babadeda | e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214

Resubmissions

27/11/2022, 00:34

221127-awsnrafh98 10

26/11/2022, 22:21

221126-194ahsdb41 10

Analysis

max time kernel
195s
max time network
180s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
26/11/2022, 22:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214.exe
Size

11.7MB
MD5

0f887c61e1b11623374401f9ffb48bad
SHA1

760321c5710f4040ef74ffbd2ec63244143be11a
SHA256

e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214
SHA512

448cfcc8e5366164b9a950854217cd0a8a1dc99329d6e048a1246a5d03f97dbd311b52876f9003a51d19be1eaa34204e15f67b36d86490905cb873633c5f1340
SSDEEP

196608:S2J/5wdPGb3R3etNv9jpuSrsR3gp276tQhMnfxSvmN6TbSLjuOG+VL9hAlw9fhcn:SQ/5wdPcRkVrsRQp276trfBN6T++ORKj

Score

10^/10

babadeda crypter evasion loader persistence trojan

Malware Config

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 3 IoCs

resource	yara_rule
behavioral2/files/0x000600000001ac3c-288.dat	family_babadeda
behavioral2/memory/824-394-0x0000000005F30000-0x00000000062B0000-memory.dmp	family_babadeda
behavioral2/memory/824-403-0x0000000005F30000-0x00000000062B0000-memory.dmp	family_babadeda

Executes dropped EXE 2 IoCs

pid	Process
4180	miaui.exe
824	miaui.exe

Loads dropped DLL 28 IoCs

pid	Process
3520	e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214.exe
3520	e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214.exe
3520	e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214.exe
3520	e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214.exe
3520	e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214.exe
3520	e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214.exe
3520	e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214.exe
3520	e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214.exe
3520	e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214.exe
3520	e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214.exe
3520	e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214.exe
4180	miaui.exe
4180	miaui.exe
4180	miaui.exe
4180	miaui.exe
4180	miaui.exe
4180	miaui.exe
4180	miaui.exe
4180	miaui.exe
4180	miaui.exe
824	miaui.exe
824	miaui.exe
824	miaui.exe
824	miaui.exe
824	miaui.exe
824	miaui.exe
824	miaui.exe
824	miaui.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Error Reporting Service = "C:\\Users\\Admin\\AppData\\Roaming\\Helicon Focus Manager\\miaui.exe"	miaui.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
824	miaui.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3520	e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214.exe
3520	e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214.exe
824	miaui.exe
824	miaui.exe
824	miaui.exe
824	miaui.exe

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	4180	miaui.exe
Token: SeSecurityPrivilege	4180	miaui.exe
Token: SeTakeOwnershipPrivilege	4180	miaui.exe
Token: SeLoadDriverPrivilege	4180	miaui.exe
Token: SeSystemProfilePrivilege	4180	miaui.exe
Token: SeSystemtimePrivilege	4180	miaui.exe
Token: SeProfSingleProcessPrivilege	4180	miaui.exe
Token: SeIncBasePriorityPrivilege	4180	miaui.exe
Token: SeCreatePagefilePrivilege	4180	miaui.exe
Token: SeBackupPrivilege	4180	miaui.exe
Token: SeRestorePrivilege	4180	miaui.exe
Token: SeShutdownPrivilege	4180	miaui.exe
Token: SeDebugPrivilege	4180	miaui.exe
Token: SeSystemEnvironmentPrivilege	4180	miaui.exe
Token: SeRemoteShutdownPrivilege	4180	miaui.exe
Token: SeUndockPrivilege	4180	miaui.exe
Token: SeManageVolumePrivilege	4180	miaui.exe
Token: 33	4180	miaui.exe
Token: 34	4180	miaui.exe
Token: 35	4180	miaui.exe
Token: 36	4180	miaui.exe
Token: SeIncreaseQuotaPrivilege	824	miaui.exe
Token: SeSecurityPrivilege	824	miaui.exe
Token: SeTakeOwnershipPrivilege	824	miaui.exe
Token: SeLoadDriverPrivilege	824	miaui.exe
Token: SeSystemProfilePrivilege	824	miaui.exe
Token: SeSystemtimePrivilege	824	miaui.exe
Token: SeProfSingleProcessPrivilege	824	miaui.exe
Token: SeIncBasePriorityPrivilege	824	miaui.exe
Token: SeCreatePagefilePrivilege	824	miaui.exe
Token: SeBackupPrivilege	824	miaui.exe
Token: SeRestorePrivilege	824	miaui.exe
Token: SeShutdownPrivilege	824	miaui.exe
Token: SeDebugPrivilege	824	miaui.exe
Token: SeSystemEnvironmentPrivilege	824	miaui.exe
Token: SeRemoteShutdownPrivilege	824	miaui.exe
Token: SeUndockPrivilege	824	miaui.exe
Token: SeManageVolumePrivilege	824	miaui.exe
Token: 33	824	miaui.exe
Token: 34	824	miaui.exe
Token: 35	824	miaui.exe
Token: 36	824	miaui.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
824	miaui.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
824	miaui.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3520 wrote to memory of 4180	3520	e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214.exe	66
PID 3520 wrote to memory of 4180	3520	e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214.exe	66
PID 3520 wrote to memory of 4180	3520	e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214.exe	66
PID 4180 wrote to memory of 824	4180	miaui.exe	67
PID 4180 wrote to memory of 824	4180	miaui.exe	67
PID 4180 wrote to memory of 824	4180	miaui.exe	67

C:\Users\Admin\AppData\Local\Temp\e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214.exe
"C:\Users\Admin\AppData\Local\Temp\e1c5e17d90f580bbcb8cf99dc5d696f9b5c4cf45789617de77a350e101b79214.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3520
- C:\Users\Admin\AppData\Roaming\Helicon Focus Manager\miaui.exe
  "C:\Users\Admin\AppData\Roaming\Helicon Focus Manager\miaui.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4180
- - C:\Users\Admin\AppData\Roaming\Helicon Focus Manager\miaui.exe
    "C:\Users\Admin\AppData\Roaming\Helicon Focus Manager\miaui.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:824

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\IIIQF\7z.dll

Filesize
170KB

MD5
31cad6a3edd1c32981ad6b565cbeac94

SHA1
9338978c85a9423ee2a38cba027f79192d684f1b

SHA256
b8521abda09ec17ddad36528c1bc50395dc8c5f7c11c026a5b3ff23110c54182

SHA512
02e198b8ef192de55db35ae00a16a80b3309a9373a596c20d617b43dd7159a635bc303f371859e704375521a1242d02754807e2e9dfef63ffd06993b24c17d3d

Download Submit
C:\Users\Admin\AppData\Roaming\Helicon Focus Manager\MSVCP140.dll

Filesize
428KB

MD5
fdd04dbbcf321eee5f4dd67266f476b0

SHA1
65ffdfe2664a29a41fcf5039229ccecad5b825b9

SHA256
21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794

SHA512
04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

Download Submit
C:\Users\Admin\AppData\Roaming\Helicon Focus Manager\VCRUNTIME140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
C:\Users\Admin\AppData\Roaming\Helicon Focus Manager\aom.dll

Filesize
9.3MB

MD5
d363cff6d20c8ad0d8ca07eda6bcf78c

SHA1
9938e39d61035731588669253486eed512f47bc4

SHA256
b36c801adf3cf0c427b6eb74b3378010822fed8b9e3d266211d4d9dd1ddf3180

SHA512
e99423c9ecd1dcd333c031cb0ac36e0a9e84c45530c948119487034e7dca8ae3d6207b4f6b905d56864bd50babc3eb7d9b2fd944b5f0acb4172c567c0a3bd12d

Download Submit
C:\Users\Admin\AppData\Roaming\Helicon Focus Manager\avif.dll

Filesize
146KB

MD5
5b9e4a178a17b8c0e33a1737cff7de66

SHA1
c18b1df7b2594719f6acb08418138b26130e1ae6

SHA256
5cfe70655b6c8095fe2e8213cb45490839e56ec7da30ddb21e2b8842a97d8980

SHA512
cc55891200702ad0f4734f8d1bf1158356830d040e34251b08832c412c58bbb41fcd84a5a1c6d66cee9f48bd328b314b285f5f5812c83da61a2742ebc4e8058c

Download Submit
C:\Users\Admin\AppData\Roaming\Helicon Focus Manager\glew32.dll

Filesize
420KB

MD5
e66514f59e3383fc5eb2fbb7181ac0e5

SHA1
e680fc48fa3e59b34f169838f7d84940a3c380d5

SHA256
6f7af3c4cc60c3156da2cbceb67c97e5f386d8f6419415eca5814eec87bbe985

SHA512
cb5d172814fe884deb426e096b7bb8c0c3068fb809df855f613373602520b34a619e270fc55f3ea15fca9499512e1e998566b158cc0331207765db9f250c493e

Download Submit
C:\Users\Admin\AppData\Roaming\Helicon Focus Manager\libtape4.dll

Filesize
508KB

MD5
f0388abdd873837a79552f6048ef20e4

SHA1
24b4e418c981855a42cad320fd5bc3723c86090d

SHA256
7701eceb12534cc25625b1c5ca0f062bb4966d1c5a1692d6cc8cb98d277bf531

SHA512
1389d546f2490f764bd2437d8b41e32655f1413e3cd0e6d44820dc5097053c878371bb3514e28b71ad98b37df7443d62c1373cc20864d5793f071277da181310

Download Submit
C:\Users\Admin\AppData\Roaming\Helicon Focus Manager\mia.lib

Filesize
441KB

MD5
dcb76e96a8361ae6e26a9b998b3c76aa

SHA1
b85b66b30500ce9e3a3f98067ded2266ef6dd9bf

SHA256
1b3261b635bbe6c1b1a8685d7b661caf52c1cc6adc1d6d8837338efa70b9b170

SHA512
068b0968540bbfa359802c46cc80b5eb08605c61e2d166b9435e69a9e7d0a1a6aba6402bd1c8be1424a8240fb70a59f7abcd3adb758868585384ef2bfc2e2f4f

Download Submit
C:\Users\Admin\AppData\Roaming\Helicon Focus Manager\miaui.exe

Filesize
6.4MB

MD5
0b3fa08d620d6cdc2619559783ae15f3

SHA1
42c106f57b9c6e536ed14861f1318d8375334519

SHA256
ef4ae923ae93199694518595dacf4911d5f68b75c77018d3252067c3c112be6d

SHA512
08c5e813c098e2ea27e5b09e008df5601999d69563cf1983accb4a6a6ea14b15285b5c1b154b4276d66364945bac4020413474f3591541b18999e165f1af04f4

Download Submit
C:\Users\Admin\AppData\Roaming\Helicon Focus Manager\miaui.exe

Filesize
6.4MB

MD5
0b3fa08d620d6cdc2619559783ae15f3

SHA1
42c106f57b9c6e536ed14861f1318d8375334519

SHA256
ef4ae923ae93199694518595dacf4911d5f68b75c77018d3252067c3c112be6d

SHA512
08c5e813c098e2ea27e5b09e008df5601999d69563cf1983accb4a6a6ea14b15285b5c1b154b4276d66364945bac4020413474f3591541b18999e165f1af04f4

Download Submit
C:\Users\Admin\AppData\Roaming\Helicon Focus Manager\miaui.exe

Filesize
6.4MB

MD5
0b3fa08d620d6cdc2619559783ae15f3

SHA1
42c106f57b9c6e536ed14861f1318d8375334519

SHA256
ef4ae923ae93199694518595dacf4911d5f68b75c77018d3252067c3c112be6d

SHA512
08c5e813c098e2ea27e5b09e008df5601999d69563cf1983accb4a6a6ea14b15285b5c1b154b4276d66364945bac4020413474f3591541b18999e165f1af04f4

Download Submit
C:\Users\Admin\AppData\Roaming\Helicon Focus Manager\nw

Filesize
1.8MB

MD5
ea88bd55c1d2abfc89b3c7a605eda4ea

SHA1
cc8831a35c551ae218946edd3fdddbae63e6240e

SHA256
596a1fdef8752957a481bf54c239454a05b20e9cdf28de788e08f50c86f8b9e2

SHA512
aaec8568c30025b5af196293eed29f475a1a30539ac38e7d0e489d6848f934a578824c9edf5ae9aa9710f826bb3b044f25e54d6151641dc670e028e3bc485a52

Download Submit
C:\Users\Admin\AppData\Roaming\Helicon Focus Manager\settings.dat

Filesize
5KB

MD5
c5acde391c42f8c44d273dffea922c87

SHA1
4d5abdb0b4de2d5e6dbddc229d77a39a0c908b3b

SHA256
e168da4cbb218962d261f62041be4c1439488ab993a8cf78bc66d18ffa0474e1

SHA512
f7393ba546c14bdbc1b8d8ac658b65c1862ae9115fe82922db091e587d1a7591b5636b3d8837d1d09481abd8a7fed0c6f9a4edeee29d73c858d5c0b438165ac3

Download Submit
C:\Users\Admin\AppData\Roaming\Helicon Focus Manager\uimaster.dll

Filesize
224KB

MD5
f97e2d50aa08397b2722208fd1b78f0a

SHA1
fb312c35f21f048c8a6e0548619b254d74c7a8ae

SHA256
049ae45ff7dbd1e4728c497bf18d66b71503f8ba54e2059eb9774a3f576561b6

SHA512
3532a0a4c81714a49a49aa15cb3a9433a9e30ecd2cd129ddb01779a462ec43e728976a5937d206aded048c5d379f0b4ab3e4781bbfa565fbcb4512c35d03f825

Download Submit
\Users\Admin\AppData\Local\IIIQF\7z.dll

Filesize
170KB

MD5
31cad6a3edd1c32981ad6b565cbeac94

SHA1
9338978c85a9423ee2a38cba027f79192d684f1b

SHA256
b8521abda09ec17ddad36528c1bc50395dc8c5f7c11c026a5b3ff23110c54182

SHA512
02e198b8ef192de55db35ae00a16a80b3309a9373a596c20d617b43dd7159a635bc303f371859e704375521a1242d02754807e2e9dfef63ffd06993b24c17d3d

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000dc0\BRD43D.tmp

Filesize
99KB

MD5
2c9676a3167739f36912818acb8e9860

SHA1
cd9e5e56cc408c40c45caf49614c26fc7fde39f6

SHA256
75fc64a55afa86173947948d78ba5de98dfc35c487166a6682fe71ed5f6f877a

SHA512
a6c375511d9d339b889adcca4a95bc23df9e207f86605f6d6d04ab7e211901cdc3012860ed844a5c36737369e01dc70b212f5960d8a662fdc720ad98e1202aa1

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000dc0\BRD528.tmp

Filesize
288KB

MD5
122a3741699fb5c0950273245c9dea15

SHA1
811f9149e3310a8e6521da156f92f3aaab012145

SHA256
f675eba3b22e0a2238ec4961d99de3bacca0ab553ab26eecb49800a12a9371ab

SHA512
567c480f70fdc78769ae45bf83b6632f7ab380ebeb00689028d39ff03840c8b778149a3fafe1dab2ac77a1fd17a23b09f58774b1c5e791bfd33b99528225eccc

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000dc0\BRDECE.tmp

Filesize
35KB

MD5
08ad4cd2a940379f1dcdbdb9884a1375

SHA1
c302b7589ba4f05c6429e7f89ad0cb84dd9dfbac

SHA256
78827e2b1ef0aad4f8b1b42d0964064819aa22bfcd537ebaacb30d817edc06d8

SHA512
f37bd071994c31b361090a149999e8b2d4a7839f19ea63e1d4563aada1371be37f2bfcc474e24de95ff77ca4124a39580c9f711e2fbe54265713ab76f631835a

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000dc0\BRDFAA.tmp

Filesize
169KB

MD5
cf2d7b4de923b25955d96d2e65ce76bc

SHA1
8feee81fe77a7649b969d375778d2b78d842cf48

SHA256
0912c84ded4670c427db1f405eb68a5763eae8fa0a735abe44eea81be7dc44ea

SHA512
d26a0983f0323655eddc48863a409d172a4623bd7ed465b5a4675477938de10127323040da77c80201c3a816315d98cace5194207e22b0a6ac2e65ae6795dc4f

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000dc0\BRE066.tmp

Filesize
532KB

MD5
a6f7a08b0676f0564a51b5c47973e635

SHA1
d56f5f9e2580b81717317da6582da9d379426d5b

SHA256
5dd27e845af9333ad7b907a37ab3d239b75be6ccc1f51ef4b21e59b037ce778c

SHA512
1101813034db327af1c16d069a4dfa91ab97ee8188f9ed1a6da9d25558866e7e9af59102e58127e64441d3e4a768b2ad788fd0e5a16db994a14637bfbade2954

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000dc0\BRE123.tmp

Filesize
72KB

MD5
c04970b55bcf614f24ca75b1de641ae2

SHA1
52b182caef513ed1c36f28eb45cedb257fa8ce40

SHA256
5ddee4aab3cf33e505f52199d64809125b26de04fb9970ca589cd8619c859d80

SHA512
a5f2660e336bf74a1936fb2e1c724220d862632907f5fd690b365009ac3e1bf35fa6689071f3da4049e495f340ff83f8438b79079ef1f248b9dcaedbdd5d3e40

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000dc0\BRE152.tmp

Filesize
14KB

MD5
77fe66d74901495f4b41a5918acd02ff

SHA1
ce5bbd53152cd5b03df8bcc232a1aea36a012764

SHA256
b017168c69ef40115141813e47122391602e1af28af342c56495b09f1c3c7522

SHA512
cc6e323d0076577a0a04dbe2c33d90dc616cb5ec3637d3df67cbf169766ca2e6de567fcff4f32938fd6118d98e4796642a3010b7264f0ae247fa8f0fe079bd70

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000dc0\BRE2DA.tmp

Filesize
14KB

MD5
d74aadd701bfacc474c431acab7b9265

SHA1
8a2b424d1f949430ddc1faddee3e9ccb79c95de2

SHA256
f1029f5cca3dabfeffe2c9db6ad84a9ff0f64f5b2fb85cb6ab348740f756e07d

SHA512
0ef85e311fb4843997fd5f87f0a2eec9715e26eae76bfb7bb701d8c043720aeaf7f4825d25187bf35e0a9f00def15ed071120128805445f1330c07c3e0ea5ced

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000dc0\BRE4A0.tmp

Filesize
366KB

MD5
0700f3dbe367287ce10472cffbd3d7d1

SHA1
079790389532599ce04fd82c2b89db5e4dedf26c

SHA256
77e46a6a8fbc079cdb1d3ee299af36c3d1881d38d93c4e0551f114965cdaf10f

SHA512
28eb67d348c8e9e36032d041315b6ee790d2e9021a3a657a7fe33c66ad1f8daa5b3e0833a2a432cb4a4c5795fea5a80a1810440fb441b6f0d56cf0d00d3e0a17

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000dc0\BRE51E.tmp

Filesize
74KB

MD5
924b90c3d9e645dfad53f61ea4e91942

SHA1
65d397199ff191e5078095036e49f08376f9ae4e

SHA256
41788435f245133ec5511111e2c5d52f7515e359876180067e0b5ba85c729322

SHA512
76833708828c8f3fad941abeea158317aff98cf0691b5d5dfa4bca15279cdad1cc23a771258e4de41cf12a58f7033a3ee08b0b5eb834d22be568ea98b183ccd9

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000dc0\BRE54E.tmp

Filesize
150KB

MD5
efd81ea220094b0e91630b648d00e731

SHA1
226635424baf8146af055908c4c12b0a3faecd4f

SHA256
931c52c91ffbe12d820ff96570ba8db8abc36ac2fb852c87f2ef99271d7183fa

SHA512
fca9ffbcf94507cda23b5a68c4a598a25f0a0e22a7d429a125acbf95bdd03fd63ac80cf8738ae22d1730a73edb3325edc5b85af8d3337a62a97ac0f63dbccdbe

Download Submit
\Users\Admin\AppData\Roaming\Helicon Focus Manager\aom.dll

Filesize
9.3MB

MD5
d363cff6d20c8ad0d8ca07eda6bcf78c

SHA1
9938e39d61035731588669253486eed512f47bc4

SHA256
b36c801adf3cf0c427b6eb74b3378010822fed8b9e3d266211d4d9dd1ddf3180

SHA512
e99423c9ecd1dcd333c031cb0ac36e0a9e84c45530c948119487034e7dca8ae3d6207b4f6b905d56864bd50babc3eb7d9b2fd944b5f0acb4172c567c0a3bd12d

Download Submit
\Users\Admin\AppData\Roaming\Helicon Focus Manager\aom.dll

Filesize
9.3MB

MD5
d363cff6d20c8ad0d8ca07eda6bcf78c

SHA1
9938e39d61035731588669253486eed512f47bc4

SHA256
b36c801adf3cf0c427b6eb74b3378010822fed8b9e3d266211d4d9dd1ddf3180

SHA512
e99423c9ecd1dcd333c031cb0ac36e0a9e84c45530c948119487034e7dca8ae3d6207b4f6b905d56864bd50babc3eb7d9b2fd944b5f0acb4172c567c0a3bd12d

Download Submit
\Users\Admin\AppData\Roaming\Helicon Focus Manager\avif.dll

Filesize
146KB

MD5
5b9e4a178a17b8c0e33a1737cff7de66

SHA1
c18b1df7b2594719f6acb08418138b26130e1ae6

SHA256
5cfe70655b6c8095fe2e8213cb45490839e56ec7da30ddb21e2b8842a97d8980

SHA512
cc55891200702ad0f4734f8d1bf1158356830d040e34251b08832c412c58bbb41fcd84a5a1c6d66cee9f48bd328b314b285f5f5812c83da61a2742ebc4e8058c

Download Submit
\Users\Admin\AppData\Roaming\Helicon Focus Manager\avif.dll

Filesize
146KB

MD5
5b9e4a178a17b8c0e33a1737cff7de66

SHA1
c18b1df7b2594719f6acb08418138b26130e1ae6

SHA256
5cfe70655b6c8095fe2e8213cb45490839e56ec7da30ddb21e2b8842a97d8980

SHA512
cc55891200702ad0f4734f8d1bf1158356830d040e34251b08832c412c58bbb41fcd84a5a1c6d66cee9f48bd328b314b285f5f5812c83da61a2742ebc4e8058c

Download Submit
\Users\Admin\AppData\Roaming\Helicon Focus Manager\glew32.dll

Filesize
420KB

MD5
e66514f59e3383fc5eb2fbb7181ac0e5

SHA1
e680fc48fa3e59b34f169838f7d84940a3c380d5

SHA256
6f7af3c4cc60c3156da2cbceb67c97e5f386d8f6419415eca5814eec87bbe985

SHA512
cb5d172814fe884deb426e096b7bb8c0c3068fb809df855f613373602520b34a619e270fc55f3ea15fca9499512e1e998566b158cc0331207765db9f250c493e

Download Submit
\Users\Admin\AppData\Roaming\Helicon Focus Manager\glew32.dll

Filesize
420KB

MD5
e66514f59e3383fc5eb2fbb7181ac0e5

SHA1
e680fc48fa3e59b34f169838f7d84940a3c380d5

SHA256
6f7af3c4cc60c3156da2cbceb67c97e5f386d8f6419415eca5814eec87bbe985

SHA512
cb5d172814fe884deb426e096b7bb8c0c3068fb809df855f613373602520b34a619e270fc55f3ea15fca9499512e1e998566b158cc0331207765db9f250c493e

Download Submit
\Users\Admin\AppData\Roaming\Helicon Focus Manager\libtape4.dll

Filesize
508KB

MD5
f0388abdd873837a79552f6048ef20e4

SHA1
24b4e418c981855a42cad320fd5bc3723c86090d

SHA256
7701eceb12534cc25625b1c5ca0f062bb4966d1c5a1692d6cc8cb98d277bf531

SHA512
1389d546f2490f764bd2437d8b41e32655f1413e3cd0e6d44820dc5097053c878371bb3514e28b71ad98b37df7443d62c1373cc20864d5793f071277da181310

Download Submit
\Users\Admin\AppData\Roaming\Helicon Focus Manager\libtape4.dll

Filesize
508KB

MD5
f0388abdd873837a79552f6048ef20e4

SHA1
24b4e418c981855a42cad320fd5bc3723c86090d

SHA256
7701eceb12534cc25625b1c5ca0f062bb4966d1c5a1692d6cc8cb98d277bf531

SHA512
1389d546f2490f764bd2437d8b41e32655f1413e3cd0e6d44820dc5097053c878371bb3514e28b71ad98b37df7443d62c1373cc20864d5793f071277da181310

Download Submit
\Users\Admin\AppData\Roaming\Helicon Focus Manager\mia.lib

Filesize
441KB

MD5
dcb76e96a8361ae6e26a9b998b3c76aa

SHA1
b85b66b30500ce9e3a3f98067ded2266ef6dd9bf

SHA256
1b3261b635bbe6c1b1a8685d7b661caf52c1cc6adc1d6d8837338efa70b9b170

SHA512
068b0968540bbfa359802c46cc80b5eb08605c61e2d166b9435e69a9e7d0a1a6aba6402bd1c8be1424a8240fb70a59f7abcd3adb758868585384ef2bfc2e2f4f

Download Submit
\Users\Admin\AppData\Roaming\Helicon Focus Manager\mia.lib

Filesize
441KB

MD5
dcb76e96a8361ae6e26a9b998b3c76aa

SHA1
b85b66b30500ce9e3a3f98067ded2266ef6dd9bf

SHA256
1b3261b635bbe6c1b1a8685d7b661caf52c1cc6adc1d6d8837338efa70b9b170

SHA512
068b0968540bbfa359802c46cc80b5eb08605c61e2d166b9435e69a9e7d0a1a6aba6402bd1c8be1424a8240fb70a59f7abcd3adb758868585384ef2bfc2e2f4f

Download Submit
\Users\Admin\AppData\Roaming\Helicon Focus Manager\msvcp140.dll

Filesize
428KB

MD5
fdd04dbbcf321eee5f4dd67266f476b0

SHA1
65ffdfe2664a29a41fcf5039229ccecad5b825b9

SHA256
21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794

SHA512
04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

Download Submit
\Users\Admin\AppData\Roaming\Helicon Focus Manager\msvcp140.dll

Filesize
428KB

MD5
fdd04dbbcf321eee5f4dd67266f476b0

SHA1
65ffdfe2664a29a41fcf5039229ccecad5b825b9

SHA256
21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794

SHA512
04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

Download Submit
\Users\Admin\AppData\Roaming\Helicon Focus Manager\uimaster.dll

Filesize
224KB

MD5
f97e2d50aa08397b2722208fd1b78f0a

SHA1
fb312c35f21f048c8a6e0548619b254d74c7a8ae

SHA256
049ae45ff7dbd1e4728c497bf18d66b71503f8ba54e2059eb9774a3f576561b6

SHA512
3532a0a4c81714a49a49aa15cb3a9433a9e30ecd2cd129ddb01779a462ec43e728976a5937d206aded048c5d379f0b4ab3e4781bbfa565fbcb4512c35d03f825

Download Submit
\Users\Admin\AppData\Roaming\Helicon Focus Manager\uimaster.dll

Filesize
224KB

MD5
f97e2d50aa08397b2722208fd1b78f0a

SHA1
fb312c35f21f048c8a6e0548619b254d74c7a8ae

SHA256
049ae45ff7dbd1e4728c497bf18d66b71503f8ba54e2059eb9774a3f576561b6

SHA512
3532a0a4c81714a49a49aa15cb3a9433a9e30ecd2cd129ddb01779a462ec43e728976a5937d206aded048c5d379f0b4ab3e4781bbfa565fbcb4512c35d03f825

Download Submit
\Users\Admin\AppData\Roaming\Helicon Focus Manager\vcruntime140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
\Users\Admin\AppData\Roaming\Helicon Focus Manager\vcruntime140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
memory/824-403-0x0000000005F30000-0x00000000062B0000-memory.dmp

Filesize
3.5MB

Download
memory/824-394-0x0000000005F30000-0x00000000062B0000-memory.dmp

Filesize
3.5MB

Download
memory/3520-144-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-149-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-164-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-165-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-166-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-167-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-168-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-169-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-170-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-171-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-172-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-173-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-174-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-175-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-176-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-162-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-178-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-159-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-180-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-161-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-182-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-184-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-160-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-186-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-158-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-157-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-188-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-155-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-153-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-152-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-118-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-151-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-150-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-163-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-148-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-147-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-146-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-145-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-117-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-143-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-142-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-141-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-140-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-139-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-136-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-138-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-137-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-135-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-134-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-133-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-132-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-131-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-130-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-129-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-128-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-127-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-126-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-125-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-124-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-123-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-122-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-121-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-120-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-119-0x0000000077B00000-0x0000000077C8E000-memory.dmp

Filesize
1.6MB

Download