e891e185c3f861ef4cee648c

SHA1
1265d1ee99745428d15ab4ee203b33a2d19b509e

SHA256
f0dc4d5d21450922d7fa87b5fb6972d8b33d406e8efc56360d7870dc50b48c2b

SHA512
92ae80205fbebd4ced39d126e0f283460ad82b0e7bdd38b2300c3f90066a29ba3cebefec048c6502af9bdca86313487beedc4069c0400bb5db99e17b6c163e93

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\page

Filesize
1.8MB

MD5
b62c77b57a90c8f45749f5f425ebb5df

SHA1
bcd53bb0c06f7f534e59d68ff7e1ec428ab56773

SHA256
8ced96cdc844c69a869e9db09c0f461e4e1dc8f89213c5bdcaa45a9ae3c4d887

SHA512
ccddd03b14c496e675c7bb0bed919256eda2fee1e3a9c7131c1a831ecdbea14c2d01a57be092735c3c5a1bed1df1b30cee2d74b6779bde859498f21243da36d3

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\sqlite3.dll

Filesize
771KB

MD5
b786b64448ef03245735b099d95f9788

SHA1
d222e2ad8763056ffad755be405b62b9c692079c

SHA256
c8101feaec9e0abaae417c915e3f545b7e394c9287e3c8548e1c3684e461def8

SHA512
2b40aeff70feb6857b586b8f77d27fc7591f6b4e87a6281c09625aad0cc97fd965c35b41b4a0060ff5ed622f30830ba4a4e08c074776b198e78efe4b38222537

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\sqlite3.dll

Filesize
771KB

MD5
b786b64448ef03245735b099d95f9788

SHA1
d222e2ad8763056ffad755be405b62b9c692079c

SHA256
c8101feaec9e0abaae417c915e3f545b7e394c9287e3c8548e1c3684e461def8

SHA512
2b40aeff70feb6857b586b8f77d27fc7591f6b4e87a6281c09625aad0cc97fd965c35b41b4a0060ff5ed622f30830ba4a4e08c074776b198e78efe4b38222537

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\thunderbird.exe

Filesize
352KB

MD5
7238412641bb82a88845c355c363e897

SHA1
5a64f26adf8078941d7218b247e5728161864486

SHA256
e5bbc723a99815cf321ae9bf30f9fce147132c1a1410447d4e9c8da829eedd1c

SHA512
97e1304880d8137a9086b5f6d7b8834630d27a0babe552077324c3a04007de669eb314568ad9aea4e497f0910f686a740c9a5b97b5bbf768d774fa023a6f07e2

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\vcruntime140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\vcruntime140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\vcruntime140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\zlib1.dll

Filesize
76KB

MD5
0ac2236d42d8ced5dbd181bf19637783

SHA1
59e317e893831615b7d338f3c328de42c3a04f2d

SHA256
59281018c70bfec371d593d4bd005f8c52c8a3440d96fdf28ad4881bf3c4d78f

SHA512
3c71c2f83110e51c44a6c79efd83490bbc93f022a937d6759cfed103fc250b46a7d895df5d880247381a74642ab8eb6497463202b455f1935d28b24ae0389183

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\zlib1.dll

Filesize
76KB

MD5
0ac2236d42d8ced5dbd181bf19637783

SHA1
59e317e893831615b7d338f3c328de42c3a04f2d

SHA256
59281018c70bfec371d593d4bd005f8c52c8a3440d96fdf28ad4881bf3c4d78f

SHA512
3c71c2f83110e51c44a6c79efd83490bbc93f022a937d6759cfed103fc250b46a7d895df5d880247381a74642ab8eb6497463202b455f1935d28b24ae0389183

Download Submit
C:\Users\Admin\AppData\Local\GDB Local Manager\GDB Local Manager\zlib1.dll

Filesize
76KB

MD5
0ac2236d42d8ced5dbd181bf19637783

SHA1
59e317e893831615b7d338f3c328de42c3a04f2d

SHA256
59281018c70bfec371d593d4bd005f8c52c8a3440d96fdf28ad4881bf3c4d78f

SHA512
3c71c2f83110e51c44a6c79efd83490bbc93f022a937d6759cfed103fc250b46a7d895df5d880247381a74642ab8eb6497463202b455f1935d28b24ae0389183

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI7092.tmp

Filesize
550KB

MD5
8259dc74965f3c8e91d152862580a773

SHA1
d2d029f9f9be25be3c5526c5a52449c034c673e1

SHA256
84f8a39d32775639bb3f8875b8e871e0e2344f2a96c52ab6660e65d5c33fd7f9

SHA512
50903688a44609700a84bfb18859b038ebb9ea69d142b1fc23d7bc639879e8be469dab23de777bba8265eb4da8ca7614747f2559034339061236ea7e2b5fd6d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI7092.tmp

Filesize
550KB

MD5
8259dc74965f3c8e91d152862580a773

SHA1
d2d029f9f9be25be3c5526c5a52449c034c673e1

SHA256
84f8a39d32775639bb3f8875b8e871e0e2344f2a96c52ab6660e65d5c33fd7f9

SHA512
50903688a44609700a84bfb18859b038ebb9ea69d142b1fc23d7bc639879e8be469dab23de777bba8265eb4da8ca7614747f2559034339061236ea7e2b5fd6d0

Download Submit
C:\Users\Admin\AppData\Roaming\Sysprogs\GDB Local Manager 3.30.13.1\install\GDBLocaManager-Setup.msi

Filesize
1.6MB

MD5
a5b2f65852ef66ab08961b7cd41cf92a

SHA1
0b94b76bf201cf343bb126bb34eb94002c302c1f

SHA256
b59c1fdb082c427dcfef051727769617171f18a1d2a7472e2a6f7b4e4dcf503e

SHA512
52559994dd27e31729ce08edacc3f52edc40f73a893f6a4ebd517088a5cd1b031c1387af5d36df2f3c918812a942518a0ac30935d113ba553c9061705182d7f1

Download Submit
C:\Users\Admin\AppData\Roaming\Sysprogs\GDB Local Manager 3.30.13.1\install\GDBLocaManager-Setup1.cab

Filesize
18.7MB

MD5
02098bf05653ddf42b5599a98b6975cb

SHA1
5bbc4909bd77f37240957f36be8ad79224977878

SHA256
a3dd2effad9ba6b52ada57bcee8c35f592c6ce9a3d998a79059935a2ba0cd094

SHA512
065a6004fede92a954f7021b3ebf49b8a25e11f5580a5f62100a085b1fd070b6fe7c649f4845b4ac394f3f6da898fff35d815885eb5144e60c25665e7f5f848b

Download Submit
C:\Windows\Installer\MSI74D7.tmp

Filesize
550KB

MD5
8259dc74965f3c8e91d152862580a773

SHA1
d2d029f9f9be25be3c5526c5a52449c034c673e1

SHA256
84f8a39d32775639bb3f8875b8e871e0e2344f2a96c52ab6660e65d5c33fd7f9

SHA512
50903688a44609700a84bfb18859b038ebb9ea69d142b1fc23d7bc639879e8be469dab23de777bba8265eb4da8ca7614747f2559034339061236ea7e2b5fd6d0

Download Submit
C:\Windows\Installer\MSI74D7.tmp

Filesize
550KB

MD5
8259dc74965f3c8e91d152862580a773

SHA1
d2d029f9f9be25be3c5526c5a52449c034c673e1

SHA256
84f8a39d32775639bb3f8875b8e871e0e2344f2a96c52ab6660e65d5c33fd7f9

SHA512
50903688a44609700a84bfb18859b038ebb9ea69d142b1fc23d7bc639879e8be469dab23de777bba8265eb4da8ca7614747f2559034339061236ea7e2b5fd6d0

Download Submit
C:\Windows\Installer\MSI7555.tmp

Filesize
550KB

MD5
8259dc74965f3c8e91d152862580a773

SHA1
d2d029f9f9be25be3c5526c5a52449c034c673e1

SHA256
84f8a39d32775639bb3f8875b8e871e0e2344f2a96c52ab6660e65d5c33fd7f9

SHA512
50903688a44609700a84bfb18859b038ebb9ea69d142b1fc23d7bc639879e8be469dab23de777bba8265eb4da8ca7614747f2559034339061236ea7e2b5fd6d0

Download Submit
C:\Windows\Installer\MSI7555.tmp

Filesize
550KB

MD5
8259dc74965f3c8e91d152862580a773

SHA1
d2d029f9f9be25be3c5526c5a52449c034c673e1

SHA256
84f8a39d32775639bb3f8875b8e871e0e2344f2a96c52ab6660e65d5c33fd7f9

SHA512
50903688a44609700a84bfb18859b038ebb9ea69d142b1fc23d7bc639879e8be469dab23de777bba8265eb4da8ca7614747f2559034339061236ea7e2b5fd6d0

Download Submit
C:\Windows\Installer\MSI7602.tmp

Filesize
550KB

MD5
8259dc74965f3c8e91d152862580a773

SHA1
d2d029f9f9be25be3c5526c5a52449c034c673e1

SHA256
84f8a39d32775639bb3f8875b8e871e0e2344f2a96c52ab6660e65d5c33fd7f9

SHA512
50903688a44609700a84bfb18859b038ebb9ea69d142b1fc23d7bc639879e8be469dab23de777bba8265eb4da8ca7614747f2559034339061236ea7e2b5fd6d0

Download Submit
C:\Windows\Installer\MSI7602.tmp

Filesize
550KB

MD5
8259dc74965f3c8e91d152862580a773

SHA1
d2d029f9f9be25be3c5526c5a52449c034c673e1

SHA256
84f8a39d32775639bb3f8875b8e871e0e2344f2a96c52ab6660e65d5c33fd7f9

SHA512
50903688a44609700a84bfb18859b038ebb9ea69d142b1fc23d7bc639879e8be469dab23de777bba8265eb4da8ca7614747f2559034339061236ea7e2b5fd6d0

Download Submit
C:\Windows\Installer\MSI7670.tmp

Filesize
550KB

MD5
8259dc74965f3c8e91d152862580a773

SHA1
d2d029f9f9be25be3c5526c5a52449c034c673e1

SHA256
84f8a39d32775639bb3f8875b8e871e0e2344f2a96c52ab6660e65d5c33fd7f9

SHA512
50903688a44609700a84bfb18859b038ebb9ea69d142b1fc23d7bc639879e8be469dab23de777bba8265eb4da8ca7614747f2559034339061236ea7e2b5fd6d0

Download Submit
C:\Windows\Installer\MSI7670.tmp

Filesize
550KB

MD5
8259dc74965f3c8e91d152862580a773

SHA1
d2d029f9f9be25be3c5526c5a52449c034c673e1

SHA256
84f8a39d32775639bb3f8875b8e871e0e2344f2a96c52ab6660e65d5c33fd7f9

SHA512
50903688a44609700a84bfb18859b038ebb9ea69d142b1fc23d7bc639879e8be469dab23de777bba8265eb4da8ca7614747f2559034339061236ea7e2b5fd6d0

Download Submit
C:\Windows\Installer\MSI772D.tmp

Filesize
630KB

MD5
8ecff5e8777908818edd94721ddc349d

SHA1
a3ffcfcffae1b44261c1b1a64917ac898c40b9e2

SHA256
1c450659c7681df9df21b20412c9647e7e8e5bf0f2945c48b1ab51f330f2516b

SHA512
8418049fe52dcf6e294cf58d200b7a7d8e704ba592b3f59243c4c5a4d661c60f8db97540badd9a1718547a0047b39316ec7917c43ddcb8a71bebad49e7baaf08

Download Submit
C:\Windows\Installer\MSI772D.tmp

Filesize
630KB

MD5
8ecff5e8777908818edd94721ddc349d

SHA1
a3ffcfcffae1b44261c1b1a64917ac898c40b9e2

SHA256
1c450659c7681df9df21b20412c9647e7e8e5bf0f2945c48b1ab51f330f2516b

SHA512
8418049fe52dcf6e294cf58d200b7a7d8e704ba592b3f59243c4c5a4d661c60f8db97540badd9a1718547a0047b39316ec7917c43ddcb8a71bebad49e7baaf08

Download Submit
memory/3524-181-0x0000000002A50000-0x0000000002A70000-memory.dmp

Filesize
128KB

Download