babadeda | d2409e2236609aaa743681f503ed6963ad22e50bcc1583a749c16605af7968de

Analysis

max time kernel
69s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27-10-2022 14:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b82597ca0a096d822a9f7a653bf4356.exe
Size

12.4MB
MD5

8b82597ca0a096d822a9f7a653bf4356
SHA1

3c44e2633e22af9089cb6e51dad828263a8db61c
SHA256

d2409e2236609aaa743681f503ed6963ad22e50bcc1583a749c16605af7968de
SHA512

9bc1f3896e910d64d2e8976de20c8e8c4eaa2d1643601f7a15e9ad0ad215c5c59b1b4c4d345180e2baf105a11fdf2a68cc5041d5497d2bf19ff6f641ed6b70d5
SSDEEP

393216:SQ/5wdPcRkVrsRaSczOjSx52hwbTCMGppU:SQRwdPcRvjI5PnCG

Score

10^/10

babadeda vidar 1670 crypter discovery evasion loader spyware stealer trojan

Malware Config

Extracted

Family

vidar

Version

55.1

Botnet

1670

http://94.131.109.112:80

http://94.131.109.113:80

Attributes

profile_id
1670

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 2 IoCs

resource	yara_rule
behavioral2/files/0x0006000000022e76-169.dat	family_babadeda
behavioral2/memory/4760-182-0x0000000009BF0000-0x0000000009FF0000-memory.dmp	family_babadeda

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar

Executes dropped EXE 1 IoCs

pid	Process
4760	DtlManualUpdate.exe

Loads dropped DLL 26 IoCs

pid	Process
3472	8b82597ca0a096d822a9f7a653bf4356.exe
3472	8b82597ca0a096d822a9f7a653bf4356.exe
3472	8b82597ca0a096d822a9f7a653bf4356.exe
3472	8b82597ca0a096d822a9f7a653bf4356.exe
3472	8b82597ca0a096d822a9f7a653bf4356.exe
3472	8b82597ca0a096d822a9f7a653bf4356.exe
3472	8b82597ca0a096d822a9f7a653bf4356.exe
3472	8b82597ca0a096d822a9f7a653bf4356.exe
3472	8b82597ca0a096d822a9f7a653bf4356.exe
3472	8b82597ca0a096d822a9f7a653bf4356.exe
3472	8b82597ca0a096d822a9f7a653bf4356.exe
4760	DtlManualUpdate.exe
4760	DtlManualUpdate.exe
4760	DtlManualUpdate.exe
4760	DtlManualUpdate.exe
4760	DtlManualUpdate.exe
4760	DtlManualUpdate.exe
4760	DtlManualUpdate.exe
4760	DtlManualUpdate.exe
4760	DtlManualUpdate.exe
4760	DtlManualUpdate.exe
4760	DtlManualUpdate.exe
4760	DtlManualUpdate.exe
4760	DtlManualUpdate.exe
4760	DtlManualUpdate.exe
4760	DtlManualUpdate.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses 2FA software files, possible credential harvesting 2 TTPs
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	8b82597ca0a096d822a9f7a653bf4356.exe

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	DtlManualUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	DtlManualUpdate.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2180	4760	WerFault.exe	84

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DtlManualUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	DtlManualUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DtlManualUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	DtlManualUpdate.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	DtlManualUpdate.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	8b82597ca0a096d822a9f7a653bf4356.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	8b82597ca0a096d822a9f7a653bf4356.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	8b82597ca0a096d822a9f7a653bf4356.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	DtlManualUpdate.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	DtlManualUpdate.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	DtlManualUpdate.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	DtlManualUpdate.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3472	8b82597ca0a096d822a9f7a653bf4356.exe
3472	8b82597ca0a096d822a9f7a653bf4356.exe
4760	DtlManualUpdate.exe
4760	DtlManualUpdate.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4760	DtlManualUpdate.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 4760	3472	8b82597ca0a096d822a9f7a653bf4356.exe	84
PID 3472 wrote to memory of 4760	3472	8b82597ca0a096d822a9f7a653bf4356.exe	84
PID 3472 wrote to memory of 4760	3472	8b82597ca0a096d822a9f7a653bf4356.exe	84

C:\Users\Admin\AppData\Local\Temp\8b82597ca0a096d822a9f7a653bf4356.exe
"C:\Users\Admin\AppData\Local\Temp\8b82597ca0a096d822a9f7a653bf4356.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\DtlManualUpdate.exe
  "C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\DtlManualUpdate.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Maps connected drives based on registry
  - Checks SCSI registry key(s)
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4760
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 3112
    3⤵
    - Program crash
    PID:2180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 192 -p 4760 -ip 4760
1⤵
PID:5100

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\mozglue.dll

Filesize
593KB

MD5
c8fd9be83bc728cc04beffafc2907fe9

SHA1
95ab9f701e0024cedfbd312bcfe4e726744c4f2e

SHA256
ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

SHA512
fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

Download Submit
C:\ProgramData\nss3.dll

Filesize
2.0MB

MD5
1cc453cdf74f31e4d913ff9c10acdde2

SHA1
6e85eae544d6e965f15fa5c39700fa7202f3aafe

SHA256
ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

SHA512
dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

Download Submit
C:\ProgramData\sqlite3.dll

Filesize
1.1MB

MD5
1f44d4d3087c2b202cf9c90ee9d04b0f

SHA1
106a3ebc9e39ab6ddb3ff987efb6527c956f192d

SHA256
4841020c8bd06b08fde6e44cbe2e2ab33439e1c8368e936ec5b00dc0584f7260

SHA512
b614c72a3c1ce681ebffa628e29aa50275cc80ca9267380960c5198ea4d0a3f2df6cfb7275491d220bad72f14fc94e6656501e9a061d102fb11e00cfda2beb45

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00000d90\BR6A19.tmp

Filesize
99KB

MD5
2c9676a3167739f36912818acb8e9860

SHA1
cd9e5e56cc408c40c45caf49614c26fc7fde39f6

SHA256
75fc64a55afa86173947948d78ba5de98dfc35c487166a6682fe71ed5f6f877a

SHA512
a6c375511d9d339b889adcca4a95bc23df9e207f86605f6d6d04ab7e211901cdc3012860ed844a5c36737369e01dc70b212f5960d8a662fdc720ad98e1202aa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00000d90\BR6AC6.tmp

Filesize
288KB

MD5
122a3741699fb5c0950273245c9dea15

SHA1
811f9149e3310a8e6521da156f92f3aaab012145

SHA256
f675eba3b22e0a2238ec4961d99de3bacca0ab553ab26eecb49800a12a9371ab

SHA512
567c480f70fdc78769ae45bf83b6632f7ab380ebeb00689028d39ff03840c8b778149a3fafe1dab2ac77a1fd17a23b09f58774b1c5e791bfd33b99528225eccc

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00000d90\BR6B63.tmp

Filesize
35KB

MD5
08ad4cd2a940379f1dcdbdb9884a1375

SHA1
c302b7589ba4f05c6429e7f89ad0cb84dd9dfbac

SHA256
78827e2b1ef0aad4f8b1b42d0964064819aa22bfcd537ebaacb30d817edc06d8

SHA512
f37bd071994c31b361090a149999e8b2d4a7839f19ea63e1d4563aada1371be37f2bfcc474e24de95ff77ca4124a39580c9f711e2fbe54265713ab76f631835a

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00000d90\BR6BB2.tmp

Filesize
169KB

MD5
cf2d7b4de923b25955d96d2e65ce76bc

SHA1
8feee81fe77a7649b969d375778d2b78d842cf48

SHA256
0912c84ded4670c427db1f405eb68a5763eae8fa0a735abe44eea81be7dc44ea

SHA512
d26a0983f0323655eddc48863a409d172a4623bd7ed465b5a4675477938de10127323040da77c80201c3a816315d98cace5194207e22b0a6ac2e65ae6795dc4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00000d90\BR6BD2.tmp

Filesize
532KB

MD5
a6f7a08b0676f0564a51b5c47973e635

SHA1
d56f5f9e2580b81717317da6582da9d379426d5b

SHA256
5dd27e845af9333ad7b907a37ab3d239b75be6ccc1f51ef4b21e59b037ce778c

SHA512
1101813034db327af1c16d069a4dfa91ab97ee8188f9ed1a6da9d25558866e7e9af59102e58127e64441d3e4a768b2ad788fd0e5a16db994a14637bfbade2954

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00000d90\BR6C7F.tmp

Filesize
72KB

MD5
c04970b55bcf614f24ca75b1de641ae2

SHA1
52b182caef513ed1c36f28eb45cedb257fa8ce40

SHA256
5ddee4aab3cf33e505f52199d64809125b26de04fb9970ca589cd8619c859d80

SHA512
a5f2660e336bf74a1936fb2e1c724220d862632907f5fd690b365009ac3e1bf35fa6689071f3da4049e495f340ff83f8438b79079ef1f248b9dcaedbdd5d3e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00000d90\BR6CAF.tmp

Filesize
14KB

MD5
77fe66d74901495f4b41a5918acd02ff

SHA1
ce5bbd53152cd5b03df8bcc232a1aea36a012764

SHA256
b017168c69ef40115141813e47122391602e1af28af342c56495b09f1c3c7522

SHA512
cc6e323d0076577a0a04dbe2c33d90dc616cb5ec3637d3df67cbf169766ca2e6de567fcff4f32938fd6118d98e4796642a3010b7264f0ae247fa8f0fe079bd70

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00000d90\BR6D9A.tmp

Filesize
14KB

MD5
d74aadd701bfacc474c431acab7b9265

SHA1
8a2b424d1f949430ddc1faddee3e9ccb79c95de2

SHA256
f1029f5cca3dabfeffe2c9db6ad84a9ff0f64f5b2fb85cb6ab348740f756e07d

SHA512
0ef85e311fb4843997fd5f87f0a2eec9715e26eae76bfb7bb701d8c043720aeaf7f4825d25187bf35e0a9f00def15ed071120128805445f1330c07c3e0ea5ced

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00000d90\BR6F80.tmp

Filesize
366KB

MD5
0700f3dbe367287ce10472cffbd3d7d1

SHA1
079790389532599ce04fd82c2b89db5e4dedf26c

SHA256
77e46a6a8fbc079cdb1d3ee299af36c3d1881d38d93c4e0551f114965cdaf10f

SHA512
28eb67d348c8e9e36032d041315b6ee790d2e9021a3a657a7fe33c66ad1f8daa5b3e0833a2a432cb4a4c5795fea5a80a1810440fb441b6f0d56cf0d00d3e0a17

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00000d90\BR6FBF.tmp

Filesize
74KB

MD5
924b90c3d9e645dfad53f61ea4e91942

SHA1
65d397199ff191e5078095036e49f08376f9ae4e

SHA256
41788435f245133ec5511111e2c5d52f7515e359876180067e0b5ba85c729322

SHA512
76833708828c8f3fad941abeea158317aff98cf0691b5d5dfa4bca15279cdad1cc23a771258e4de41cf12a58f7033a3ee08b0b5eb834d22be568ea98b183ccd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00000d90\BR6FE0.tmp

Filesize
150KB

MD5
efd81ea220094b0e91630b648d00e731

SHA1
226635424baf8146af055908c4c12b0a3faecd4f

SHA256
931c52c91ffbe12d820ff96570ba8db8abc36ac2fb852c87f2ef99271d7183fa

SHA512
fca9ffbcf94507cda23b5a68c4a598a25f0a0e22a7d429a125acbf95bdd03fd63ac80cf8738ae22d1730a73edb3325edc5b85af8d3337a62a97ac0f63dbccdbe

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\CleanConfig.dat

Filesize
2KB

MD5
f0b35b88b65d285fdad19df2e2ebb6c4

SHA1
6520311e33b18ad6f79bb4ad46ac849b74c5fd08

SHA256
6e1406a43c09895f75c854412d38ba93cd68e407dcde970838bd1e3a9fa677bb

SHA512
07423ebfedb0204b8026153c58198b38fd78d66bd27e0ac3724ecffee126262b7226b277a0031bdd42cc7cf4d33d4fc3a2484447ab962339b4e4f5d933f596e6

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\DownLoadInfo.db

Filesize
4KB

MD5
2494610653a8d9141ebd5087385d93a6

SHA1
359826f7ea0630c8d89e3bd0a5a94672c13f5abc

SHA256
5cc6a99073cf0e84ee929424be3aa069cf868ffd47498fc730b693a2db7818dd

SHA512
7e937f669ecffa373583d3ba955bade5b256bc0fae5d93393c2d978bda66305b4495f5fd2a85c3182fd02d6eb04779223db9568a15c36a3c46678430511214bb

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\DtlManualUpdate.exe

Filesize
1.1MB

MD5
b12cffcb403830e98c6639d998c477e2

SHA1
c442bb87c96bc247317b5101fd64cecfe1634470

SHA256
b5b14ab08053acd5750c57bbe6c624a47df2ad38f5fc481e4ca0c65400516362

SHA512
642a2aad0b43a4ab50ff222b53fe3803bfcb174604a3f45b2ca465b82e8f3da540aa0b0411862a02318bda6473b543543dd390a70255b3fe0a276b4f19129db7

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\DtlManualUpdate.exe

Filesize
1.1MB

MD5
b12cffcb403830e98c6639d998c477e2

SHA1
c442bb87c96bc247317b5101fd64cecfe1634470

SHA256
b5b14ab08053acd5750c57bbe6c624a47df2ad38f5fc481e4ca0c65400516362

SHA512
642a2aad0b43a4ab50ff222b53fe3803bfcb174604a3f45b2ca465b82e8f3da540aa0b0411862a02318bda6473b543543dd390a70255b3fe0a276b4f19129db7

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\MSVCP140.dll

Filesize
428KB

MD5
fdd04dbbcf321eee5f4dd67266f476b0

SHA1
65ffdfe2664a29a41fcf5039229ccecad5b825b9

SHA256
21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794

SHA512
04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\SDL2.dll

Filesize
1.1MB

MD5
d60643229ea9b319f4de76ba47f0e138

SHA1
8811a3d790915e4bbe9deb1d9c7fa499a2679408

SHA256
eab38202aa56c843c561c6a5009efc8ef4468f547f55c562341be38ea512951c

SHA512
95095958378e4c2e0e3924c5245d8fc6f788b926e8e751d40c55dba0ad1c4ed66379fe8dc148a8c39618eeb75e94cba1b3859462051a249f09cd7b483ba45ccd

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\SDL2.dll

Filesize
1.1MB

MD5
d60643229ea9b319f4de76ba47f0e138

SHA1
8811a3d790915e4bbe9deb1d9c7fa499a2679408

SHA256
eab38202aa56c843c561c6a5009efc8ef4468f547f55c562341be38ea512951c

SHA512
95095958378e4c2e0e3924c5245d8fc6f788b926e8e751d40c55dba0ad1c4ed66379fe8dc148a8c39618eeb75e94cba1b3859462051a249f09cd7b483ba45ccd

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\Uninst.dar0

Filesize
860B

MD5
4afafb6480604ff79e3459a4226746b0

SHA1
ba607157e9a1b3db3fb1f003e26c69d578769d59

SHA256
d4ad42346963a00c9b83f0b6f171b922847744722bc035d1fbd50aa31e90225b

SHA512
b19717f46997e3d5ee610e0c9f09db54d83db6e150952bad67a90fad57a8da7de10e2a14c57bce7c390b9ca1afe4b2e151af4274ff9b047cfb04e3e9b230ebf5

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\Uninst.dar1

Filesize
14KB

MD5
76fc7ac220d8fc27734fe57a3c16b4c5

SHA1
6c381b0d9057c106994cc59e4084c3a6bea258c7

SHA256
1747a7c40bdf874f21a39bef4a40313ce64a8db3836d4605119e0dfb2c1110f9

SHA512
31d62332a902b14707302d1c57be94a8aa910a18850a78cffe5fd85039414493a143582822939debfce29f7dbddae6b0507956c6c63239389b82d95623547c76

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\VCRUNTIME140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\filter.proc

Filesize
478B

MD5
e82c20c1b43f9b24276e7813f4af3205

SHA1
9af370256efc918ced5a892e3f153786ad6286b2

SHA256
fb4817bb5c74017fc3850211d390371b0a2bcade03bbffe16f8a4c2735ad8f58

SHA512
7dff226bfc7a2e3f7608890220bbccd86c7577ab219577d3e9e7858df9f3bf9140abeb7064dcc53a76203252396bf85b79e6baba7ec18f70a690caccbba2930f

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\iconv-2.dll

Filesize
1.0MB

MD5
8b917884024fca4adcdfbe78e1ec500f

SHA1
4bfb956682494420929585b5eeb4fae7baa5a894

SHA256
c21ea273a5fddbb5d7af49eea93809b323621caed3b57fab7ec43ec4b08cce14

SHA512
5a204f94ecfa4f47ed05c164136dac762b2724298a38019926da34bb86fc05a212a3df486dc6da495929f365e0162198069a03f9745e039b0d8ff92c7601e2fc

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\iconv-2.dll

Filesize
1.0MB

MD5
8b917884024fca4adcdfbe78e1ec500f

SHA1
4bfb956682494420929585b5eeb4fae7baa5a894

SHA256
c21ea273a5fddbb5d7af49eea93809b323621caed3b57fab7ec43ec4b08cce14

SHA512
5a204f94ecfa4f47ed05c164136dac762b2724298a38019926da34bb86fc05a212a3df486dc6da495929f365e0162198069a03f9745e039b0d8ff92c7601e2fc

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\id

Filesize
1.8MB

MD5
4fc72f77c77030e3a688ebae159a4177

SHA1
b4ec6793edd6010255bb6a25d5e36d3e37e83d03

SHA256
35973d6a234070e2f476384f049c9d3a74e9ae9713a63a22d386563de6dd3128

SHA512
c5ff224574b81a68d8b7cc63faf3db52d15544d914889e1c3b02bac7cf31d9fd57fc7fcdc6f7df21aa020c311141f99850e2b4066af179780f56578a7db4d48a

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\libexpat.dll

Filesize
126KB

MD5
530d00e196a499c0ec24ac6412a46f8b

SHA1
3c2a99233d7d5d2bcf1a3aa576228fc22acc62ba

SHA256
4d82729479a454d85ffe72dbd1c0c42bf544a65dfd4f63313d4e37fb8a250545

SHA512
64f110601be0047c96f0eee1aa9ddcefc8e524b078225878389603a3fee0864e801b49f4f0ab493b83d7bc243f35018358de41b06a63a8107c88a24d3ca12573

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\libexpat.dll

Filesize
126KB

MD5
530d00e196a499c0ec24ac6412a46f8b

SHA1
3c2a99233d7d5d2bcf1a3aa576228fc22acc62ba

SHA256
4d82729479a454d85ffe72dbd1c0c42bf544a65dfd4f63313d4e37fb8a250545

SHA512
64f110601be0047c96f0eee1aa9ddcefc8e524b078225878389603a3fee0864e801b49f4f0ab493b83d7bc243f35018358de41b06a63a8107c88a24d3ca12573

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\liblzma.dll

Filesize
130KB

MD5
2337a60384e6e8598af862bfc3c143d0

SHA1
3952358bf1493d5c7a1869b170907a22ceeb6b8b

SHA256
c805c22a6a24424939c50e885b3fab7047d683a1e9bb2e1a1bba2bb6717dd55c

SHA512
6b57eaa61dd6348a568ed017c4094ac508c2e95ffc142d895242a8a78634afd9d95e10ba4a466011520ec0e2cabe0838200363faaa210ad2e248738081dbbf5c

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\liblzma.dll

Filesize
130KB

MD5
2337a60384e6e8598af862bfc3c143d0

SHA1
3952358bf1493d5c7a1869b170907a22ceeb6b8b

SHA256
c805c22a6a24424939c50e885b3fab7047d683a1e9bb2e1a1bba2bb6717dd55c

SHA512
6b57eaa61dd6348a568ed017c4094ac508c2e95ffc142d895242a8a78634afd9d95e10ba4a466011520ec0e2cabe0838200363faaa210ad2e248738081dbbf5c

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\libxml2.dll

Filesize
1.1MB

MD5
200419961fb4dddb2600235d8379e041

SHA1
f79f03bb6a8929c851667390886979890f8bbc29

SHA256
5e24a037deee827fcda9d719b22c300eb6e373e633ee35f5ba570dd303d1b757

SHA512
882449740ffb40749da0385dcf55acac461f6dabc206218d17c5808b3ca47287faafed3439726443a0f659ac3fba9492f057656be98004f76ae43088d88aaea7

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\libxml2.dll

Filesize
1.1MB

MD5
200419961fb4dddb2600235d8379e041

SHA1
f79f03bb6a8929c851667390886979890f8bbc29

SHA256
5e24a037deee827fcda9d719b22c300eb6e373e633ee35f5ba570dd303d1b757

SHA512
882449740ffb40749da0385dcf55acac461f6dabc206218d17c5808b3ca47287faafed3439726443a0f659ac3fba9492f057656be98004f76ae43088d88aaea7

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\msvcp140.dll

Filesize
428KB

MD5
fdd04dbbcf321eee5f4dd67266f476b0

SHA1
65ffdfe2664a29a41fcf5039229ccecad5b825b9

SHA256
21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794

SHA512
04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\substat.dll

Filesize
154KB

MD5
82e42622d2b2ead49abe5791e5983580

SHA1
0a9f3ea74303e56d367b45503bae3ba1bddc2b5e

SHA256
e074311afc94e0bb98bf0d0c84fe777783a1475c755d6be7041be11a632e5647

SHA512
d40b82fdbfada18174d3ce96c0d5f89960f3f4e19a38a6c21c248839537d95cc6663555a175b1630f2d765387a95ea3a2b9255f1a82c5805f1e11d114f3a64ef

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\substat.dll

Filesize
154KB

MD5
82e42622d2b2ead49abe5791e5983580

SHA1
0a9f3ea74303e56d367b45503bae3ba1bddc2b5e

SHA256
e074311afc94e0bb98bf0d0c84fe777783a1475c755d6be7041be11a632e5647

SHA512
d40b82fdbfada18174d3ce96c0d5f89960f3f4e19a38a6c21c248839537d95cc6663555a175b1630f2d765387a95ea3a2b9255f1a82c5805f1e11d114f3a64ef

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\svfilter.dll

Filesize
56KB

MD5
269168df32261e0dd932996016df3336

SHA1
e179b4f5baf4b82220bbc6eb9ea645561493891e

SHA256
dd7fa4b8a9f3322119d7cd3dc3901e0ae09a2cbac0b5d35783d73841d7baf57a

SHA512
e455cc87f811e83811788fc2788a9a3b5f2dc2bec8674fe1449d23f6da8d08154c084b8defa9af1e9045837b65b69efaa46a41c8f246930699b12117fa19e4ad

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\svfilter.dll

Filesize
56KB

MD5
269168df32261e0dd932996016df3336

SHA1
e179b4f5baf4b82220bbc6eb9ea645561493891e

SHA256
dd7fa4b8a9f3322119d7cd3dc3901e0ae09a2cbac0b5d35783d73841d7baf57a

SHA512
e455cc87f811e83811788fc2788a9a3b5f2dc2bec8674fe1449d23f6da8d08154c084b8defa9af1e9045837b65b69efaa46a41c8f246930699b12117fa19e4ad

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\un.dat

Filesize
285KB

MD5
0748523a63073ac777a70223316cb20b

SHA1
1e497e465dbe8fffc538e90a8d63d064160ceb9e

SHA256
4e07ecd79ac9ecbaa6c5398264522a83bb3931635df25fabfdd02057695921e5

SHA512
3d5b4bf9bc718bfabec9b7884d14a690e4b33e759a5e07d53ad6fd1f4934be06beb33612369520d74d4c45505e7baf42f49ce92d8ecbc3a303093080ca41847a

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\vcruntime140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\vcruntime140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\xerces-c_3_2.dll

Filesize
2.4MB

MD5
e477ad70adb0967f926faace10a41820

SHA1
998e8de5ee9afc948c5298d1a268da875b2343da

SHA256
ecc3ab92c9cde46b3a1cbf4bb2876d6c2ef461b7e3f0b8c78fe421f013600c9c

SHA512
87e96764e90d2a61839524f53d5f11aff0da36b4c6f5c406621fbb60bd833a5ad0b00cf8e665152795a9236914e51355d4fa7ab0b50a0531aad85178b01d227b

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\xerces-c_3_2.dll

Filesize
2.4MB

MD5
e477ad70adb0967f926faace10a41820

SHA1
998e8de5ee9afc948c5298d1a268da875b2343da

SHA256
ecc3ab92c9cde46b3a1cbf4bb2876d6c2ef461b7e3f0b8c78fe421f013600c9c

SHA512
87e96764e90d2a61839524f53d5f11aff0da36b4c6f5c406621fbb60bd833a5ad0b00cf8e665152795a9236914e51355d4fa7ab0b50a0531aad85178b01d227b

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\zlib1.dll

Filesize
76KB

MD5
0ac2236d42d8ced5dbd181bf19637783

SHA1
59e317e893831615b7d338f3c328de42c3a04f2d

SHA256
59281018c70bfec371d593d4bd005f8c52c8a3440d96fdf28ad4881bf3c4d78f

SHA512
3c71c2f83110e51c44a6c79efd83490bbc93f022a937d6759cfed103fc250b46a7d895df5d880247381a74642ab8eb6497463202b455f1935d28b24ae0389183

Download Submit
C:\Users\Admin\AppData\Roaming\XMLBlueprint XML Studio\zlib1.dll

Filesize
76KB

MD5
0ac2236d42d8ced5dbd181bf19637783

SHA1
59e317e893831615b7d338f3c328de42c3a04f2d

SHA256
59281018c70bfec371d593d4bd005f8c52c8a3440d96fdf28ad4881bf3c4d78f

SHA512
3c71c2f83110e51c44a6c79efd83490bbc93f022a937d6759cfed103fc250b46a7d895df5d880247381a74642ab8eb6497463202b455f1935d28b24ae0389183

Download Submit
memory/4760-170-0x000000000A160000-0x000000000A21C000-memory.dmp

Filesize
752KB

Download
memory/4760-182-0x0000000009BF0000-0x0000000009FF0000-memory.dmp

Filesize
4.0MB

Download
memory/4760-183-0x000000000A320000-0x000000000A37D000-memory.dmp

Filesize
372KB

Download
memory/4760-187-0x000000000A320000-0x000000000A37D000-memory.dmp

Filesize
372KB

Download