babadeda | 48810e775d450710708c9ac7fc5a6a9b358f2d1c3d30cf32c243809f7f924d6d

Analysis

max time kernel
151s
max time network
162s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
15-09-2022 09:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Hardhat-dApp-v2.1.exe
Size

129.3MB
MD5

3c67c206fcf05e735ad70a105c6c7b49
SHA1

217f369e4aafd36805da2bf127684b83c71f9bee
SHA256

48810e775d450710708c9ac7fc5a6a9b358f2d1c3d30cf32c243809f7f924d6d
SHA512

c5a2684085ccf866b18bf5a80e56644e650a71ae63a1fa1b620c7100084124045f50a1147aa458285609e603af8a6aa116626ca76af3450913e976aae7eeb5de
SSDEEP

3145728:xR/5KgSAOsWBD4TABLmERk6WFQLnZLmzxPj9MDOC7vadxZA6NnArUwxS846PjsN2:xR/S

Score

10^/10

babadeda remcos sys32 crypter loader rat

Malware Config

Extracted

Family

remcos

Botnet

Sys32

65.108.9.124:4783

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
true
install_flag
false
install_path
%AppData%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
Logs
keylog_path
%AppData%
mouse_option
false
mutex
Sys32-PI9IVT
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 1 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\page	family_babadeda

Remcos
Remcos is a closed-source remote control and surveillance software.
rat remcos
Executes dropped EXE 3 IoCs

Processes:

Hardhat-dApp-v2.1.tmpHardhat-dApp-v2.1.tmpMp3tag.exe

pid process

1256 Hardhat-dApp-v2.1.tmp
1200 Hardhat-dApp-v2.1.tmp
1392 Mp3tag.exe

pid	process
1256	Hardhat-dApp-v2.1.tmp
1200	Hardhat-dApp-v2.1.tmp
1392	Mp3tag.exe

Loads dropped DLL 26 IoCs

Processes:

Hardhat-dApp-v2.1.exeHardhat-dApp-v2.1.exeHardhat-dApp-v2.1.tmpMp3tag.exe

pid	process
1356	Hardhat-dApp-v2.1.exe
1280	Hardhat-dApp-v2.1.exe
1200	Hardhat-dApp-v2.1.tmp
1392	Mp3tag.exe
1392	Mp3tag.exe
1392	Mp3tag.exe
1392	Mp3tag.exe
1392	Mp3tag.exe
1392	Mp3tag.exe
1392	Mp3tag.exe
1392	Mp3tag.exe
1392	Mp3tag.exe
1392	Mp3tag.exe
1392	Mp3tag.exe
1392	Mp3tag.exe
1392	Mp3tag.exe
1392	Mp3tag.exe
1392	Mp3tag.exe
1392	Mp3tag.exe
1392	Mp3tag.exe
1392	Mp3tag.exe
1392	Mp3tag.exe
1392	Mp3tag.exe
1392	Mp3tag.exe
1392	Mp3tag.exe
1392	Mp3tag.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Detects BABADEDA Crypter 1 IoCs

Detects BABADEDA Crypter.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\page	BABADEDA_Crypter

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062e6ef0d45f4454ab79548c962d74cdf000000000200000000001066000000010000200000000569b17c2371334cbdf164a95d89486aeb7f544f4ca98dae0d0d54d353dded55000000000e8000000002000020000000816369fe6760b0508702e7fd0822814ed89eff6eb3e2e45b62731352149e6341200000003303c37c73f260b2d8c2c8322f55e2b1d2d8212c6700cf0f92dfeaee9b717f2640000000dc0718f914319641af4a9dc8e5a7021532be5712ddf823c1055ce7cbde4536d59d54f9eeb610f92bb2e220db7eef87338c393ae64f84ae512ba8e211bcd06bc3	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062e6ef0d45f4454ab79548c962d74cdf000000000200000000001066000000010000200000005d946f61d6c9bb6541a7ea6b0a532fba4867735b657261a6bd67521f4ccc015f000000000e800000000200002000000085c6bab16ae5be1eec345be69eec54aa14ddf5b4c2f1bc666fed5e8c5f54d5ce90000000038abc52218dc80b542671c475c0294f83dfb9a61b4d7a4921a7dd914bc4f734c8c3bfcd90c9b4e79b3dde61dfee21e16c882b91c26149c99b6b20af9bf231fe69f4467a47b76554f4a62613a501ac9ae1c88ceb13d26f796c9704a95b8974a68e3945f90f1f6194ebd6579854a58396c5262f7501b60a05308e4981a4ea06de6b6d04035a38d4c4d6496bbea3c56982400000007ceee5ef8d3558c470887087d2f6b58b1aa1c57cdac41c2f3fa10bb8c253c4a303871fa1ce3b4f233c9de2395a7fe87fb9c001e6ea2b8c2573bfdef1b76a841f	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C54D77D1-34EF-11ED-9AAE-C6457FCBF3CF} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "370008969"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\mp3tag.de\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0a65ca0fcc8d801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\mp3tag.de	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

Mp3tag.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Mp3tag.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Mp3tag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	Mp3tag.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Mp3tag.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Mp3tag.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Mp3tag.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Hardhat-dApp-v2.1.tmp

pid process

1200 Hardhat-dApp-v2.1.tmp
1200 Hardhat-dApp-v2.1.tmp
Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

Hardhat-dApp-v2.1.tmpMp3tag.exeiexplore.exe

pid process

1200 Hardhat-dApp-v2.1.tmp
1392 Mp3tag.exe
1604 iexplore.exe
Suspicious use of SetWindowsHookEx 9 IoCs

Processes:

Mp3tag.exeiexplore.exeIEXPLORE.EXE

pid process

1392 Mp3tag.exe
1392 Mp3tag.exe
1604 iexplore.exe
1604 iexplore.exe
1392 Mp3tag.exe
872 IEXPLORE.EXE
872 IEXPLORE.EXE
872 IEXPLORE.EXE
872 IEXPLORE.EXE

pid	process
1200	Hardhat-dApp-v2.1.tmp
1200	Hardhat-dApp-v2.1.tmp

pid	process
1200	Hardhat-dApp-v2.1.tmp
1392	Mp3tag.exe
1604	iexplore.exe

pid	process
1392	Mp3tag.exe
1392	Mp3tag.exe
1604	iexplore.exe
1604	iexplore.exe
1392	Mp3tag.exe
872	IEXPLORE.EXE
872	IEXPLORE.EXE
872	IEXPLORE.EXE
872	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 33 IoCs

Processes:

Hardhat-dApp-v2.1.exeHardhat-dApp-v2.1.tmpHardhat-dApp-v2.1.exeHardhat-dApp-v2.1.tmpMp3tag.exeiexplore.exe

description	pid	process	target process
PID 1356 wrote to memory of 1256	1356	Hardhat-dApp-v2.1.exe	Hardhat-dApp-v2.1.tmp
PID 1356 wrote to memory of 1256	1356	Hardhat-dApp-v2.1.exe	Hardhat-dApp-v2.1.tmp
PID 1356 wrote to memory of 1256	1356	Hardhat-dApp-v2.1.exe	Hardhat-dApp-v2.1.tmp
PID 1356 wrote to memory of 1256	1356	Hardhat-dApp-v2.1.exe	Hardhat-dApp-v2.1.tmp
PID 1356 wrote to memory of 1256	1356	Hardhat-dApp-v2.1.exe	Hardhat-dApp-v2.1.tmp
PID 1356 wrote to memory of 1256	1356	Hardhat-dApp-v2.1.exe	Hardhat-dApp-v2.1.tmp
PID 1356 wrote to memory of 1256	1356	Hardhat-dApp-v2.1.exe	Hardhat-dApp-v2.1.tmp
PID 1256 wrote to memory of 1280	1256	Hardhat-dApp-v2.1.tmp	Hardhat-dApp-v2.1.exe
PID 1256 wrote to memory of 1280	1256	Hardhat-dApp-v2.1.tmp	Hardhat-dApp-v2.1.exe
PID 1256 wrote to memory of 1280	1256	Hardhat-dApp-v2.1.tmp	Hardhat-dApp-v2.1.exe
PID 1256 wrote to memory of 1280	1256	Hardhat-dApp-v2.1.tmp	Hardhat-dApp-v2.1.exe
PID 1256 wrote to memory of 1280	1256	Hardhat-dApp-v2.1.tmp	Hardhat-dApp-v2.1.exe
PID 1256 wrote to memory of 1280	1256	Hardhat-dApp-v2.1.tmp	Hardhat-dApp-v2.1.exe
PID 1256 wrote to memory of 1280	1256	Hardhat-dApp-v2.1.tmp	Hardhat-dApp-v2.1.exe
PID 1280 wrote to memory of 1200	1280	Hardhat-dApp-v2.1.exe	Hardhat-dApp-v2.1.tmp
PID 1280 wrote to memory of 1200	1280	Hardhat-dApp-v2.1.exe	Hardhat-dApp-v2.1.tmp
PID 1280 wrote to memory of 1200	1280	Hardhat-dApp-v2.1.exe	Hardhat-dApp-v2.1.tmp
PID 1280 wrote to memory of 1200	1280	Hardhat-dApp-v2.1.exe	Hardhat-dApp-v2.1.tmp
PID 1280 wrote to memory of 1200	1280	Hardhat-dApp-v2.1.exe	Hardhat-dApp-v2.1.tmp
PID 1280 wrote to memory of 1200	1280	Hardhat-dApp-v2.1.exe	Hardhat-dApp-v2.1.tmp
PID 1280 wrote to memory of 1200	1280	Hardhat-dApp-v2.1.exe	Hardhat-dApp-v2.1.tmp
PID 1200 wrote to memory of 1392	1200	Hardhat-dApp-v2.1.tmp	Mp3tag.exe
PID 1200 wrote to memory of 1392	1200	Hardhat-dApp-v2.1.tmp	Mp3tag.exe
PID 1200 wrote to memory of 1392	1200	Hardhat-dApp-v2.1.tmp	Mp3tag.exe
PID 1200 wrote to memory of 1392	1200	Hardhat-dApp-v2.1.tmp	Mp3tag.exe
PID 1392 wrote to memory of 1604	1392	Mp3tag.exe	iexplore.exe
PID 1392 wrote to memory of 1604	1392	Mp3tag.exe	iexplore.exe
PID 1392 wrote to memory of 1604	1392	Mp3tag.exe	iexplore.exe
PID 1392 wrote to memory of 1604	1392	Mp3tag.exe	iexplore.exe
PID 1604 wrote to memory of 872	1604	iexplore.exe	IEXPLORE.EXE
PID 1604 wrote to memory of 872	1604	iexplore.exe	IEXPLORE.EXE
PID 1604 wrote to memory of 872	1604	iexplore.exe	IEXPLORE.EXE
PID 1604 wrote to memory of 872	1604	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\Hardhat-dApp-v2.1.exe
"C:\Users\Admin\AppData\Local\Temp\Hardhat-dApp-v2.1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1356

C:\Users\Admin\AppData\Local\Temp\is-OQ5II.tmp\Hardhat-dApp-v2.1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-OQ5II.tmp\Hardhat-dApp-v2.1.tmp" /SL5="$60126,134693628,898048,C:\Users\Admin\AppData\Local\Temp\Hardhat-dApp-v2.1.exe"
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1256

C:\Users\Admin\AppData\Local\Temp\Hardhat-dApp-v2.1.exe
"C:\Users\Admin\AppData\Local\Temp\Hardhat-dApp-v2.1.exe" /VERYSILENT
3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1280

C:\Users\Admin\AppData\Local\Temp\is-RQ32V.tmp\Hardhat-dApp-v2.1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-RQ32V.tmp\Hardhat-dApp-v2.1.tmp" /SL5="$70126,134693628,898048,C:\Users\Admin\AppData\Local\Temp\Hardhat-dApp-v2.1.exe" /VERYSILENT
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1200

C:\Users\Admin\AppData\Roaming\Strong Recovery Master\Mp3tag.exe
"C:\Users\Admin\AppData\Roaming\Strong Recovery Master\Mp3tag.exe"
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1392

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.mp3tag.de/en/download.html
6⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1604

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1604 CREDAT:275457 /prefetch:2
7⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:872

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-OQ5II.tmp\Hardhat-dApp-v2.1.tmp
Filesize
3.1MB

MD5
ea098240412da6481fd1f35603763220

SHA1
fa967fd215a9c071051809702e91d2accd625548

SHA256
015e56ae6f4e37f0dd1c2becf7a99e266c9c3a4a266cba0f256848825685f4cf

SHA512
a063ad031e94fb91ff13f3ac5580b10eda7333c090ead6dd4b626b304b3ee19591bbe92b21967c5b6233b9dabcbd2f0f20b3ecf28c563eda0b603c12476515c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RQ32V.tmp\Hardhat-dApp-v2.1.tmp
Filesize
3.1MB

MD5
ea098240412da6481fd1f35603763220

SHA1
fa967fd215a9c071051809702e91d2accd625548

SHA256
015e56ae6f4e37f0dd1c2becf7a99e266c9c3a4a266cba0f256848825685f4cf

SHA512
a063ad031e94fb91ff13f3ac5580b10eda7333c090ead6dd4b626b304b3ee19591bbe92b21967c5b6233b9dabcbd2f0f20b3ecf28c563eda0b603c12476515c2

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\MSVCP140.dll
Filesize
428KB

MD5
fdd04dbbcf321eee5f4dd67266f476b0

SHA1
65ffdfe2664a29a41fcf5039229ccecad5b825b9

SHA256
21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794

SHA512
04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\Mp3tag.exe
Filesize
8.6MB

MD5
92c1655770e49b1dc19359ea1f02e780

SHA1
16b459328f086dd988bfb2b45288d32652400301

SHA256
bf9a506f8c9409fe9609c9590477fdb5cbd185c7b76344260a2494ec064feb28

SHA512
b5e7d6eb435411449402840161d47ec17a6d7f24853e3536d0619dfec5b5fead9de9336560a434735c343e2d96f22d97b9be6c5a52e708c97ced6999808946f6

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\Mp3tag.exe
Filesize
8.6MB

MD5
92c1655770e49b1dc19359ea1f02e780

SHA1
16b459328f086dd988bfb2b45288d32652400301

SHA256
bf9a506f8c9409fe9609c9590477fdb5cbd185c7b76344260a2494ec064feb28

SHA512
b5e7d6eb435411449402840161d47ec17a6d7f24853e3536d0619dfec5b5fead9de9336560a434735c343e2d96f22d97b9be6c5a52e708c97ced6999808946f6

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\VCRUNTIME140.dll
Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-core-file-l1-2-0.dll
Filesize
11KB

MD5
86279521328398e87699d248628eb13a

SHA1
e4d4c39bda90635f1f5c2fc58b1304e2daac9caf

SHA256
3c9b67616fd0ceb3dd92e605918b08556683ebab5537aa76dff300fbd54b0337

SHA512
2cc328955611ad8369ff9facf9c1aabe99a20c3ded2977ad86c69e0f54acd78fa6f572ed688625c8c63016826a10b3578e3c186ef2b39c4bf393ab5e399913a6

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-core-file-l2-1-0.dll
Filesize
11KB

MD5
422adad24e8da100f85bf3de86b5f302

SHA1
7004b3ed8663b5890cd25e1a7899a766be912728

SHA256
e04642684dc7376839c570bc11e9b46cae14420f1a85f7562fd2c4d656a22956

SHA512
e689ecb1a1cb1e7735cb6a961fd054d87bcad01acf76950b14a3bf4e08ddb7a8d31805c203374ee081a4ec13c40b25b3dc83b3895b9bfbd9c135673e98e6ee63

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-core-localization-l1-2-0.dll
Filesize
13KB

MD5
602a35b140d9d68d7b3e488896158365

SHA1
f1ba615abb54ff786ddbc74dffffd56394bfc892

SHA256
43b98f74476c86107c8317749f54a107e2955696e4f79d3d02683dd7034d1d52

SHA512
4388947f90838cae8b5f8137c9ed2a099028b4341da8c574d536c6ad096bad0e217e105f0367750c70e3d3ca4857255b674955c71ecff0fda9c47a4b1951b8b6

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
11KB

MD5
a07afa26ab56a8d3b8b16591a1962005

SHA1
2b6f3143487f747911ee20f039f1ffb1381858ac

SHA256
6be230837149dc2a8c7772142a674c3f90930a55da7f91d791942d8276d5440b

SHA512
b77b277d10cf6b8d209679684ead55b4347caef3213acdccdee35b5d4fe0e3fc136daf057830512c5473c4653a8d66357927c4b7d204c07d7508f792299d7fe9

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-core-synch-l1-2-0.dll
Filesize
11KB

MD5
ed215daa7493bf93c5eadef178a261e0

SHA1
b20c8dc7ba00f98a326f5f4fd55329b72f8e5699

SHA256
8b7c8fc657e0dab0f2506001ca4bb76e675ffd18a2b4d9c1e03b876e008a7a26

SHA512
3ed052eada11c3dc44f81f330bd2a2526170515bc6a90281872a93ee49f9add8c9ad36b9a9e9185e251d664c1694d06625e0148e113addc32e53d705d2655f03

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-core-timezone-l1-1-0.dll
Filesize
11KB

MD5
a9c7db516186c8e367fed757e238c61a

SHA1
1318d6496e7146e773aca85be6d0e9b87a09e284

SHA256
ded52bac23633a03341969c5b98b0d94d24fa3284c1ddd0c489e453b39cec659

SHA512
6aad003287afe86abccf34f6b15338c0c7380f4837805d919064a26380d2f3f7698515f927c148e618c12f0943d3621184bebc70a8b07eed64ad88689fbcc5cb

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-crt-convert-l1-1-0.dll
Filesize
15KB

MD5
c6385b316bb04ca36d76b077eeb9a61e

SHA1
fc376f68798fecd41fb1c936eed1bce3f2ee6bef

SHA256
060636cfc58587b4344a6d0ff4f44dd77266f2bbdb877cb50cb1b44a7e3969bc

SHA512
bddf0f34bedb17ecf1d270a0613f27d174ae04f920192d7d1af6c15245175318b29691e748c36e2ce0a3027495b2f5a0bb688ae16095fad9dcd8c283b6d1b1d4

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-crt-environment-l1-1-0.dll
Filesize
11KB

MD5
311e582d5d3d8421e883c4a8248eacc8

SHA1
c99e61d1446fce0f883a2aad261af22d77953a59

SHA256
369cc4d3bb05f4160a0bc9683feb1df2e94d02f061e4b23d53c3a6e2230cd5e4

SHA512
050ed1310e667e6bb22bb7952794745df1eee0c78f18240cc2217e748a11213d094b48153964c3da0ad8141da1709ece637315633396c77c035bb0565fa981b4

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-crt-filesystem-l1-1-0.dll
Filesize
13KB

MD5
10731d3320c12abb62d3866d7e728cce

SHA1
df4e131c825d1ca5cd14e00e5c04785d6ca508f7

SHA256
9f3eb90963916194f167e98e049707b14fa84a3f11cb8cc7b940d95956601700

SHA512
7eeef98682872fd95a38a03435546349c8488607e59870086b486b807e8b53893603175d9ad0f3b80c1924381daca8d14868a6079988a944b005783b4e2e358e

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-crt-heap-l1-1-0.dll
Filesize
12KB

MD5
cf5f256e8cd76ba85e6c3047f078814a

SHA1
b7cde77313ceaae76a46c1111b33b3d8f47c4214

SHA256
9382fc8d5cbcc23c5d05e6f48f4188af3f96efbbdc5a7ec05b37e252440ecfc1

SHA512
856eff4fff1d11a725af9c3e5ceac6d02a89297a16e97edec171839aa12c468fc37d60ec5df06d507cee695f71b7fbd4bc0ba51b7934d886e66a43b249e62da5

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-crt-locale-l1-1-0.dll
Filesize
11KB

MD5
60ffdc3ef20b127e3fd14a0719328c34

SHA1
b510833350328f79a79fa464ea9d5e9455643659

SHA256
43c9ea4ddecf2f34852559cf0b40b5261e6701d3743ab219f48d43a312707ad9

SHA512
caef6ee08c9f6fabecef1f0be37ab34e2d4dc22f15a775b2f0dcacda1f0fcdf2259399e6fbab85f0f00e8e4b03d77fe88b85b901a9ba2f775a50f2da724da26e

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-crt-math-l1-1-0.dll
Filesize
21KB

MD5
78dfcb76dc8b42411dbc682f78f5c6eb

SHA1
e50f6719fee44c70518cf8442737a688b5f45e62

SHA256
8673dd898f899de831fc3052c8b8254b7b85ee7f2b9b6c422736668689c9b14f

SHA512
968bb3bc952f4057f74c9c8825fcc2db34b9c56166ee39db3bab3d4ecf51fb65af250a8a65340274a1a0c0eed73b6c8962df5d2fce586c1ef4e19706edd5e6e1

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-crt-runtime-l1-1-0.dll
Filesize
15KB

MD5
8bd7a27e6ca969d3eb46086d411ce05d

SHA1
3bbf6f55853b1487debca58d7cb5c877d0abd517

SHA256
8edc95578b8c9ca93a65907e428fa2b57fef8370b902912689332bc61094904c

SHA512
fee8359398efe6a995a214d4e47de43aba12d33bb9cb1de18659d332d94ef83a4a77618b6caa9f455b0c6da4c10ab459209d483b9e778d9b522771ca692ca454

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-crt-stdio-l1-1-0.dll
Filesize
17KB

MD5
f681a45c47ebb2c56c1465677ec33ff3

SHA1
06bf7798c51325cf1806e14dea56ff98b05b7846

SHA256
3a03d727d291be57057587227273af410eda935438d8a0a165ec63ae772809af

SHA512
eeb05f1af7e1c714c658e9aa06e8c6dbeeb5f2e8dcf3fdb7b9b408018e41402d83893472114e0cf6d3a9a3bf54ec45c4f7a4840a09570d190277aa3514681ab8

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-crt-string-l1-1-0.dll
Filesize
17KB

MD5
00446e48d60abf044acc72b46d5c3afb

SHA1
0ccc0c5034ac063e1d4af851b0de1f4ea99aff97

SHA256
82d26998b4b3c26dbc1c1fff9d6106109a081205081d3c0669e59d20d918bc5a

SHA512
69114f0efb3c853bffb55c15e5ad1b7919057a676056d57634a6a39916e232cde2dcdc49ea0f9751ddea6550ffa58f84b1f8918b3c9fd7e88c8b8f7eb4afeaf2

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-crt-time-l1-1-0.dll
Filesize
13KB

MD5
376b4a7a02f20ed3aede05039ec3daf0

SHA1
c9149b37f85cfc724bedc0ecd543d95280055de1

SHA256
b0b8fc7de3641c3f23d30a4792c8584db33db6133ee29135c70bb504e80e4a2c

SHA512
ff7fba7cd8c9b55c1c87104d7d9074ef0eed524b02480ecf2c80e5cd489c568e1ed63bc62699a03272cab3dcbf20e6437e1f47ce112bcb3336d27ed2790430c5

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-crt-utility-l1-1-0.dll
Filesize
11KB

MD5
6376bf5bac3f0208f0a5d11415ccd444

SHA1
c3fe96e51c3f3e622dcedd2ddf8d23f9442361b8

SHA256
e36763df57cd26ec2b4d52e27de51a4ca6f18caf86cbac8307bf4817705f9a0e

SHA512
9614e423c850bdb584f18555825214d42106966b1ee71e75ba7407591aa5de407b43909ce972e1923df82e9a0e953597fe19646296962194ebeb1579493d91c2

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Chinese-H.ico
Filesize
1KB

MD5
1fc48b93562b46e428a2db1d4ea4a099

SHA1
772bc0d8527c5a0450fc0ff8ce525fca240564a5

SHA256
0b29a27f3d2ab4379cd99e9e7a93f6e40a0fe12cb73d1e6f3d296ec2c7e38a58

SHA512
55634f207c835a4dfd90ea1501a9ea5a0c406940def5f3b690d8b67085da8e61e890b29be679da61e8ce58a6f176b9f8927c02b81dea25a9de5561e1ea054a58

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Chinese.ico
Filesize
1KB

MD5
2ca29c521af17539d17968900ed650a1

SHA1
b508852a5febaa2ebd942229cc9104df4059430f

SHA256
1b8a834029f10ec10d796c8344b990df082a3b3c67e8f480d8ce48c07177d549

SHA512
90ba3bd6431912fa44458675eff9be42d99665b505d5dc4012591f4b018033ff95c6b7adceffe639040aa32ed2ef8c978c249fae9ede5a2db26e9b522d61d11d

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\English-H.ico
Filesize
1KB

MD5
e5e33562181f5549042249668092b0db

SHA1
7103748dd38ec44a3dea582a9aea2123870a6937

SHA256
1dff252a4f45c471b8fc81d5d1c94ac1ca918a2ec0725b875f088cb75b53a938

SHA512
9cdf1a067383086d7ea79fe145e84ae6be8b1e476dcc357416941c8839c46eafd496f865aa8c553df6ad61ea1afe00004cc3df22a395cbbd53f4b45423468b6b

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\English.ico
Filesize
1KB

MD5
1a25e199fb242d852a2bd217fd038bc1

SHA1
9276090831fb29e65b781624ccef3c2390014c5e

SHA256
668c3afced3f33fa016a3b1ff65715acb80823172493ded605633e937000b235

SHA512
347d5b00be749330f173b8566f6a80d905342c099d6e41afc856ea5f5837342e40a3a0e376bb50f62fe7f841a53aa04e93161d6053159324c51e7ff89decedbc

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\French-H.ico
Filesize
1KB

MD5
76872d444ab4c1719b42cf5417f1105f

SHA1
a6a1a7e596dd4068e9960d30525e4589b79bd4f8

SHA256
82ea4ec8fbfe3cbd3cae19132d23455ee2bea3ab65f2eba353359f0a45183257

SHA512
4415de96db7510a01369d8357522e41676d0be3249f3f35c03553d100714ea2bb4181ce9c8c5fa0d87700060574cbed56c9e8867023716beb8aa23ba67b6ff5e

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\French.ico
Filesize
1KB

MD5
31593b847d0959e8cf06ce0d6e55a95f

SHA1
e9a160d5c941b64d4f27f563410e5974d8f4adeb

SHA256
86486cb827bc98405ccc888170a08eb0772a82a88c3408060c5d271358f27a00

SHA512
9c75add56ca25c473b00f4c4c87c2e12ddc3ab1c95eaf969ae3dedb81c3c5804a9a445d7507f7698833cf3b22f734b50091d1b47b7d8d3062d27d58924dc20ea

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Polish.ico
Filesize
1KB

MD5
ad8bbac74c6010604a7bbd9e4df43688

SHA1
eb18b66c38b2a5ad5fe98177b677b4ed36c898aa

SHA256
5a98fc48378b8772579632706747d35d3f16c542fa5f0493b44100a0104eb559

SHA512
6df720edc81ce9af7e26028073219fcf3d8a503285bac95e9bbf2f6e7dd51e05624d72d9cd7bf670bc9c081ebf25dcde728ff7d21386d5a1d8330b1988527c56

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Russian-H.ico
Filesize
1KB

MD5
ee464ce2c72dc4a01afccf12b318ea23

SHA1
9cebc61498162ca4847519cdd0739f97399cd396

SHA256
596b46cdafb26774740466a73d4031813511db5840d2fe5c4d90284278a08d99

SHA512
0645f8d741feea1debe9b7ee484922499d44270783ba3d4d65232d7b6f2bb113cf4adb8278b78fb8dc725228fe21e912a2b8b228cb08d58015a537d4774e7a62

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Russian.ico
Filesize
1KB

MD5
ed0fa2d2cd41dbb442b010b4bd2cca9f

SHA1
783d3843a976bd91829398f9ccbfa5b98150023e

SHA256
7c24485ad1023a46521ed10a38ea762cd9c185aeed7dfd32a717d274606d8074

SHA512
4b2134844bfb56b9ba266f6687359117d5f0c0d5040213c025d906fab5ac8711a09673bdac342c59bfd1bb0fc8294c5a4f97cbc29567bd2c52b90dbabddc1d3b

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Spanish-H.ico
Filesize
1KB

MD5
959a045dcfc52077692f0d091db9054d

SHA1
ecd119a1e382f059bb9b04e37222ac3257272994

SHA256
73fca4e5f38e65f21b2b7251231178e64ce8cb288044d064e176965a1b4dc699

SHA512
022939b3cf3bc0555b190ea61b7594fe24f87cce44ce371f081d67202fe085e19a550898a4372bf8cca0d492a9ec837ff3a9d680998d2d5b35c26a5b0f042a98

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\language\Spanish.ico
Filesize
1KB

MD5
603afd32d12ed4bdc1bdfbb11040f271

SHA1
ac68f01be1f873330333ccacebd8079e2a72adfc

SHA256
9eb18c0dacb6e60abdf315b853fd6c9db8968ced959b7d31d1dcbc80b561bfb6

SHA512
b93869f43ae9cd0c1cac0d21b588527a3f93eeaf972ecf1f6d167f36d5f8e3d677daee6db0e1d409294e939cc8f2be2c65f4c0fbd5ca5918a09b01571a630c33

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\libwlp-20.dll
Filesize
19KB

MD5
fa847fa54c646c39fcf8e58c6fdcb46f

SHA1
d052ac0346c77be6d87c2da668543c63d3307036

SHA256
a15614de6f933f1941dbbb57641900439c02b3a90c40e409e32cae5c04426378

SHA512
3dca61429b7572d3106d095cea128b8b0bb8c685f0251b5920c8d69d828d33f90d507ba62033ab29cb8bb2d46e8574d0b52c7dba8181c2fa98ed304a8ed80cb2

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\page
Filesize
1.3MB

MD5
bc23ffe164676054ce5e5314abeaf11a

SHA1
eebc94229ce1b1a51d4dc96399d1ebda0b52b075

SHA256
dc36a03e536fbc03b4a89caa83435ec57fd021386341b53e23b56b359d988ab0

SHA512
78262e6a18988981e8a4f82fbf84e00d9058480912947851c5491a822f8f3c27a3345acf37bc2aeff514251024a1304fba087cf63f699b99af0299e9b0b26cdf

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\tak_deco_lib.dll
Filesize
127KB

MD5
f0bf722006ebf17f9a194e892ba2bf37

SHA1
a483e46857f29e98535a992438006c962e0404e5

SHA256
a737f6f613c161938ef4c795fb0cf1a0a7bf7e1539cefebc030fc36ac37bf0af

SHA512
47e4113ef649539db6b7ba52106477ac415fafcc0fad5b9a92575d18d110d1fd21e906cecf2546ddc20ef554e09f3da418a5066b70b31dc1360e555eb2cbd0e4

Download Submit
C:\Users\Admin\AppData\Roaming\Strong Recovery Master\ucrtbase.DLL
Filesize
880KB

MD5
5dafe0bfb955e780b3d50da4524b752f

SHA1
91c0d9fabe748d373215ba21b90278671b5f8957

SHA256
6255112c9978c07a05c6feaee01cf4be74b2920dc7017fbc1a42f8f5d23c20f9

SHA512
37fd37f3ad87838f596d1e8e497fe66d1a1c4128625ab456ec850179dd1e1f33cf4945d0faaf6cdbd1ed586ecfb7ff3e7cf10a88a823cc5eb06c2fc4fa16bff3

Download Submit
\Users\Admin\AppData\Local\Temp\is-OQ5II.tmp\Hardhat-dApp-v2.1.tmp
Filesize
3.1MB

MD5
ea098240412da6481fd1f35603763220

SHA1
fa967fd215a9c071051809702e91d2accd625548

SHA256
015e56ae6f4e37f0dd1c2becf7a99e266c9c3a4a266cba0f256848825685f4cf

SHA512
a063ad031e94fb91ff13f3ac5580b10eda7333c090ead6dd4b626b304b3ee19591bbe92b21967c5b6233b9dabcbd2f0f20b3ecf28c563eda0b603c12476515c2

Download Submit
\Users\Admin\AppData\Local\Temp\is-RQ32V.tmp\Hardhat-dApp-v2.1.tmp
Filesize
3.1MB

MD5
ea098240412da6481fd1f35603763220

SHA1
fa967fd215a9c071051809702e91d2accd625548

SHA256
015e56ae6f4e37f0dd1c2becf7a99e266c9c3a4a266cba0f256848825685f4cf

SHA512
a063ad031e94fb91ff13f3ac5580b10eda7333c090ead6dd4b626b304b3ee19591bbe92b21967c5b6233b9dabcbd2f0f20b3ecf28c563eda0b603c12476515c2

Download Submit
\Users\Admin\AppData\Roaming\Strong Recovery Master\Mp3tag.exe
Filesize
8.6MB

MD5
92c1655770e49b1dc19359ea1f02e780

SHA1
16b459328f086dd988bfb2b45288d32652400301

SHA256
bf9a506f8c9409fe9609c9590477fdb5cbd185c7b76344260a2494ec064feb28

SHA512
b5e7d6eb435411449402840161d47ec17a6d7f24853e3536d0619dfec5b5fead9de9336560a434735c343e2d96f22d97b9be6c5a52e708c97ced6999808946f6

Download Submit
\Users\Admin\AppData\Roaming\Strong Recovery Master\Mp3tag.exe
Filesize
8.6MB

MD5
92c1655770e49b1dc19359ea1f02e780

SHA1
16b459328f086dd988bfb2b45288d32652400301

SHA256
bf9a506f8c9409fe9609c9590477fdb5cbd185c7b76344260a2494ec064feb28

SHA512
b5e7d6eb435411449402840161d47ec17a6d7f24853e3536d0619dfec5b5fead9de9336560a434735c343e2d96f22d97b9be6c5a52e708c97ced6999808946f6

Download Submit
\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-core-file-l1-2-0.dll
Filesize
11KB

MD5
86279521328398e87699d248628eb13a

SHA1
e4d4c39bda90635f1f5c2fc58b1304e2daac9caf

SHA256
3c9b67616fd0ceb3dd92e605918b08556683ebab5537aa76dff300fbd54b0337

SHA512
2cc328955611ad8369ff9facf9c1aabe99a20c3ded2977ad86c69e0f54acd78fa6f572ed688625c8c63016826a10b3578e3c186ef2b39c4bf393ab5e399913a6

Download Submit
\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-core-file-l2-1-0.dll
Filesize
11KB

MD5
422adad24e8da100f85bf3de86b5f302

SHA1
7004b3ed8663b5890cd25e1a7899a766be912728

SHA256
e04642684dc7376839c570bc11e9b46cae14420f1a85f7562fd2c4d656a22956

SHA512
e689ecb1a1cb1e7735cb6a961fd054d87bcad01acf76950b14a3bf4e08ddb7a8d31805c203374ee081a4ec13c40b25b3dc83b3895b9bfbd9c135673e98e6ee63

Download Submit
\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-core-localization-l1-2-0.dll
Filesize
13KB

MD5
602a35b140d9d68d7b3e488896158365

SHA1
f1ba615abb54ff786ddbc74dffffd56394bfc892

SHA256
43b98f74476c86107c8317749f54a107e2955696e4f79d3d02683dd7034d1d52

SHA512
4388947f90838cae8b5f8137c9ed2a099028b4341da8c574d536c6ad096bad0e217e105f0367750c70e3d3ca4857255b674955c71ecff0fda9c47a4b1951b8b6

Download Submit
\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
11KB

MD5
a07afa26ab56a8d3b8b16591a1962005

SHA1
2b6f3143487f747911ee20f039f1ffb1381858ac

SHA256
6be230837149dc2a8c7772142a674c3f90930a55da7f91d791942d8276d5440b

SHA512
b77b277d10cf6b8d209679684ead55b4347caef3213acdccdee35b5d4fe0e3fc136daf057830512c5473c4653a8d66357927c4b7d204c07d7508f792299d7fe9

Download Submit
\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-core-synch-l1-2-0.dll
Filesize
11KB

MD5
ed215daa7493bf93c5eadef178a261e0

SHA1
b20c8dc7ba00f98a326f5f4fd55329b72f8e5699

SHA256
8b7c8fc657e0dab0f2506001ca4bb76e675ffd18a2b4d9c1e03b876e008a7a26

SHA512
3ed052eada11c3dc44f81f330bd2a2526170515bc6a90281872a93ee49f9add8c9ad36b9a9e9185e251d664c1694d06625e0148e113addc32e53d705d2655f03

Download Submit
\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-core-timezone-l1-1-0.dll
Filesize
11KB

MD5
a9c7db516186c8e367fed757e238c61a

SHA1
1318d6496e7146e773aca85be6d0e9b87a09e284

SHA256
ded52bac23633a03341969c5b98b0d94d24fa3284c1ddd0c489e453b39cec659

SHA512
6aad003287afe86abccf34f6b15338c0c7380f4837805d919064a26380d2f3f7698515f927c148e618c12f0943d3621184bebc70a8b07eed64ad88689fbcc5cb

Download Submit
\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-crt-convert-l1-1-0.dll
Filesize
15KB

MD5
c6385b316bb04ca36d76b077eeb9a61e

SHA1
fc376f68798fecd41fb1c936eed1bce3f2ee6bef

SHA256
060636cfc58587b4344a6d0ff4f44dd77266f2bbdb877cb50cb1b44a7e3969bc

SHA512
bddf0f34bedb17ecf1d270a0613f27d174ae04f920192d7d1af6c15245175318b29691e748c36e2ce0a3027495b2f5a0bb688ae16095fad9dcd8c283b6d1b1d4

Download Submit
\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-crt-environment-l1-1-0.dll
Filesize
11KB

MD5
311e582d5d3d8421e883c4a8248eacc8

SHA1
c99e61d1446fce0f883a2aad261af22d77953a59

SHA256
369cc4d3bb05f4160a0bc9683feb1df2e94d02f061e4b23d53c3a6e2230cd5e4

SHA512
050ed1310e667e6bb22bb7952794745df1eee0c78f18240cc2217e748a11213d094b48153964c3da0ad8141da1709ece637315633396c77c035bb0565fa981b4

Download Submit
\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-crt-filesystem-l1-1-0.dll
Filesize
13KB

MD5
10731d3320c12abb62d3866d7e728cce

SHA1
df4e131c825d1ca5cd14e00e5c04785d6ca508f7

SHA256
9f3eb90963916194f167e98e049707b14fa84a3f11cb8cc7b940d95956601700

SHA512
7eeef98682872fd95a38a03435546349c8488607e59870086b486b807e8b53893603175d9ad0f3b80c1924381daca8d14868a6079988a944b005783b4e2e358e

Download Submit
\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-crt-heap-l1-1-0.dll
Filesize
12KB

MD5
cf5f256e8cd76ba85e6c3047f078814a

SHA1
b7cde77313ceaae76a46c1111b33b3d8f47c4214

SHA256
9382fc8d5cbcc23c5d05e6f48f4188af3f96efbbdc5a7ec05b37e252440ecfc1

SHA512
856eff4fff1d11a725af9c3e5ceac6d02a89297a16e97edec171839aa12c468fc37d60ec5df06d507cee695f71b7fbd4bc0ba51b7934d886e66a43b249e62da5

Download Submit
\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-crt-locale-l1-1-0.dll
Filesize
11KB

MD5
60ffdc3ef20b127e3fd14a0719328c34

SHA1
b510833350328f79a79fa464ea9d5e9455643659

SHA256
43c9ea4ddecf2f34852559cf0b40b5261e6701d3743ab219f48d43a312707ad9

SHA512
caef6ee08c9f6fabecef1f0be37ab34e2d4dc22f15a775b2f0dcacda1f0fcdf2259399e6fbab85f0f00e8e4b03d77fe88b85b901a9ba2f775a50f2da724da26e

Download Submit
\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-crt-math-l1-1-0.dll
Filesize
21KB

MD5
78dfcb76dc8b42411dbc682f78f5c6eb

SHA1
e50f6719fee44c70518cf8442737a688b5f45e62

SHA256
8673dd898f899de831fc3052c8b8254b7b85ee7f2b9b6c422736668689c9b14f

SHA512
968bb3bc952f4057f74c9c8825fcc2db34b9c56166ee39db3bab3d4ecf51fb65af250a8a65340274a1a0c0eed73b6c8962df5d2fce586c1ef4e19706edd5e6e1

Download Submit
\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-crt-runtime-l1-1-0.dll
Filesize
15KB

MD5
8bd7a27e6ca969d3eb46086d411ce05d

SHA1
3bbf6f55853b1487debca58d7cb5c877d0abd517

SHA256
8edc95578b8c9ca93a65907e428fa2b57fef8370b902912689332bc61094904c

SHA512
fee8359398efe6a995a214d4e47de43aba12d33bb9cb1de18659d332d94ef83a4a77618b6caa9f455b0c6da4c10ab459209d483b9e778d9b522771ca692ca454

Download Submit
\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-crt-stdio-l1-1-0.dll
Filesize
17KB

MD5
f681a45c47ebb2c56c1465677ec33ff3

SHA1
06bf7798c51325cf1806e14dea56ff98b05b7846

SHA256
3a03d727d291be57057587227273af410eda935438d8a0a165ec63ae772809af

SHA512
eeb05f1af7e1c714c658e9aa06e8c6dbeeb5f2e8dcf3fdb7b9b408018e41402d83893472114e0cf6d3a9a3bf54ec45c4f7a4840a09570d190277aa3514681ab8

Download Submit
\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-crt-string-l1-1-0.dll
Filesize
17KB

MD5
00446e48d60abf044acc72b46d5c3afb

SHA1
0ccc0c5034ac063e1d4af851b0de1f4ea99aff97

SHA256
82d26998b4b3c26dbc1c1fff9d6106109a081205081d3c0669e59d20d918bc5a

SHA512
69114f0efb3c853bffb55c15e5ad1b7919057a676056d57634a6a39916e232cde2dcdc49ea0f9751ddea6550ffa58f84b1f8918b3c9fd7e88c8b8f7eb4afeaf2

Download Submit
\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-crt-time-l1-1-0.dll
Filesize
13KB

MD5
376b4a7a02f20ed3aede05039ec3daf0

SHA1
c9149b37f85cfc724bedc0ecd543d95280055de1

SHA256
b0b8fc7de3641c3f23d30a4792c8584db33db6133ee29135c70bb504e80e4a2c

SHA512
ff7fba7cd8c9b55c1c87104d7d9074ef0eed524b02480ecf2c80e5cd489c568e1ed63bc62699a03272cab3dcbf20e6437e1f47ce112bcb3336d27ed2790430c5

Download Submit
\Users\Admin\AppData\Roaming\Strong Recovery Master\api-ms-win-crt-utility-l1-1-0.dll
Filesize
11KB

MD5
6376bf5bac3f0208f0a5d11415ccd444

SHA1
c3fe96e51c3f3e622dcedd2ddf8d23f9442361b8

SHA256
e36763df57cd26ec2b4d52e27de51a4ca6f18caf86cbac8307bf4817705f9a0e

SHA512
9614e423c850bdb584f18555825214d42106966b1ee71e75ba7407591aa5de407b43909ce972e1923df82e9a0e953597fe19646296962194ebeb1579493d91c2

Download Submit
\Users\Admin\AppData\Roaming\Strong Recovery Master\libwlp-20.dll
Filesize
19KB

MD5
fa847fa54c646c39fcf8e58c6fdcb46f

SHA1
d052ac0346c77be6d87c2da668543c63d3307036

SHA256
a15614de6f933f1941dbbb57641900439c02b3a90c40e409e32cae5c04426378

SHA512
3dca61429b7572d3106d095cea128b8b0bb8c685f0251b5920c8d69d828d33f90d507ba62033ab29cb8bb2d46e8574d0b52c7dba8181c2fa98ed304a8ed80cb2

Download Submit
\Users\Admin\AppData\Roaming\Strong Recovery Master\msvcp140.dll
Filesize
428KB

MD5
fdd04dbbcf321eee5f4dd67266f476b0

SHA1
65ffdfe2664a29a41fcf5039229ccecad5b825b9

SHA256
21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794

SHA512
04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

Download Submit
\Users\Admin\AppData\Roaming\Strong Recovery Master\tak_deco_lib.dll
Filesize
127KB

MD5
f0bf722006ebf17f9a194e892ba2bf37

SHA1
a483e46857f29e98535a992438006c962e0404e5

SHA256
a737f6f613c161938ef4c795fb0cf1a0a7bf7e1539cefebc030fc36ac37bf0af

SHA512
47e4113ef649539db6b7ba52106477ac415fafcc0fad5b9a92575d18d110d1fd21e906cecf2546ddc20ef554e09f3da418a5066b70b31dc1360e555eb2cbd0e4

Download Submit
\Users\Admin\AppData\Roaming\Strong Recovery Master\ucrtbase.dll
Filesize
880KB

MD5
5dafe0bfb955e780b3d50da4524b752f

SHA1
91c0d9fabe748d373215ba21b90278671b5f8957

SHA256
6255112c9978c07a05c6feaee01cf4be74b2920dc7017fbc1a42f8f5d23c20f9

SHA512
37fd37f3ad87838f596d1e8e497fe66d1a1c4128625ab456ec850179dd1e1f33cf4945d0faaf6cdbd1ed586ecfb7ff3e7cf10a88a823cc5eb06c2fc4fa16bff3

Download Submit
\Users\Admin\AppData\Roaming\Strong Recovery Master\vcruntime140.dll
Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
memory/1200-68-0x0000000000000000-mapping.dmp

Download
memory/1200-71-0x0000000074931000-0x0000000074933000-memory.dmp

Filesize
8KB

Download
memory/1256-58-0x0000000000000000-mapping.dmp

Download
memory/1280-123-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1280-72-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1280-62-0x0000000000000000-mapping.dmp

Download
memory/1280-65-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1356-64-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1356-54-0x0000000075BA1000-0x0000000075BA3000-memory.dmp

Filesize
8KB

Download
memory/1356-59-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1356-55-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1392-125-0x0000000072B41000-0x0000000072B43000-memory.dmp

Filesize
8KB

Download
memory/1392-79-0x0000000000230000-0x0000000000255000-memory.dmp

Filesize
148KB

Download
memory/1392-128-0x0000000004CD0000-0x0000000004D69000-memory.dmp

Filesize
612KB

Download
memory/1392-74-0x0000000000000000-mapping.dmp

Download
memory/1392-145-0x0000000006640000-0x000000000728A000-memory.dmp

Filesize
12.3MB

Download
memory/1392-146-0x000000000AB20000-0x000000000AB97000-memory.dmp

Filesize
476KB

Download
memory/1392-147-0x0000000006640000-0x000000000728A000-memory.dmp

Filesize
12.3MB

Download
memory/1392-148-0x000000000AB20000-0x000000000AB97000-memory.dmp

Filesize
476KB

Download