babadeda | cdb9fbfb428ef0175e4b033d5a07f141d6baa5d7d86236b5850d289b56930616

Analysis

max time kernel
113s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05-02-2023 07:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e746622d49fbb761eff8dae70917972a07eecff7.exe
Size

16.1MB
MD5

731201d8444298a09d8271f1fbb00b61
SHA1

e746622d49fbb761eff8dae70917972a07eecff7
SHA256

cdb9fbfb428ef0175e4b033d5a07f141d6baa5d7d86236b5850d289b56930616
SHA512

a75536e57aa0a4d706b55b720e6647e4484e9d5b9d45773ff7057ac8740e332d14aa9a3a565770c06d7d67f8b2a87ace8161fd7dcb0c0e6b03d16be9f80c0254
SSDEEP

393216:pMC1ACP7g3EJst+m4hKKaOK3mh0/RM6FdV:B/7gZ1Q3aOCR/

Score

10^/10

babadeda crypter evasion loader trojan

Malware Config

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 1 IoCs

resource	yara_rule
behavioral2/files/0x0007000000022e4f-172.dat	family_babadeda

Executes dropped EXE 1 IoCs

pid	Process
4048	appAutoUpdate.exe

Loads dropped DLL 27 IoCs

pid	Process
5020	e746622d49fbb761eff8dae70917972a07eecff7.exe
5020	e746622d49fbb761eff8dae70917972a07eecff7.exe
5020	e746622d49fbb761eff8dae70917972a07eecff7.exe
5020	e746622d49fbb761eff8dae70917972a07eecff7.exe
5020	e746622d49fbb761eff8dae70917972a07eecff7.exe
5020	e746622d49fbb761eff8dae70917972a07eecff7.exe
5020	e746622d49fbb761eff8dae70917972a07eecff7.exe
5020	e746622d49fbb761eff8dae70917972a07eecff7.exe
5020	e746622d49fbb761eff8dae70917972a07eecff7.exe
5020	e746622d49fbb761eff8dae70917972a07eecff7.exe
4048	appAutoUpdate.exe
4048	appAutoUpdate.exe
4048	appAutoUpdate.exe
4048	appAutoUpdate.exe
4048	appAutoUpdate.exe
4048	appAutoUpdate.exe
4048	appAutoUpdate.exe
4048	appAutoUpdate.exe
4048	appAutoUpdate.exe
4048	appAutoUpdate.exe
4048	appAutoUpdate.exe
4048	appAutoUpdate.exe
4048	appAutoUpdate.exe
4048	appAutoUpdate.exe
4048	appAutoUpdate.exe
4048	appAutoUpdate.exe
4048	appAutoUpdate.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	e746622d49fbb761eff8dae70917972a07eecff7.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	e746622d49fbb761eff8dae70917972a07eecff7.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	e746622d49fbb761eff8dae70917972a07eecff7.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	e746622d49fbb761eff8dae70917972a07eecff7.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5020	e746622d49fbb761eff8dae70917972a07eecff7.exe
5020	e746622d49fbb761eff8dae70917972a07eecff7.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5020 wrote to memory of 4048	5020	e746622d49fbb761eff8dae70917972a07eecff7.exe	81
PID 5020 wrote to memory of 4048	5020	e746622d49fbb761eff8dae70917972a07eecff7.exe	81
PID 5020 wrote to memory of 4048	5020	e746622d49fbb761eff8dae70917972a07eecff7.exe	81

C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe
"C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:5020
- C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe
  "C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4048

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\BRL0000139c\BR667F.tmp

Filesize
43KB

MD5
c5dc46c377c927c8e91b18cde57cf0fc

SHA1
22ce8600d4dbaf9af6eded556d390212274911d1

SHA256
a53f9dbbe62911ddc088a10bc8d10b5d8b30ed999438e788b6bfe24f0ba6e2b8

SHA512
f208b88f84b9fea0fc184926551eb60f843e997390ceed7cfde5ff7bb7c6b6bcd47a0d5021a92064e57e6b400bbbe21cec93fa2358728a29c35d2bc147cc1432

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL0000139c\BR671C.tmp

Filesize
288KB

MD5
122a3741699fb5c0950273245c9dea15

SHA1
811f9149e3310a8e6521da156f92f3aaab012145

SHA256
f675eba3b22e0a2238ec4961d99de3bacca0ab553ab26eecb49800a12a9371ab

SHA512
567c480f70fdc78769ae45bf83b6632f7ab380ebeb00689028d39ff03840c8b778149a3fafe1dab2ac77a1fd17a23b09f58774b1c5e791bfd33b99528225eccc

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL0000139c\BR67F8.tmp

Filesize
35KB

MD5
08ad4cd2a940379f1dcdbdb9884a1375

SHA1
c302b7589ba4f05c6429e7f89ad0cb84dd9dfbac

SHA256
78827e2b1ef0aad4f8b1b42d0964064819aa22bfcd537ebaacb30d817edc06d8

SHA512
f37bd071994c31b361090a149999e8b2d4a7839f19ea63e1d4563aada1371be37f2bfcc474e24de95ff77ca4124a39580c9f711e2fbe54265713ab76f631835a

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL0000139c\BR6876.tmp

Filesize
121KB

MD5
f5cec0e851d679bc6cfe5923c8cdd5c8

SHA1
5eee0f3192e2656d0891e363a5d69f61f457b186

SHA256
ac0976f2a6f221045d0fd22bb32bab0c8439d186acd118ad0faa2d69cbd2840e

SHA512
226f47164392ee339412f8ee5dad3faf40e26c52e2ae039826323ea0ef66d23776b1e972cd6f817e7dea1da0f87f20d3b6c7380fd8e891ec21a2f13dfc4915f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL0000139c\BR68A6.tmp

Filesize
532KB

MD5
a6f7a08b0676f0564a51b5c47973e635

SHA1
d56f5f9e2580b81717317da6582da9d379426d5b

SHA256
5dd27e845af9333ad7b907a37ab3d239b75be6ccc1f51ef4b21e59b037ce778c

SHA512
1101813034db327af1c16d069a4dfa91ab97ee8188f9ed1a6da9d25558866e7e9af59102e58127e64441d3e4a768b2ad788fd0e5a16db994a14637bfbade2954

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL0000139c\BR6943.tmp

Filesize
72KB

MD5
c04970b55bcf614f24ca75b1de641ae2

SHA1
52b182caef513ed1c36f28eb45cedb257fa8ce40

SHA256
5ddee4aab3cf33e505f52199d64809125b26de04fb9970ca589cd8619c859d80

SHA512
a5f2660e336bf74a1936fb2e1c724220d862632907f5fd690b365009ac3e1bf35fa6689071f3da4049e495f340ff83f8438b79079ef1f248b9dcaedbdd5d3e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL0000139c\BR6963.tmp

Filesize
14KB

MD5
77fe66d74901495f4b41a5918acd02ff

SHA1
ce5bbd53152cd5b03df8bcc232a1aea36a012764

SHA256
b017168c69ef40115141813e47122391602e1af28af342c56495b09f1c3c7522

SHA512
cc6e323d0076577a0a04dbe2c33d90dc616cb5ec3637d3df67cbf169766ca2e6de567fcff4f32938fd6118d98e4796642a3010b7264f0ae247fa8f0fe079bd70

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL0000139c\BR6A5E.tmp

Filesize
14KB

MD5
d74aadd701bfacc474c431acab7b9265

SHA1
8a2b424d1f949430ddc1faddee3e9ccb79c95de2

SHA256
f1029f5cca3dabfeffe2c9db6ad84a9ff0f64f5b2fb85cb6ab348740f756e07d

SHA512
0ef85e311fb4843997fd5f87f0a2eec9715e26eae76bfb7bb701d8c043720aeaf7f4825d25187bf35e0a9f00def15ed071120128805445f1330c07c3e0ea5ced

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL0000139c\BR6C53.tmp

Filesize
74KB

MD5
924b90c3d9e645dfad53f61ea4e91942

SHA1
65d397199ff191e5078095036e49f08376f9ae4e

SHA256
41788435f245133ec5511111e2c5d52f7515e359876180067e0b5ba85c729322

SHA512
76833708828c8f3fad941abeea158317aff98cf0691b5d5dfa4bca15279cdad1cc23a771258e4de41cf12a58f7033a3ee08b0b5eb834d22be568ea98b183ccd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL0000139c\BR6C74.tmp

Filesize
102KB

MD5
77c853090012e97f6ce9212e66ef8a5e

SHA1
69425ae525ceff28c14e4855c002db432421ca92

SHA256
122debc552cb9a54704c3bb4a363b2494df16f0797642e0dee84712282d4df21

SHA512
17b62a1defc291a8af7b7e701ca7ab1a0d72605c6595a52c89b8e94c4a49e2d037931371e9966ac66dc764e968dca3728633e81545d8ba6aba09d8f39a6f914c

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\LIBEAY32.dll

Filesize
1.2MB

MD5
2c4aee80c87af1aa5a297b2afbd5f35e

SHA1
0a4c89d0484418f4efdf444311eec9d1f86b307b

SHA256
0c75b48201829766b2b7aaba3e3d42a791ff6d3d17ddfee42bbe42ae20acfde0

SHA512
0aaf831b0e65cbcd37c62a1e515f0d2fb2a2e257bd87f5a00df618bcd90761bba722ba234db98c8c8cbb0177d7b27c603605728ccb3cb862b5344b18e0f0d91d

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\MSVCP140.dll

Filesize
428KB

MD5
fdd04dbbcf321eee5f4dd67266f476b0

SHA1
65ffdfe2664a29a41fcf5039229ccecad5b825b9

SHA256
21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794

SHA512
04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\MSVCR100.dll

Filesize
756KB

MD5
411cd486b87c63fd35c9266aa3b595f2

SHA1
41624fe4e7e2e182105c028b75ade607deb508ae

SHA256
75f101c7696ec140d11df1eeeeaaa0128dce7bcb73e8527b5b87aa426836c904

SHA512
f368d28980417dfe77e9105c59697ff5db492331c99530b06a59f2fc8e72b1639d2cef527c6dc4dc688de9a5c0af2e0adce6d87bec6ed535951a94076d473293

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Core.dll

Filesize
4.5MB

MD5
293bd22258209132cf35337827e6e0bd

SHA1
5529cb7ff7fe5edde9e557810aa4fe7419ceec82

SHA256
fa700c2a81bf2f22d0feb74a287ca906ce4376d14a0922b0c1382672bc29ab38

SHA512
49ce7123a0c02570484780e3c374b5a60e1fb85c9c47f486ba2c3fbabe933546e4912ad55d3d793e7020ea3405b4fccb2bd6f946e80d486f9d299ae09b733850

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Core.dll

Filesize
4.5MB

MD5
293bd22258209132cf35337827e6e0bd

SHA1
5529cb7ff7fe5edde9e557810aa4fe7419ceec82

SHA256
fa700c2a81bf2f22d0feb74a287ca906ce4376d14a0922b0c1382672bc29ab38

SHA512
49ce7123a0c02570484780e3c374b5a60e1fb85c9c47f486ba2c3fbabe933546e4912ad55d3d793e7020ea3405b4fccb2bd6f946e80d486f9d299ae09b733850

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Core.dll

Filesize
4.5MB

MD5
293bd22258209132cf35337827e6e0bd

SHA1
5529cb7ff7fe5edde9e557810aa4fe7419ceec82

SHA256
fa700c2a81bf2f22d0feb74a287ca906ce4376d14a0922b0c1382672bc29ab38

SHA512
49ce7123a0c02570484780e3c374b5a60e1fb85c9c47f486ba2c3fbabe933546e4912ad55d3d793e7020ea3405b4fccb2bd6f946e80d486f9d299ae09b733850

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Core.dll

Filesize
4.5MB

MD5
293bd22258209132cf35337827e6e0bd

SHA1
5529cb7ff7fe5edde9e557810aa4fe7419ceec82

SHA256
fa700c2a81bf2f22d0feb74a287ca906ce4376d14a0922b0c1382672bc29ab38

SHA512
49ce7123a0c02570484780e3c374b5a60e1fb85c9c47f486ba2c3fbabe933546e4912ad55d3d793e7020ea3405b4fccb2bd6f946e80d486f9d299ae09b733850

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Gui.dll

Filesize
4.8MB

MD5
ecdec0e838c9a98bec9e3e14c51b914b

SHA1
c33eeef1ae3975441f798a651a8329e3549fe09a

SHA256
4a8c855f2415c548bf5b477f90f9b81c40e3fc46950332ffe0a9da75a33cf36e

SHA512
1e739d96acea7380a286de70faf5fd5852fd437acd18182a756d8a59c03293f5190162474172d847ba83f318a4a1fb7365764e493c3f041cefabd9ac9e2e5ac2

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Gui.dll

Filesize
4.8MB

MD5
ecdec0e838c9a98bec9e3e14c51b914b

SHA1
c33eeef1ae3975441f798a651a8329e3549fe09a

SHA256
4a8c855f2415c548bf5b477f90f9b81c40e3fc46950332ffe0a9da75a33cf36e

SHA512
1e739d96acea7380a286de70faf5fd5852fd437acd18182a756d8a59c03293f5190162474172d847ba83f318a4a1fb7365764e493c3f041cefabd9ac9e2e5ac2

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Network.dll

Filesize
845KB

MD5
c5f3c3b214396224f50d1cb67cde2e69

SHA1
7873b6da40616f301c36bd58e5e70524bb96c076

SHA256
1e69f798afc35ef64250d2cb1cdf1cf5756385975fa74470450ed8e608872388

SHA512
ec67921960e7af895b12aae8bbc933f13695656ab7e381850f8a48e4d31a4bff3a7145458a6c1058b0fc4cfd2b3e1129efdde5334f36a762a62b5b58d880c5e8

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Network.dll

Filesize
845KB

MD5
c5f3c3b214396224f50d1cb67cde2e69

SHA1
7873b6da40616f301c36bd58e5e70524bb96c076

SHA256
1e69f798afc35ef64250d2cb1cdf1cf5756385975fa74470450ed8e608872388

SHA512
ec67921960e7af895b12aae8bbc933f13695656ab7e381850f8a48e4d31a4bff3a7145458a6c1058b0fc4cfd2b3e1129efdde5334f36a762a62b5b58d880c5e8

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Widgets.dll

Filesize
4.3MB

MD5
23e5ebf7dad35f0569ec2f208c74a3d2

SHA1
721783554606c8785f47c608de047bafeeecf781

SHA256
9e024db068b3cd661027abc14b5f3c6f31d7e9e347673086a586da6c82c40c10

SHA512
6b1204b9634c00811b852793a53b188a53437b08cd50fb7bf4f6612be5827291f7b4425c1e40c4754738e70c2fe4396d9c7f19b9bbd86257b7d7d580eddbb3f4

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Widgets.dll

Filesize
4.3MB

MD5
23e5ebf7dad35f0569ec2f208c74a3d2

SHA1
721783554606c8785f47c608de047bafeeecf781

SHA256
9e024db068b3cd661027abc14b5f3c6f31d7e9e347673086a586da6c82c40c10

SHA512
6b1204b9634c00811b852793a53b188a53437b08cd50fb7bf4f6612be5827291f7b4425c1e40c4754738e70c2fe4396d9c7f19b9bbd86257b7d7d580eddbb3f4

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Xml.dll

Filesize
159KB

MD5
df3dc0b4449ea3e87bdb77e3ce1e7470

SHA1
3648d4f10a21821f63b6d5bb23f36b1e62e5d9c1

SHA256
ef00e3df3bea4181e913d22e7a7017c8eb4d8e0e4ac9ac45436d7cdf30808141

SHA512
5d3c95dcfa0672376427cb9fecab15cdce10f2d7843a2cde7a44ddb7f8d47ace91a07ad879ede19b5831f3fc3d4bd11ba99b237536c15447adc667c1c477b302

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Xml.dll

Filesize
159KB

MD5
df3dc0b4449ea3e87bdb77e3ce1e7470

SHA1
3648d4f10a21821f63b6d5bb23f36b1e62e5d9c1

SHA256
ef00e3df3bea4181e913d22e7a7017c8eb4d8e0e4ac9ac45436d7cdf30808141

SHA512
5d3c95dcfa0672376427cb9fecab15cdce10f2d7843a2cde7a44ddb7f8d47ace91a07ad879ede19b5831f3fc3d4bd11ba99b237536c15447adc667c1c477b302

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\SDL2.dll

Filesize
1.1MB

MD5
d60643229ea9b319f4de76ba47f0e138

SHA1
8811a3d790915e4bbe9deb1d9c7fa499a2679408

SHA256
eab38202aa56c843c561c6a5009efc8ef4468f547f55c562341be38ea512951c

SHA512
95095958378e4c2e0e3924c5245d8fc6f788b926e8e751d40c55dba0ad1c4ed66379fe8dc148a8c39618eeb75e94cba1b3859462051a249f09cd7b483ba45ccd

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\SDL2.dll

Filesize
1.1MB

MD5
d60643229ea9b319f4de76ba47f0e138

SHA1
8811a3d790915e4bbe9deb1d9c7fa499a2679408

SHA256
eab38202aa56c843c561c6a5009efc8ef4468f547f55c562341be38ea512951c

SHA512
95095958378e4c2e0e3924c5245d8fc6f788b926e8e751d40c55dba0ad1c4ed66379fe8dc148a8c39618eeb75e94cba1b3859462051a249f09cd7b483ba45ccd

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\SSLEAY32.dll

Filesize
295KB

MD5
f600dee1e1242343c05b1d94c18540bb

SHA1
c47c2ac1a865c5afbe9e1ace852a72621576119e

SHA256
2f7d415c7018aaa8f676c94db3908d5040a00da2ce4e3fc8269ccf53e86ac9eb

SHA512
744259566f4e581885297a551920953fc69451e11e79e49a5b0251bb12cbaa56254bb5a49046620f60ef6de350d9039d1b82638e7e516760315aa8a9fdefd761

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\VCRUNTIME140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\ZLIB1.dll

Filesize
71KB

MD5
87104304432b5d91c82ea15a58a8654e

SHA1
3f52d71c68e74885645ef31ef57831a73232e562

SHA256
eb002fcaf11a08ce8916bcb9a27281b2832bd9668db21e72d915029d380c1447

SHA512
87b6f940a921cec9be5e48ed182ce0775ecef46113aca780f31b215612f24bf742d3c1c6cf94f258dfa8a2fabcaae7c2dc0651d6c4412635aa35086b58c117a6

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe

Filesize
724KB

MD5
bd27db520fc5b84bdde116701338e561

SHA1
fe52c23197a661c03af85e124f31e60bfd019fe6

SHA256
161946d013bc1efdbaa7a9f7a0cc64af06f880a2c0050097f8c490a3dfe1cd96

SHA512
4e8c93c3effecd59e0b2aef9079e2ddd4bfa9f06eaeed429b52547a827a5847fcfc2d7b626cbc15e72db265255f6e6559ad784c6ca89a1a3e99156d5b0f93c9e

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe

Filesize
724KB

MD5
bd27db520fc5b84bdde116701338e561

SHA1
fe52c23197a661c03af85e124f31e60bfd019fe6

SHA256
161946d013bc1efdbaa7a9f7a0cc64af06f880a2c0050097f8c490a3dfe1cd96

SHA512
4e8c93c3effecd59e0b2aef9079e2ddd4bfa9f06eaeed429b52547a827a5847fcfc2d7b626cbc15e72db265255f6e6559ad784c6ca89a1a3e99156d5b0f93c9e

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\fftw3.dll

Filesize
842KB

MD5
d7fdbc8549b82d25e757ca9becc446b6

SHA1
c957a2bc431a361680f6ba42e27d25afbb908498

SHA256
c3b595633eb076138d10a26bbff932669a7dec27c216efa02f0dd6764a8ff472

SHA512
1bb90cbe2e1db7c7956eb382e74b51e83f2f2e218d4bc219927c534980a856caca0dc578523493619e9921f3ee28084185d7d042d3f1e59e6e4e12baa17b91d9

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\fftw3.dll

Filesize
842KB

MD5
d7fdbc8549b82d25e757ca9becc446b6

SHA1
c957a2bc431a361680f6ba42e27d25afbb908498

SHA256
c3b595633eb076138d10a26bbff932669a7dec27c216efa02f0dd6764a8ff472

SHA512
1bb90cbe2e1db7c7956eb382e74b51e83f2f2e218d4bc219927c534980a856caca0dc578523493619e9921f3ee28084185d7d042d3f1e59e6e4e12baa17b91d9

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\im

Filesize
1.8MB

MD5
4925ee881129c439d0f72adc99b27ee6

SHA1
9ece12714441f597d650ca70652f77f6b80bc3bc

SHA256
d677fede97feb8b1ceda92fdf55119dea4ffc15f85116f0ccdacede7e4367f49

SHA512
e5327880001ca5d90932a97bdc8616e6609d6cc263bbe3031830aa9c510a1cbf9256a810e77bfe99c84a5df5f9dfe37f9cb8bde4ea3cff3c0eb04fd5fbede190

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\libeay32.dll

Filesize
1.2MB

MD5
2c4aee80c87af1aa5a297b2afbd5f35e

SHA1
0a4c89d0484418f4efdf444311eec9d1f86b307b

SHA256
0c75b48201829766b2b7aaba3e3d42a791ff6d3d17ddfee42bbe42ae20acfde0

SHA512
0aaf831b0e65cbcd37c62a1e515f0d2fb2a2e257bd87f5a00df618bcd90761bba722ba234db98c8c8cbb0177d7b27c603605728ccb3cb862b5344b18e0f0d91d

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\libmagnum.dll

Filesize
32KB

MD5
53634bc76f19ea065981ac1b02225df9

SHA1
7d1cb4ae535c30d2443c4b8f14927300c8449839

SHA256
e9053b628bf89440e0ad4874a5c234fe058539f20f9bf02d36c7492fed70857a

SHA512
3b46f34b4d370f44f219f0a404ae1f9a53897ddaabfb7665197dc16b538a13d9ee89af7053fd74998dc38321af8f076759f535d5a855f6ff5212d88704c79d3a

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\libmagnum.dll

Filesize
32KB

MD5
53634bc76f19ea065981ac1b02225df9

SHA1
7d1cb4ae535c30d2443c4b8f14927300c8449839

SHA256
e9053b628bf89440e0ad4874a5c234fe058539f20f9bf02d36c7492fed70857a

SHA512
3b46f34b4d370f44f219f0a404ae1f9a53897ddaabfb7665197dc16b538a13d9ee89af7053fd74998dc38321af8f076759f535d5a855f6ff5212d88704c79d3a

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\lognet.dll

Filesize
170KB

MD5
3f1c8dfe58ef24cffc90988e905f8161

SHA1
7d26e165d1ebf692260797a811b3237300e7f31f

SHA256
89c458c242bc708fdb7f8efa210fb59b60d477c45bdc4183929c7e2f3d631ffb

SHA512
028536d5aa57cc45352cc309be4a4bf1773f71236add501e7951ba132901b3cf63bdb42a1ba6e6d94390ed03d92c2bd38a38bfcc4959c9a04b84a3c5abf617c9

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\lognet.dll

Filesize
170KB

MD5
3f1c8dfe58ef24cffc90988e905f8161

SHA1
7d26e165d1ebf692260797a811b3237300e7f31f

SHA256
89c458c242bc708fdb7f8efa210fb59b60d477c45bdc4183929c7e2f3d631ffb

SHA512
028536d5aa57cc45352cc309be4a4bf1773f71236add501e7951ba132901b3cf63bdb42a1ba6e6d94390ed03d92c2bd38a38bfcc4959c9a04b84a3c5abf617c9

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\msvcp140.dll

Filesize
428KB

MD5
fdd04dbbcf321eee5f4dd67266f476b0

SHA1
65ffdfe2664a29a41fcf5039229ccecad5b825b9

SHA256
21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794

SHA512
04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\msvcr100.dll

Filesize
756KB

MD5
411cd486b87c63fd35c9266aa3b595f2

SHA1
41624fe4e7e2e182105c028b75ade607deb508ae

SHA256
75f101c7696ec140d11df1eeeeaaa0128dce7bcb73e8527b5b87aa426836c904

SHA512
f368d28980417dfe77e9105c59697ff5db492331c99530b06a59f2fc8e72b1639d2cef527c6dc4dc688de9a5c0af2e0adce6d87bec6ed535951a94076d473293

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\ssleay32.dll

Filesize
295KB

MD5
f600dee1e1242343c05b1d94c18540bb

SHA1
c47c2ac1a865c5afbe9e1ace852a72621576119e

SHA256
2f7d415c7018aaa8f676c94db3908d5040a00da2ce4e3fc8269ccf53e86ac9eb

SHA512
744259566f4e581885297a551920953fc69451e11e79e49a5b0251bb12cbaa56254bb5a49046620f60ef6de350d9039d1b82638e7e516760315aa8a9fdefd761

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\vcruntime140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
C:\Users\Admin\AppData\Roaming\Code VBA Examiner\zlib1.dll

Filesize
71KB

MD5
87104304432b5d91c82ea15a58a8654e

SHA1
3f52d71c68e74885645ef31ef57831a73232e562

SHA256
eb002fcaf11a08ce8916bcb9a27281b2832bd9668db21e72d915029d380c1447

SHA512
87b6f940a921cec9be5e48ed182ce0775ecef46113aca780f31b215612f24bf742d3c1c6cf94f258dfa8a2fabcaae7c2dc0651d6c4412635aa35086b58c117a6

Download Submit