babadeda | 108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61

Analysis

max time kernel
73s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27/01/2023, 08:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe
Size

14.1MB
MD5

aaa058858261d7c0e73fa1b8264a9a3d
SHA1

1233af8c8377567b2b8ebf7642f0036c9797596b
SHA256

108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61
SHA512

4ed1d39dad64f0b79f080d15101ad54b6859b5f71911edb112bb10e860baaf4715d01f9241f5bf60a22da950b0deeddde2bb798710162b151781f4310a80059c
SSDEEP

196608:Unri5hStOZV3jIIZruRDm+09gJGzYvj/N2igdkC3qVa+Pa9k8qCgcr+7hQJ/RYyk:7lTLZD+YG8elEkna+iwCNrUhQHYM4Fdb

Score

10^/10

babadeda phobos crypter evasion loader ransomware trojan

Malware Config

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 3 IoCs

resource	yara_rule
behavioral2/files/0x0007000000023195-162.dat	family_babadeda
behavioral2/memory/2488-169-0x0000000008B70000-0x0000000008BB0000-memory.dmp	family_babadeda
behavioral2/memory/2488-192-0x0000000008B70000-0x0000000008BB0000-memory.dmp	family_babadeda

Phobos
Phobos ransomware appeared at the beginning of 2019.
ransomware phobos

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 5084 created 2488	5084	svchost.exe	81

Executes dropped EXE 2 IoCs

pid	Process
2488	WiseTurbo.exe
4936	WiseTurbo.exe

Loads dropped DLL 28 IoCs

pid	Process
4624	108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe
4624	108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe
4624	108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe
4624	108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe
4624	108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe
4624	108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe
4624	108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe
4624	108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe
4624	108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe
4624	108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe
4624	108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe
2488	WiseTurbo.exe
2488	WiseTurbo.exe
2488	WiseTurbo.exe
2488	WiseTurbo.exe
2488	WiseTurbo.exe
2488	WiseTurbo.exe
2488	WiseTurbo.exe
2488	WiseTurbo.exe
2488	WiseTurbo.exe
4936	WiseTurbo.exe
4936	WiseTurbo.exe
4936	WiseTurbo.exe
4936	WiseTurbo.exe
4936	WiseTurbo.exe
4936	WiseTurbo.exe
4936	WiseTurbo.exe
4936	WiseTurbo.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	WiseTurbo.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	WiseTurbo.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4624	108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe
4624	108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe
2488	WiseTurbo.exe
2488	WiseTurbo.exe
4936	WiseTurbo.exe
4936	WiseTurbo.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeTcbPrivilege	5084	svchost.exe
Token: SeTcbPrivilege	5084	svchost.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4624 wrote to memory of 2488	4624	108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe	81
PID 4624 wrote to memory of 2488	4624	108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe	81
PID 4624 wrote to memory of 2488	4624	108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe	81
PID 5084 wrote to memory of 4936	5084	svchost.exe	85
PID 5084 wrote to memory of 4936	5084	svchost.exe	85
PID 5084 wrote to memory of 4936	5084	svchost.exe	85

C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe
"C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4624
- C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe
  "C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Maps connected drives based on registry
  - Suspicious behavior: EnumeratesProcesses
  PID:2488
- - C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe
    "C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:4936

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5084

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\BRL00001210\BR62B6.tmp

Filesize
43KB

MD5
c5dc46c377c927c8e91b18cde57cf0fc

SHA1
22ce8600d4dbaf9af6eded556d390212274911d1

SHA256
a53f9dbbe62911ddc088a10bc8d10b5d8b30ed999438e788b6bfe24f0ba6e2b8

SHA512
f208b88f84b9fea0fc184926551eb60f843e997390ceed7cfde5ff7bb7c6b6bcd47a0d5021a92064e57e6b400bbbe21cec93fa2358728a29c35d2bc147cc1432

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00001210\BR6353.tmp

Filesize
288KB

MD5
122a3741699fb5c0950273245c9dea15

SHA1
811f9149e3310a8e6521da156f92f3aaab012145

SHA256
f675eba3b22e0a2238ec4961d99de3bacca0ab553ab26eecb49800a12a9371ab

SHA512
567c480f70fdc78769ae45bf83b6632f7ab380ebeb00689028d39ff03840c8b778149a3fafe1dab2ac77a1fd17a23b09f58774b1c5e791bfd33b99528225eccc

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00001210\BR6420.tmp

Filesize
35KB

MD5
08ad4cd2a940379f1dcdbdb9884a1375

SHA1
c302b7589ba4f05c6429e7f89ad0cb84dd9dfbac

SHA256
78827e2b1ef0aad4f8b1b42d0964064819aa22bfcd537ebaacb30d817edc06d8

SHA512
f37bd071994c31b361090a149999e8b2d4a7839f19ea63e1d4563aada1371be37f2bfcc474e24de95ff77ca4124a39580c9f711e2fbe54265713ab76f631835a

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00001210\BR647E.tmp

Filesize
121KB

MD5
f5cec0e851d679bc6cfe5923c8cdd5c8

SHA1
5eee0f3192e2656d0891e363a5d69f61f457b186

SHA256
ac0976f2a6f221045d0fd22bb32bab0c8439d186acd118ad0faa2d69cbd2840e

SHA512
226f47164392ee339412f8ee5dad3faf40e26c52e2ae039826323ea0ef66d23776b1e972cd6f817e7dea1da0f87f20d3b6c7380fd8e891ec21a2f13dfc4915f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00001210\BR648F.tmp

Filesize
532KB

MD5
a6f7a08b0676f0564a51b5c47973e635

SHA1
d56f5f9e2580b81717317da6582da9d379426d5b

SHA256
5dd27e845af9333ad7b907a37ab3d239b75be6ccc1f51ef4b21e59b037ce778c

SHA512
1101813034db327af1c16d069a4dfa91ab97ee8188f9ed1a6da9d25558866e7e9af59102e58127e64441d3e4a768b2ad788fd0e5a16db994a14637bfbade2954

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00001210\BR652C.tmp

Filesize
72KB

MD5
c04970b55bcf614f24ca75b1de641ae2

SHA1
52b182caef513ed1c36f28eb45cedb257fa8ce40

SHA256
5ddee4aab3cf33e505f52199d64809125b26de04fb9970ca589cd8619c859d80

SHA512
a5f2660e336bf74a1936fb2e1c724220d862632907f5fd690b365009ac3e1bf35fa6689071f3da4049e495f340ff83f8438b79079ef1f248b9dcaedbdd5d3e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00001210\BR656C.tmp

Filesize
14KB

MD5
77fe66d74901495f4b41a5918acd02ff

SHA1
ce5bbd53152cd5b03df8bcc232a1aea36a012764

SHA256
b017168c69ef40115141813e47122391602e1af28af342c56495b09f1c3c7522

SHA512
cc6e323d0076577a0a04dbe2c33d90dc616cb5ec3637d3df67cbf169766ca2e6de567fcff4f32938fd6118d98e4796642a3010b7264f0ae247fa8f0fe079bd70

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00001210\BR6667.tmp

Filesize
14KB

MD5
d74aadd701bfacc474c431acab7b9265

SHA1
8a2b424d1f949430ddc1faddee3e9ccb79c95de2

SHA256
f1029f5cca3dabfeffe2c9db6ad84a9ff0f64f5b2fb85cb6ab348740f756e07d

SHA512
0ef85e311fb4843997fd5f87f0a2eec9715e26eae76bfb7bb701d8c043720aeaf7f4825d25187bf35e0a9f00def15ed071120128805445f1330c07c3e0ea5ced

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00001210\BR67DF.tmp

Filesize
366KB

MD5
0700f3dbe367287ce10472cffbd3d7d1

SHA1
079790389532599ce04fd82c2b89db5e4dedf26c

SHA256
77e46a6a8fbc079cdb1d3ee299af36c3d1881d38d93c4e0551f114965cdaf10f

SHA512
28eb67d348c8e9e36032d041315b6ee790d2e9021a3a657a7fe33c66ad1f8daa5b3e0833a2a432cb4a4c5795fea5a80a1810440fb441b6f0d56cf0d00d3e0a17

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00001210\BR683D.tmp

Filesize
74KB

MD5
924b90c3d9e645dfad53f61ea4e91942

SHA1
65d397199ff191e5078095036e49f08376f9ae4e

SHA256
41788435f245133ec5511111e2c5d52f7515e359876180067e0b5ba85c729322

SHA512
76833708828c8f3fad941abeea158317aff98cf0691b5d5dfa4bca15279cdad1cc23a771258e4de41cf12a58f7033a3ee08b0b5eb834d22be568ea98b183ccd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00001210\BR685E.tmp

Filesize
102KB

MD5
77c853090012e97f6ce9212e66ef8a5e

SHA1
69425ae525ceff28c14e4855c002db432421ca92

SHA256
122debc552cb9a54704c3bb4a363b2494df16f0797642e0dee84712282d4df21

SHA512
17b62a1defc291a8af7b7e701ca7ab1a0d72605c6595a52c89b8e94c4a49e2d037931371e9966ac66dc764e968dca3728633e81545d8ba6aba09d8f39a6f914c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\BootPack.wpk

Filesize
412KB

MD5
4f001d0e372baef55838f46888e460e4

SHA1
50450528413983b274823b87214ce6b92aace3ad

SHA256
bd4c6e3fca00c524ffdf8b1f4b491a78041f9f7e871aa1da506b341c509cea5f

SHA512
f4d01c4f9f13dad555083f04994b64408b8a705bddc28e608368d71fb0b39a79f472a0a46aeb943c4c317177e4f61fdef613c194b75e19aa0f77e216190fd0a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\DefragOptions.ini

Filesize
322B

MD5
a0eac4d8f4ee86740825896d8165532f

SHA1
0788f2da879b57ed54d77bc179a4858a35b3df61

SHA256
c0d303506cb38836309d910d2d4131d9c161c9c19387db375eaee3812524a1ea

SHA512
64a62416c65aede86a2402569e00ece1fda6eebc35f6b6e25dad0dc7033df46bba938e74cfb0405c47662d8a457a11f569d4b90013cab911440eb268707a5381

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\License.txt

Filesize
5KB

MD5
4a0f1a666912e64f1ba811fc24d7135f

SHA1
dcbadd9698e306f0cd6e80737fc44f53336cf36c

SHA256
d6b418c619ba7456b594dff10c3face4ac28609a64f2bf5e635292d7ff4f57e5

SHA512
36eba1cc1c0ac8d5fee7e88fd90b01ee800945ebed45ef92adf64e4aa356a2afe9acc6b07cae478cc467ca62b4a7895cecc3af9bbdf93c2a9c2271253ed00342

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\MSVCP140.dll

Filesize
428KB

MD5
fdd04dbbcf321eee5f4dd67266f476b0

SHA1
65ffdfe2664a29a41fcf5039229ccecad5b825b9

SHA256
21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794

SHA512
04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\NlogExt.dll

Filesize
3.1MB

MD5
1a75878dea8f5580c25e0b9f1c734949

SHA1
20d4c35f95b4d608aa73897680b3f0ceb219d37f

SHA256
1b393ad82fbe93add01c73613156cecd98f9668f5ed8a0faa04704a510b7bf2e

SHA512
6e65f45ef099d21beaf429e0e0c6c6122e64d27f6932afd2a2459fc6cafb5af58efb45440cc1e3f51ac7678748af85cb9e878e68efa3505980f115dc6a272ac2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\NlogExt.dll

Filesize
3.1MB

MD5
1a75878dea8f5580c25e0b9f1c734949

SHA1
20d4c35f95b4d608aa73897680b3f0ceb219d37f

SHA256
1b393ad82fbe93add01c73613156cecd98f9668f5ed8a0faa04704a510b7bf2e

SHA512
6e65f45ef099d21beaf429e0e0c6c6122e64d27f6932afd2a2459fc6cafb5af58efb45440cc1e3f51ac7678748af85cb9e878e68efa3505980f115dc6a272ac2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\NlogExt.dll

Filesize
3.1MB

MD5
1a75878dea8f5580c25e0b9f1c734949

SHA1
20d4c35f95b4d608aa73897680b3f0ceb219d37f

SHA256
1b393ad82fbe93add01c73613156cecd98f9668f5ed8a0faa04704a510b7bf2e

SHA512
6e65f45ef099d21beaf429e0e0c6c6122e64d27f6932afd2a2459fc6cafb5af58efb45440cc1e3f51ac7678748af85cb9e878e68efa3505980f115dc6a272ac2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\Rate.info

Filesize
1.0MB

MD5
b1eec5c6b26ecfc6a974757087e3d2af

SHA1
b61648dfdb68b40d1b6f491bb96f494f5e34f5c1

SHA256
c6d14ae1d22ead7db02768a974d8f9380f88beaedc5b0becbcd361ae805a2e00

SHA512
8f2edf6a5b649df864873323e7fae1a475050d6d603165c8322061805f7b4a7b42b349b3800d59cb6fdaa6561a5e6afee18b42b77eff41bb93aa0f503dea5219

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\StormLib.dll

Filesize
217KB

MD5
09c4266b11233aedaff9bbb97ff7dc50

SHA1
212f6f2df299f8f1c4c481bb92e9e958d48421e3

SHA256
f52d1ed4c1350bf7726ad3ef926329267e35bf67bd938e5e1aae324dcef31469

SHA512
b17e865ec5a8caf5bca88857ea3bad0dfc5d9fd0448ee52671876202b1870783a5de8f2d76b9d5363aeeb89b383314c8d65769674bd9b911551cdaa5c8654dcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\StormLib.dll

Filesize
217KB

MD5
09c4266b11233aedaff9bbb97ff7dc50

SHA1
212f6f2df299f8f1c4c481bb92e9e958d48421e3

SHA256
f52d1ed4c1350bf7726ad3ef926329267e35bf67bd938e5e1aae324dcef31469

SHA512
b17e865ec5a8caf5bca88857ea3bad0dfc5d9fd0448ee52671876202b1870783a5de8f2d76b9d5363aeeb89b383314c8d65769674bd9b911551cdaa5c8654dcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\StormLib.dll

Filesize
217KB

MD5
09c4266b11233aedaff9bbb97ff7dc50

SHA1
212f6f2df299f8f1c4c481bb92e9e958d48421e3

SHA256
f52d1ed4c1350bf7726ad3ef926329267e35bf67bd938e5e1aae324dcef31469

SHA512
b17e865ec5a8caf5bca88857ea3bad0dfc5d9fd0448ee52671876202b1870783a5de8f2d76b9d5363aeeb89b383314c8d65769674bd9b911551cdaa5c8654dcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\Themes_v6.txt

Filesize
8KB

MD5
95d94ab71ff2d1d22401ad824ff67b0c

SHA1
c26c2061c256e9ffbe413cea4f41153422dc9deb

SHA256
42f9de7641098ff03b904d2981209bc085064560efd03be68a08f3d552ea2b63

SHA512
d8dc7cf66183c84482116c0df60c330c0bf6090c1c4d45a7ad1e77d1fd7cbdcde803e5b3186d916f06d6a1f032878d811f2e54547bf4327b79d52ae526ab9d13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\VCRUNTIME140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe

Filesize
8.6MB

MD5
1459f9d0c62412b9df206c7e819fbf62

SHA1
daddb63d6b1a191e896a01ada7ea79dabf686655

SHA256
75569178b9ff9f2719e17d2d270322151ffc63f8eaac774a64f6c627014451d8

SHA512
924d14ba741b64a813e566864b098e0a426e48412942945d2034ab685548794ca93a4d759fc098f5e8e4df80146a82572bbfe09c7599a109a1dc4837259da5c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe

Filesize
8.6MB

MD5
1459f9d0c62412b9df206c7e819fbf62

SHA1
daddb63d6b1a191e896a01ada7ea79dabf686655

SHA256
75569178b9ff9f2719e17d2d270322151ffc63f8eaac774a64f6c627014451d8

SHA512
924d14ba741b64a813e566864b098e0a426e48412942945d2034ab685548794ca93a4d759fc098f5e8e4df80146a82572bbfe09c7599a109a1dc4837259da5c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe

Filesize
8.6MB

MD5
1459f9d0c62412b9df206c7e819fbf62

SHA1
daddb63d6b1a191e896a01ada7ea79dabf686655

SHA256
75569178b9ff9f2719e17d2d270322151ffc63f8eaac774a64f6c627014451d8

SHA512
924d14ba741b64a813e566864b098e0a426e48412942945d2034ab685548794ca93a4d759fc098f5e8e4df80146a82572bbfe09c7599a109a1dc4837259da5c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\bz2.dll

Filesize
63KB

MD5
bb1ea7cade180a0c012c2289c7d820cc

SHA1
67a17ae0aed053d8fb071450dff8f843a1255112

SHA256
30998439b2fbc620f3f87799f8a98e8519f26b227bf498877b11dfb52147b698

SHA512
3b10462ae03ea57bfad298c4d59da247b8ad971aeec0c9ad439a72b1756ee627fba23fe9044df9a8301b0fe1099bbb9988869ccce1102314052a49bf0cbdf317

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\bz2.dll

Filesize
63KB

MD5
bb1ea7cade180a0c012c2289c7d820cc

SHA1
67a17ae0aed053d8fb071450dff8f843a1255112

SHA256
30998439b2fbc620f3f87799f8a98e8519f26b227bf498877b11dfb52147b698

SHA512
3b10462ae03ea57bfad298c4d59da247b8ad971aeec0c9ad439a72b1756ee627fba23fe9044df9a8301b0fe1099bbb9988869ccce1102314052a49bf0cbdf317

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\bz2.dll

Filesize
63KB

MD5
bb1ea7cade180a0c012c2289c7d820cc

SHA1
67a17ae0aed053d8fb071450dff8f843a1255112

SHA256
30998439b2fbc620f3f87799f8a98e8519f26b227bf498877b11dfb52147b698

SHA512
3b10462ae03ea57bfad298c4d59da247b8ad971aeec0c9ad439a72b1756ee627fba23fe9044df9a8301b0fe1099bbb9988869ccce1102314052a49bf0cbdf317

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\cm

Filesize
1.5MB

MD5
b56ff480a051053678aa4d4a45cbc2b8

SHA1
9bf6cf9994ecd0ccc5cb8832efdb95c3eb2cdd14

SHA256
ae8592271f22f64e62cf67e82cd31feaf2ec192ae5387af464b82093c97ce1e0

SHA512
6763a10e884cff05c7f6b36ce5b4d88594594cfbfc252eee4d5e573f30d96614f42783898b348e7a7886e57bf8ee36289c3f2ba8a44959538267f5612d87fa07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\fileshredder.ico

Filesize
5KB

MD5
d8e48de3e5710fabd066c2bc02445c02

SHA1
d5b86bff4cd388659633ac3d6969fee82aed3bdc

SHA256
1d1e9558edef4ce724f93f80dc96fa5d7306d341f89bcbe61694900a409a2e9b

SHA512
baf61410094ad50ea8de5918d1688c902ee8366cb6c26ca3fc23fc6c2207001adbef05d2c58a1355ad80b9ce790618ccd98580a6e23364a6e3c850cc1adbe8ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\libmap.dll

Filesize
32KB

MD5
53634bc76f19ea065981ac1b02225df9

SHA1
7d1cb4ae535c30d2443c4b8f14927300c8449839

SHA256
e9053b628bf89440e0ad4874a5c234fe058539f20f9bf02d36c7492fed70857a

SHA512
3b46f34b4d370f44f219f0a404ae1f9a53897ddaabfb7665197dc16b538a13d9ee89af7053fd74998dc38321af8f076759f535d5a855f6ff5212d88704c79d3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\libmap.dll

Filesize
32KB

MD5
53634bc76f19ea065981ac1b02225df9

SHA1
7d1cb4ae535c30d2443c4b8f14927300c8449839

SHA256
e9053b628bf89440e0ad4874a5c234fe058539f20f9bf02d36c7492fed70857a

SHA512
3b46f34b4d370f44f219f0a404ae1f9a53897ddaabfb7665197dc16b538a13d9ee89af7053fd74998dc38321af8f076759f535d5a855f6ff5212d88704c79d3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\libmap.dll

Filesize
32KB

MD5
53634bc76f19ea065981ac1b02225df9

SHA1
7d1cb4ae535c30d2443c4b8f14927300c8449839

SHA256
e9053b628bf89440e0ad4874a5c234fe058539f20f9bf02d36c7492fed70857a

SHA512
3b46f34b4d370f44f219f0a404ae1f9a53897ddaabfb7665197dc16b538a13d9ee89af7053fd74998dc38321af8f076759f535d5a855f6ff5212d88704c79d3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\msvcp140.dll

Filesize
428KB

MD5
fdd04dbbcf321eee5f4dd67266f476b0

SHA1
65ffdfe2664a29a41fcf5039229ccecad5b825b9

SHA256
21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794

SHA512
04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\msvcp140.dll

Filesize
428KB

MD5
fdd04dbbcf321eee5f4dd67266f476b0

SHA1
65ffdfe2664a29a41fcf5039229ccecad5b825b9

SHA256
21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794

SHA512
04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\settings.dat

Filesize
63KB

MD5
02aa61f22deb85d2bb9215a936dea9b3

SHA1
3cf45cb7646600bff9380ceb037e5f48b0a31146

SHA256
5954e948dca63d51b08cea89a33e595c14333728a206a4ae78e4651893f7e6f7

SHA512
fbc80a77912b437a0e3d5d43b01def9a7d646eac944e7866a7df7701a1d18de31ee9ab4c1feac0d9ae0dc5b20f4099dfbe4373673cb50545503d53cda50ffbc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\skin.ico

Filesize
136KB

MD5
bd185b875af6e53f699096e2fe95cbbb

SHA1
7b59c7707159fc489bcc477acd61248e1c4a155d

SHA256
0a326b06aab1fa6ba3939db15e82cb5f4387ce9c163c6a8458acc8c79abd5490

SHA512
e9c7d2ff9a691b8981e95a9279209afc7652c4daa99e346437419b13266cc97f44e1af554b4dd2a5c2608da44ee18b6ca329a7d1e3a9fd8df58c84d08ee07090

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\sqlite3.dll

Filesize
883KB

MD5
c86d13c52aa1c7d0e39cc9f6d20ccd22

SHA1
8622a443874feebb2e5cdb9792a447acb97f78af

SHA256
7fdc0ad5ee9678eb66448b121beba9597ca6742d4474ff75d080a5c5014ec9c9

SHA512
ea629707a590a3494f63d17e6d4b74f9fc3341216f3fada2f1a1e5c318f83149130ea87afb8eb87168428ed21dc0c4cd4612bf66517ec67874e9a75c694e6af6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\sqlite3.dll

Filesize
883KB

MD5
c86d13c52aa1c7d0e39cc9f6d20ccd22

SHA1
8622a443874feebb2e5cdb9792a447acb97f78af

SHA256
7fdc0ad5ee9678eb66448b121beba9597ca6742d4474ff75d080a5c5014ec9c9

SHA512
ea629707a590a3494f63d17e6d4b74f9fc3341216f3fada2f1a1e5c318f83149130ea87afb8eb87168428ed21dc0c4cd4612bf66517ec67874e9a75c694e6af6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\sqlite3.dll

Filesize
883KB

MD5
c86d13c52aa1c7d0e39cc9f6d20ccd22

SHA1
8622a443874feebb2e5cdb9792a447acb97f78af

SHA256
7fdc0ad5ee9678eb66448b121beba9597ca6742d4474ff75d080a5c5014ec9c9

SHA512
ea629707a590a3494f63d17e6d4b74f9fc3341216f3fada2f1a1e5c318f83149130ea87afb8eb87168428ed21dc0c4cd4612bf66517ec67874e9a75c694e6af6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\unins000.dat

Filesize
58KB

MD5
6766f5a4458049bd1d4e2c910cec0c37

SHA1
f14bb0b2c5d7d28417944f0b3cade69feffdfffa

SHA256
1c81ca1be6edc12dfa8a2189d846a207a0adcd53a1a3cb462a466bf28a531b13

SHA512
1a813025cbe7c3e86ce0f196e57be11f4701fdd1869863be878eab62f6532c91d4f5744f9e13e1f93a25169518c0f6e33abceeffcff3fa045b830c0a7fcfc78f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\unins000.msg

Filesize
22KB

MD5
a5e1c77434480346133faf90a3ff8bf2

SHA1
f7771ebc1d19475f1a83d769f276557b676f03c0

SHA256
b1718d2001564b8be91d99edde12899305de4286455b2507017b64af3441c22e

SHA512
d4b60886b35f1c7be0b14f6be044829a55b78921b6c0542ee5d2deb2252dbc7fbb3f99c28d2930f1c655a7b4cc49571feb51dac53d1698cff8d17598eedc2f42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\vcruntime140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\vcruntime140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\vcruntime140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\zlib1.dll

Filesize
76KB

MD5
7cfdbfec8b16876767f5895fae94f6cd

SHA1
49644b75dc5ef3e1f6e122f8b6e5569b74b1e2a5

SHA256
322062f0287317d3f41180bf79e54c4ddf4646a08fcd55263fd05ad56b8e1cba

SHA512
02a10c91098b79cf4b53dfeb595283cd0bcd5b70ddc803f401600d321a54d3ce51ec24962473a47b9679b573a2223ff7f02be57866bfd961cea3f1a81bcea683

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\zlib1.dll

Filesize
76KB

MD5
7cfdbfec8b16876767f5895fae94f6cd

SHA1
49644b75dc5ef3e1f6e122f8b6e5569b74b1e2a5

SHA256
322062f0287317d3f41180bf79e54c4ddf4646a08fcd55263fd05ad56b8e1cba

SHA512
02a10c91098b79cf4b53dfeb595283cd0bcd5b70ddc803f401600d321a54d3ce51ec24962473a47b9679b573a2223ff7f02be57866bfd961cea3f1a81bcea683

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tech tool store\zlib1.dll

Filesize
76KB

MD5
7cfdbfec8b16876767f5895fae94f6cd

SHA1
49644b75dc5ef3e1f6e122f8b6e5569b74b1e2a5

SHA256
322062f0287317d3f41180bf79e54c4ddf4646a08fcd55263fd05ad56b8e1cba

SHA512
02a10c91098b79cf4b53dfeb595283cd0bcd5b70ddc803f401600d321a54d3ce51ec24962473a47b9679b573a2223ff7f02be57866bfd961cea3f1a81bcea683

Download Submit
memory/2488-169-0x0000000008B70000-0x0000000008BB0000-memory.dmp

Filesize
256KB

Download
memory/2488-164-0x0000000008A70000-0x0000000008B2C000-memory.dmp

Filesize
752KB

Download
memory/2488-191-0x0000000008B30000-0x0000000008B43000-memory.dmp

Filesize
76KB

Download
memory/2488-192-0x0000000008B70000-0x0000000008BB0000-memory.dmp

Filesize
256KB

Download