Malware Analysis Report

2024-09-22 16:40

Sample ID 230205-qvzzfahg38
Target e746622d49fbb761eff8dae70917972a07eecff7
SHA256 cdb9fbfb428ef0175e4b033d5a07f141d6baa5d7d86236b5850d289b56930616
Tags
evasion trojan babadeda crypter loader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cdb9fbfb428ef0175e4b033d5a07f141d6baa5d7d86236b5850d289b56930616

Threat Level: Known bad

The file e746622d49fbb761eff8dae70917972a07eecff7 was found to be: Known bad.

Malicious Activity Summary

evasion trojan babadeda crypter loader

Babadeda

Babadeda Crypter

Loads dropped DLL

Executes dropped EXE

Checks whether UAC is enabled

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Checks processor information in registry

MITRE ATT&CK Matrix V6

Analysis: static1

Detonation Overview

Reported

2023-02-05 13:35

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-02-05 13:35

Reported

2023-02-05 13:38

Platform

win7-20220812-en

Max time kernel

42s

Max time network

46s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe

"C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe"

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe

"C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe"

Network

N/A

Files

memory/2044-54-0x0000000075201000-0x0000000075203000-memory.dmp

\Users\Admin\AppData\Local\Temp\BRL000007fc\BR954.tmp

MD5 c5dc46c377c927c8e91b18cde57cf0fc
SHA1 22ce8600d4dbaf9af6eded556d390212274911d1
SHA256 a53f9dbbe62911ddc088a10bc8d10b5d8b30ed999438e788b6bfe24f0ba6e2b8
SHA512 f208b88f84b9fea0fc184926551eb60f843e997390ceed7cfde5ff7bb7c6b6bcd47a0d5021a92064e57e6b400bbbe21cec93fa2358728a29c35d2bc147cc1432

\Users\Admin\AppData\Local\Temp\BRL000007fc\BR9F1.tmp

MD5 122a3741699fb5c0950273245c9dea15
SHA1 811f9149e3310a8e6521da156f92f3aaab012145
SHA256 f675eba3b22e0a2238ec4961d99de3bacca0ab553ab26eecb49800a12a9371ab
SHA512 567c480f70fdc78769ae45bf83b6632f7ab380ebeb00689028d39ff03840c8b778149a3fafe1dab2ac77a1fd17a23b09f58774b1c5e791bfd33b99528225eccc

\Users\Admin\AppData\Local\Temp\BRL000007fc\BRA9E.tmp

MD5 08ad4cd2a940379f1dcdbdb9884a1375
SHA1 c302b7589ba4f05c6429e7f89ad0cb84dd9dfbac
SHA256 78827e2b1ef0aad4f8b1b42d0964064819aa22bfcd537ebaacb30d817edc06d8
SHA512 f37bd071994c31b361090a149999e8b2d4a7839f19ea63e1d4563aada1371be37f2bfcc474e24de95ff77ca4124a39580c9f711e2fbe54265713ab76f631835a

\Users\Admin\AppData\Local\Temp\BRL000007fc\BRADD.tmp

MD5 f5cec0e851d679bc6cfe5923c8cdd5c8
SHA1 5eee0f3192e2656d0891e363a5d69f61f457b186
SHA256 ac0976f2a6f221045d0fd22bb32bab0c8439d186acd118ad0faa2d69cbd2840e
SHA512 226f47164392ee339412f8ee5dad3faf40e26c52e2ae039826323ea0ef66d23776b1e972cd6f817e7dea1da0f87f20d3b6c7380fd8e891ec21a2f13dfc4915f8

\Users\Admin\AppData\Local\Temp\BRL000007fc\BRAFE.tmp

MD5 a6f7a08b0676f0564a51b5c47973e635
SHA1 d56f5f9e2580b81717317da6582da9d379426d5b
SHA256 5dd27e845af9333ad7b907a37ab3d239b75be6ccc1f51ef4b21e59b037ce778c
SHA512 1101813034db327af1c16d069a4dfa91ab97ee8188f9ed1a6da9d25558866e7e9af59102e58127e64441d3e4a768b2ad788fd0e5a16db994a14637bfbade2954

\Users\Admin\AppData\Local\Temp\BRL000007fc\BRBBA.tmp

MD5 c04970b55bcf614f24ca75b1de641ae2
SHA1 52b182caef513ed1c36f28eb45cedb257fa8ce40
SHA256 5ddee4aab3cf33e505f52199d64809125b26de04fb9970ca589cd8619c859d80
SHA512 a5f2660e336bf74a1936fb2e1c724220d862632907f5fd690b365009ac3e1bf35fa6689071f3da4049e495f340ff83f8438b79079ef1f248b9dcaedbdd5d3e40

\Users\Admin\AppData\Local\Temp\BRL000007fc\BRC09.tmp

MD5 77fe66d74901495f4b41a5918acd02ff
SHA1 ce5bbd53152cd5b03df8bcc232a1aea36a012764
SHA256 b017168c69ef40115141813e47122391602e1af28af342c56495b09f1c3c7522
SHA512 cc6e323d0076577a0a04dbe2c33d90dc616cb5ec3637d3df67cbf169766ca2e6de567fcff4f32938fd6118d98e4796642a3010b7264f0ae247fa8f0fe079bd70

\Users\Admin\AppData\Local\Temp\BRL000007fc\BRCC5.tmp

MD5 d74aadd701bfacc474c431acab7b9265
SHA1 8a2b424d1f949430ddc1faddee3e9ccb79c95de2
SHA256 f1029f5cca3dabfeffe2c9db6ad84a9ff0f64f5b2fb85cb6ab348740f756e07d
SHA512 0ef85e311fb4843997fd5f87f0a2eec9715e26eae76bfb7bb701d8c043720aeaf7f4825d25187bf35e0a9f00def15ed071120128805445f1330c07c3e0ea5ced

\Users\Admin\AppData\Local\Temp\BRL000007fc\BRE0E.tmp

MD5 924b90c3d9e645dfad53f61ea4e91942
SHA1 65d397199ff191e5078095036e49f08376f9ae4e
SHA256 41788435f245133ec5511111e2c5d52f7515e359876180067e0b5ba85c729322
SHA512 76833708828c8f3fad941abeea158317aff98cf0691b5d5dfa4bca15279cdad1cc23a771258e4de41cf12a58f7033a3ee08b0b5eb834d22be568ea98b183ccd9

\Users\Admin\AppData\Local\Temp\BRL000007fc\BRE2E.tmp

MD5 77c853090012e97f6ce9212e66ef8a5e
SHA1 69425ae525ceff28c14e4855c002db432421ca92
SHA256 122debc552cb9a54704c3bb4a363b2494df16f0797642e0dee84712282d4df21
SHA512 17b62a1defc291a8af7b7e701ca7ab1a0d72605c6595a52c89b8e94c4a49e2d037931371e9966ac66dc764e968dca3728633e81545d8ba6aba09d8f39a6f914c

\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe

MD5 bd27db520fc5b84bdde116701338e561
SHA1 fe52c23197a661c03af85e124f31e60bfd019fe6
SHA256 161946d013bc1efdbaa7a9f7a0cc64af06f880a2c0050097f8c490a3dfe1cd96
SHA512 4e8c93c3effecd59e0b2aef9079e2ddd4bfa9f06eaeed429b52547a827a5847fcfc2d7b626cbc15e72db265255f6e6559ad784c6ca89a1a3e99156d5b0f93c9e

memory/1540-66-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe

MD5 bd27db520fc5b84bdde116701338e561
SHA1 fe52c23197a661c03af85e124f31e60bfd019fe6
SHA256 161946d013bc1efdbaa7a9f7a0cc64af06f880a2c0050097f8c490a3dfe1cd96
SHA512 4e8c93c3effecd59e0b2aef9079e2ddd4bfa9f06eaeed429b52547a827a5847fcfc2d7b626cbc15e72db265255f6e6559ad784c6ca89a1a3e99156d5b0f93c9e

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Network.dll

MD5 c5f3c3b214396224f50d1cb67cde2e69
SHA1 7873b6da40616f301c36bd58e5e70524bb96c076
SHA256 1e69f798afc35ef64250d2cb1cdf1cf5756385975fa74470450ed8e608872388
SHA512 ec67921960e7af895b12aae8bbc933f13695656ab7e381850f8a48e4d31a4bff3a7145458a6c1058b0fc4cfd2b3e1129efdde5334f36a762a62b5b58d880c5e8

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Core.dll

MD5 293bd22258209132cf35337827e6e0bd
SHA1 5529cb7ff7fe5edde9e557810aa4fe7419ceec82
SHA256 fa700c2a81bf2f22d0feb74a287ca906ce4376d14a0922b0c1382672bc29ab38
SHA512 49ce7123a0c02570484780e3c374b5a60e1fb85c9c47f486ba2c3fbabe933546e4912ad55d3d793e7020ea3405b4fccb2bd6f946e80d486f9d299ae09b733850

\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Network.dll

MD5 c5f3c3b214396224f50d1cb67cde2e69
SHA1 7873b6da40616f301c36bd58e5e70524bb96c076
SHA256 1e69f798afc35ef64250d2cb1cdf1cf5756385975fa74470450ed8e608872388
SHA512 ec67921960e7af895b12aae8bbc933f13695656ab7e381850f8a48e4d31a4bff3a7145458a6c1058b0fc4cfd2b3e1129efdde5334f36a762a62b5b58d880c5e8

\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Core.dll

MD5 293bd22258209132cf35337827e6e0bd
SHA1 5529cb7ff7fe5edde9e557810aa4fe7419ceec82
SHA256 fa700c2a81bf2f22d0feb74a287ca906ce4376d14a0922b0c1382672bc29ab38
SHA512 49ce7123a0c02570484780e3c374b5a60e1fb85c9c47f486ba2c3fbabe933546e4912ad55d3d793e7020ea3405b4fccb2bd6f946e80d486f9d299ae09b733850

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Xml.dll

MD5 df3dc0b4449ea3e87bdb77e3ce1e7470
SHA1 3648d4f10a21821f63b6d5bb23f36b1e62e5d9c1
SHA256 ef00e3df3bea4181e913d22e7a7017c8eb4d8e0e4ac9ac45436d7cdf30808141
SHA512 5d3c95dcfa0672376427cb9fecab15cdce10f2d7843a2cde7a44ddb7f8d47ace91a07ad879ede19b5831f3fc3d4bd11ba99b237536c15447adc667c1c477b302

\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Xml.dll

MD5 df3dc0b4449ea3e87bdb77e3ce1e7470
SHA1 3648d4f10a21821f63b6d5bb23f36b1e62e5d9c1
SHA256 ef00e3df3bea4181e913d22e7a7017c8eb4d8e0e4ac9ac45436d7cdf30808141
SHA512 5d3c95dcfa0672376427cb9fecab15cdce10f2d7843a2cde7a44ddb7f8d47ace91a07ad879ede19b5831f3fc3d4bd11ba99b237536c15447adc667c1c477b302

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\SSLEAY32.dll

MD5 f600dee1e1242343c05b1d94c18540bb
SHA1 c47c2ac1a865c5afbe9e1ace852a72621576119e
SHA256 2f7d415c7018aaa8f676c94db3908d5040a00da2ce4e3fc8269ccf53e86ac9eb
SHA512 744259566f4e581885297a551920953fc69451e11e79e49a5b0251bb12cbaa56254bb5a49046620f60ef6de350d9039d1b82638e7e516760315aa8a9fdefd761

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\LIBEAY32.dll

MD5 2c4aee80c87af1aa5a297b2afbd5f35e
SHA1 0a4c89d0484418f4efdf444311eec9d1f86b307b
SHA256 0c75b48201829766b2b7aaba3e3d42a791ff6d3d17ddfee42bbe42ae20acfde0
SHA512 0aaf831b0e65cbcd37c62a1e515f0d2fb2a2e257bd87f5a00df618bcd90761bba722ba234db98c8c8cbb0177d7b27c603605728ccb3cb862b5344b18e0f0d91d

\Users\Admin\AppData\Roaming\Code VBA Examiner\ssleay32.dll

MD5 f600dee1e1242343c05b1d94c18540bb
SHA1 c47c2ac1a865c5afbe9e1ace852a72621576119e
SHA256 2f7d415c7018aaa8f676c94db3908d5040a00da2ce4e3fc8269ccf53e86ac9eb
SHA512 744259566f4e581885297a551920953fc69451e11e79e49a5b0251bb12cbaa56254bb5a49046620f60ef6de350d9039d1b82638e7e516760315aa8a9fdefd761

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\lognet.dll

MD5 3f1c8dfe58ef24cffc90988e905f8161
SHA1 7d26e165d1ebf692260797a811b3237300e7f31f
SHA256 89c458c242bc708fdb7f8efa210fb59b60d477c45bdc4183929c7e2f3d631ffb
SHA512 028536d5aa57cc45352cc309be4a4bf1773f71236add501e7951ba132901b3cf63bdb42a1ba6e6d94390ed03d92c2bd38a38bfcc4959c9a04b84a3c5abf617c9

\Users\Admin\AppData\Roaming\Code VBA Examiner\lognet.dll

MD5 3f1c8dfe58ef24cffc90988e905f8161
SHA1 7d26e165d1ebf692260797a811b3237300e7f31f
SHA256 89c458c242bc708fdb7f8efa210fb59b60d477c45bdc4183929c7e2f3d631ffb
SHA512 028536d5aa57cc45352cc309be4a4bf1773f71236add501e7951ba132901b3cf63bdb42a1ba6e6d94390ed03d92c2bd38a38bfcc4959c9a04b84a3c5abf617c9

\Users\Admin\AppData\Roaming\Code VBA Examiner\libeay32.dll

MD5 2c4aee80c87af1aa5a297b2afbd5f35e
SHA1 0a4c89d0484418f4efdf444311eec9d1f86b307b
SHA256 0c75b48201829766b2b7aaba3e3d42a791ff6d3d17ddfee42bbe42ae20acfde0
SHA512 0aaf831b0e65cbcd37c62a1e515f0d2fb2a2e257bd87f5a00df618bcd90761bba722ba234db98c8c8cbb0177d7b27c603605728ccb3cb862b5344b18e0f0d91d

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\fftw3.dll

MD5 d7fdbc8549b82d25e757ca9becc446b6
SHA1 c957a2bc431a361680f6ba42e27d25afbb908498
SHA256 c3b595633eb076138d10a26bbff932669a7dec27c216efa02f0dd6764a8ff472
SHA512 1bb90cbe2e1db7c7956eb382e74b51e83f2f2e218d4bc219927c534980a856caca0dc578523493619e9921f3ee28084185d7d042d3f1e59e6e4e12baa17b91d9

\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-crt-runtime-l1-1-0.dll

MD5 8bd7a27e6ca969d3eb46086d411ce05d
SHA1 3bbf6f55853b1487debca58d7cb5c877d0abd517
SHA256 8edc95578b8c9ca93a65907e428fa2b57fef8370b902912689332bc61094904c
SHA512 fee8359398efe6a995a214d4e47de43aba12d33bb9cb1de18659d332d94ef83a4a77618b6caa9f455b0c6da4c10ab459209d483b9e778d9b522771ca692ca454

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-crt-runtime-l1-1-0.dll

MD5 8bd7a27e6ca969d3eb46086d411ce05d
SHA1 3bbf6f55853b1487debca58d7cb5c877d0abd517
SHA256 8edc95578b8c9ca93a65907e428fa2b57fef8370b902912689332bc61094904c
SHA512 fee8359398efe6a995a214d4e47de43aba12d33bb9cb1de18659d332d94ef83a4a77618b6caa9f455b0c6da4c10ab459209d483b9e778d9b522771ca692ca454

\Users\Admin\AppData\Roaming\Code VBA Examiner\vcruntime140.dll

MD5 ba65db6bfef78a96aee7e29f1449bf8a
SHA1 06c7beb9fd1f33051b0e77087350903c652f4b77
SHA256 141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493
SHA512 ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\VCRUNTIME140.dll

MD5 ba65db6bfef78a96aee7e29f1449bf8a
SHA1 06c7beb9fd1f33051b0e77087350903c652f4b77
SHA256 141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493
SHA512 ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

\Users\Admin\AppData\Roaming\Code VBA Examiner\fftw3.dll

MD5 d7fdbc8549b82d25e757ca9becc446b6
SHA1 c957a2bc431a361680f6ba42e27d25afbb908498
SHA256 c3b595633eb076138d10a26bbff932669a7dec27c216efa02f0dd6764a8ff472
SHA512 1bb90cbe2e1db7c7956eb382e74b51e83f2f2e218d4bc219927c534980a856caca0dc578523493619e9921f3ee28084185d7d042d3f1e59e6e4e12baa17b91d9

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\ucrtbase.DLL

MD5 5dafe0bfb955e780b3d50da4524b752f
SHA1 91c0d9fabe748d373215ba21b90278671b5f8957
SHA256 6255112c9978c07a05c6feaee01cf4be74b2920dc7017fbc1a42f8f5d23c20f9
SHA512 37fd37f3ad87838f596d1e8e497fe66d1a1c4128625ab456ec850179dd1e1f33cf4945d0faaf6cdbd1ed586ecfb7ff3e7cf10a88a823cc5eb06c2fc4fa16bff3

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-core-timezone-l1-1-0.dll

MD5 a9c7db516186c8e367fed757e238c61a
SHA1 1318d6496e7146e773aca85be6d0e9b87a09e284
SHA256 ded52bac23633a03341969c5b98b0d94d24fa3284c1ddd0c489e453b39cec659
SHA512 6aad003287afe86abccf34f6b15338c0c7380f4837805d919064a26380d2f3f7698515f927c148e618c12f0943d3621184bebc70a8b07eed64ad88689fbcc5cb

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\SDL2.dll

MD5 d60643229ea9b319f4de76ba47f0e138
SHA1 8811a3d790915e4bbe9deb1d9c7fa499a2679408
SHA256 eab38202aa56c843c561c6a5009efc8ef4468f547f55c562341be38ea512951c
SHA512 95095958378e4c2e0e3924c5245d8fc6f788b926e8e751d40c55dba0ad1c4ed66379fe8dc148a8c39618eeb75e94cba1b3859462051a249f09cd7b483ba45ccd

\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-crt-time-l1-1-0.dll

MD5 376b4a7a02f20ed3aede05039ec3daf0
SHA1 c9149b37f85cfc724bedc0ecd543d95280055de1
SHA256 b0b8fc7de3641c3f23d30a4792c8584db33db6133ee29135c70bb504e80e4a2c
SHA512 ff7fba7cd8c9b55c1c87104d7d9074ef0eed524b02480ecf2c80e5cd489c568e1ed63bc62699a03272cab3dcbf20e6437e1f47ce112bcb3336d27ed2790430c5

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-crt-time-l1-1-0.dll

MD5 376b4a7a02f20ed3aede05039ec3daf0
SHA1 c9149b37f85cfc724bedc0ecd543d95280055de1
SHA256 b0b8fc7de3641c3f23d30a4792c8584db33db6133ee29135c70bb504e80e4a2c
SHA512 ff7fba7cd8c9b55c1c87104d7d9074ef0eed524b02480ecf2c80e5cd489c568e1ed63bc62699a03272cab3dcbf20e6437e1f47ce112bcb3336d27ed2790430c5

\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-crt-utility-l1-1-0.dll

MD5 6376bf5bac3f0208f0a5d11415ccd444
SHA1 c3fe96e51c3f3e622dcedd2ddf8d23f9442361b8
SHA256 e36763df57cd26ec2b4d52e27de51a4ca6f18caf86cbac8307bf4817705f9a0e
SHA512 9614e423c850bdb584f18555825214d42106966b1ee71e75ba7407591aa5de407b43909ce972e1923df82e9a0e953597fe19646296962194ebeb1579493d91c2

\Users\Admin\AppData\Roaming\Code VBA Examiner\SDL2.dll

MD5 d60643229ea9b319f4de76ba47f0e138
SHA1 8811a3d790915e4bbe9deb1d9c7fa499a2679408
SHA256 eab38202aa56c843c561c6a5009efc8ef4468f547f55c562341be38ea512951c
SHA512 95095958378e4c2e0e3924c5245d8fc6f788b926e8e751d40c55dba0ad1c4ed66379fe8dc148a8c39618eeb75e94cba1b3859462051a249f09cd7b483ba45ccd

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-crt-utility-l1-1-0.dll

MD5 6376bf5bac3f0208f0a5d11415ccd444
SHA1 c3fe96e51c3f3e622dcedd2ddf8d23f9442361b8
SHA256 e36763df57cd26ec2b4d52e27de51a4ca6f18caf86cbac8307bf4817705f9a0e
SHA512 9614e423c850bdb584f18555825214d42106966b1ee71e75ba7407591aa5de407b43909ce972e1923df82e9a0e953597fe19646296962194ebeb1579493d91c2

\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-crt-math-l1-1-0.dll

MD5 78dfcb76dc8b42411dbc682f78f5c6eb
SHA1 e50f6719fee44c70518cf8442737a688b5f45e62
SHA256 8673dd898f899de831fc3052c8b8254b7b85ee7f2b9b6c422736668689c9b14f
SHA512 968bb3bc952f4057f74c9c8825fcc2db34b9c56166ee39db3bab3d4ecf51fb65af250a8a65340274a1a0c0eed73b6c8962df5d2fce586c1ef4e19706edd5e6e1

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\MSVCP140.dll

MD5 fdd04dbbcf321eee5f4dd67266f476b0
SHA1 65ffdfe2664a29a41fcf5039229ccecad5b825b9
SHA256 21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794
SHA512 04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-crt-locale-l1-1-0.dll

MD5 60ffdc3ef20b127e3fd14a0719328c34
SHA1 b510833350328f79a79fa464ea9d5e9455643659
SHA256 43c9ea4ddecf2f34852559cf0b40b5261e6701d3743ab219f48d43a312707ad9
SHA512 caef6ee08c9f6fabecef1f0be37ab34e2d4dc22f15a775b2f0dcacda1f0fcdf2259399e6fbab85f0f00e8e4b03d77fe88b85b901a9ba2f775a50f2da724da26e

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-crt-locale-l1-1-0.dll

MD5 60ffdc3ef20b127e3fd14a0719328c34
SHA1 b510833350328f79a79fa464ea9d5e9455643659
SHA256 43c9ea4ddecf2f34852559cf0b40b5261e6701d3743ab219f48d43a312707ad9
SHA512 caef6ee08c9f6fabecef1f0be37ab34e2d4dc22f15a775b2f0dcacda1f0fcdf2259399e6fbab85f0f00e8e4b03d77fe88b85b901a9ba2f775a50f2da724da26e

\Users\Admin\AppData\Roaming\Code VBA Examiner\msvcp140.dll

MD5 fdd04dbbcf321eee5f4dd67266f476b0
SHA1 65ffdfe2664a29a41fcf5039229ccecad5b825b9
SHA256 21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794
SHA512 04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-crt-math-l1-1-0.dll

MD5 78dfcb76dc8b42411dbc682f78f5c6eb
SHA1 e50f6719fee44c70518cf8442737a688b5f45e62
SHA256 8673dd898f899de831fc3052c8b8254b7b85ee7f2b9b6c422736668689c9b14f
SHA512 968bb3bc952f4057f74c9c8825fcc2db34b9c56166ee39db3bab3d4ecf51fb65af250a8a65340274a1a0c0eed73b6c8962df5d2fce586c1ef4e19706edd5e6e1

\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-crt-convert-l1-1-0.dll

MD5 c6385b316bb04ca36d76b077eeb9a61e
SHA1 fc376f68798fecd41fb1c936eed1bce3f2ee6bef
SHA256 060636cfc58587b4344a6d0ff4f44dd77266f2bbdb877cb50cb1b44a7e3969bc
SHA512 bddf0f34bedb17ecf1d270a0613f27d174ae04f920192d7d1af6c15245175318b29691e748c36e2ce0a3027495b2f5a0bb688ae16095fad9dcd8c283b6d1b1d4

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-crt-convert-l1-1-0.dll

MD5 c6385b316bb04ca36d76b077eeb9a61e
SHA1 fc376f68798fecd41fb1c936eed1bce3f2ee6bef
SHA256 060636cfc58587b4344a6d0ff4f44dd77266f2bbdb877cb50cb1b44a7e3969bc
SHA512 bddf0f34bedb17ecf1d270a0613f27d174ae04f920192d7d1af6c15245175318b29691e748c36e2ce0a3027495b2f5a0bb688ae16095fad9dcd8c283b6d1b1d4

\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-crt-stdio-l1-1-0.dll

MD5 f681a45c47ebb2c56c1465677ec33ff3
SHA1 06bf7798c51325cf1806e14dea56ff98b05b7846
SHA256 3a03d727d291be57057587227273af410eda935438d8a0a165ec63ae772809af
SHA512 eeb05f1af7e1c714c658e9aa06e8c6dbeeb5f2e8dcf3fdb7b9b408018e41402d83893472114e0cf6d3a9a3bf54ec45c4f7a4840a09570d190277aa3514681ab8

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-crt-stdio-l1-1-0.dll

MD5 f681a45c47ebb2c56c1465677ec33ff3
SHA1 06bf7798c51325cf1806e14dea56ff98b05b7846
SHA256 3a03d727d291be57057587227273af410eda935438d8a0a165ec63ae772809af
SHA512 eeb05f1af7e1c714c658e9aa06e8c6dbeeb5f2e8dcf3fdb7b9b408018e41402d83893472114e0cf6d3a9a3bf54ec45c4f7a4840a09570d190277aa3514681ab8

\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-crt-string-l1-1-0.dll

MD5 00446e48d60abf044acc72b46d5c3afb
SHA1 0ccc0c5034ac063e1d4af851b0de1f4ea99aff97
SHA256 82d26998b4b3c26dbc1c1fff9d6106109a081205081d3c0669e59d20d918bc5a
SHA512 69114f0efb3c853bffb55c15e5ad1b7919057a676056d57634a6a39916e232cde2dcdc49ea0f9751ddea6550ffa58f84b1f8918b3c9fd7e88c8b8f7eb4afeaf2

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-crt-string-l1-1-0.dll

MD5 00446e48d60abf044acc72b46d5c3afb
SHA1 0ccc0c5034ac063e1d4af851b0de1f4ea99aff97
SHA256 82d26998b4b3c26dbc1c1fff9d6106109a081205081d3c0669e59d20d918bc5a
SHA512 69114f0efb3c853bffb55c15e5ad1b7919057a676056d57634a6a39916e232cde2dcdc49ea0f9751ddea6550ffa58f84b1f8918b3c9fd7e88c8b8f7eb4afeaf2

\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-crt-heap-l1-1-0.dll

MD5 cf5f256e8cd76ba85e6c3047f078814a
SHA1 b7cde77313ceaae76a46c1111b33b3d8f47c4214
SHA256 9382fc8d5cbcc23c5d05e6f48f4188af3f96efbbdc5a7ec05b37e252440ecfc1
SHA512 856eff4fff1d11a725af9c3e5ceac6d02a89297a16e97edec171839aa12c468fc37d60ec5df06d507cee695f71b7fbd4bc0ba51b7934d886e66a43b249e62da5

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-crt-heap-l1-1-0.dll

MD5 cf5f256e8cd76ba85e6c3047f078814a
SHA1 b7cde77313ceaae76a46c1111b33b3d8f47c4214
SHA256 9382fc8d5cbcc23c5d05e6f48f4188af3f96efbbdc5a7ec05b37e252440ecfc1
SHA512 856eff4fff1d11a725af9c3e5ceac6d02a89297a16e97edec171839aa12c468fc37d60ec5df06d507cee695f71b7fbd4bc0ba51b7934d886e66a43b249e62da5

\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-core-file-l1-2-0.dll

MD5 86279521328398e87699d248628eb13a
SHA1 e4d4c39bda90635f1f5c2fc58b1304e2daac9caf
SHA256 3c9b67616fd0ceb3dd92e605918b08556683ebab5537aa76dff300fbd54b0337
SHA512 2cc328955611ad8369ff9facf9c1aabe99a20c3ded2977ad86c69e0f54acd78fa6f572ed688625c8c63016826a10b3578e3c186ef2b39c4bf393ab5e399913a6

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-core-file-l1-2-0.dll

MD5 86279521328398e87699d248628eb13a
SHA1 e4d4c39bda90635f1f5c2fc58b1304e2daac9caf
SHA256 3c9b67616fd0ceb3dd92e605918b08556683ebab5537aa76dff300fbd54b0337
SHA512 2cc328955611ad8369ff9facf9c1aabe99a20c3ded2977ad86c69e0f54acd78fa6f572ed688625c8c63016826a10b3578e3c186ef2b39c4bf393ab5e399913a6

\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-core-processthreads-l1-1-1.dll

MD5 a07afa26ab56a8d3b8b16591a1962005
SHA1 2b6f3143487f747911ee20f039f1ffb1381858ac
SHA256 6be230837149dc2a8c7772142a674c3f90930a55da7f91d791942d8276d5440b
SHA512 b77b277d10cf6b8d209679684ead55b4347caef3213acdccdee35b5d4fe0e3fc136daf057830512c5473c4653a8d66357927c4b7d204c07d7508f792299d7fe9

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-core-processthreads-l1-1-1.dll

MD5 a07afa26ab56a8d3b8b16591a1962005
SHA1 2b6f3143487f747911ee20f039f1ffb1381858ac
SHA256 6be230837149dc2a8c7772142a674c3f90930a55da7f91d791942d8276d5440b
SHA512 b77b277d10cf6b8d209679684ead55b4347caef3213acdccdee35b5d4fe0e3fc136daf057830512c5473c4653a8d66357927c4b7d204c07d7508f792299d7fe9

\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-core-synch-l1-2-0.dll

MD5 ed215daa7493bf93c5eadef178a261e0
SHA1 b20c8dc7ba00f98a326f5f4fd55329b72f8e5699
SHA256 8b7c8fc657e0dab0f2506001ca4bb76e675ffd18a2b4d9c1e03b876e008a7a26
SHA512 3ed052eada11c3dc44f81f330bd2a2526170515bc6a90281872a93ee49f9add8c9ad36b9a9e9185e251d664c1694d06625e0148e113addc32e53d705d2655f03

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-core-synch-l1-2-0.dll

MD5 ed215daa7493bf93c5eadef178a261e0
SHA1 b20c8dc7ba00f98a326f5f4fd55329b72f8e5699
SHA256 8b7c8fc657e0dab0f2506001ca4bb76e675ffd18a2b4d9c1e03b876e008a7a26
SHA512 3ed052eada11c3dc44f81f330bd2a2526170515bc6a90281872a93ee49f9add8c9ad36b9a9e9185e251d664c1694d06625e0148e113addc32e53d705d2655f03

\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-core-localization-l1-2-0.dll

MD5 602a35b140d9d68d7b3e488896158365
SHA1 f1ba615abb54ff786ddbc74dffffd56394bfc892
SHA256 43b98f74476c86107c8317749f54a107e2955696e4f79d3d02683dd7034d1d52
SHA512 4388947f90838cae8b5f8137c9ed2a099028b4341da8c574d536c6ad096bad0e217e105f0367750c70e3d3ca4857255b674955c71ecff0fda9c47a4b1951b8b6

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-core-localization-l1-2-0.dll

MD5 602a35b140d9d68d7b3e488896158365
SHA1 f1ba615abb54ff786ddbc74dffffd56394bfc892
SHA256 43b98f74476c86107c8317749f54a107e2955696e4f79d3d02683dd7034d1d52
SHA512 4388947f90838cae8b5f8137c9ed2a099028b4341da8c574d536c6ad096bad0e217e105f0367750c70e3d3ca4857255b674955c71ecff0fda9c47a4b1951b8b6

\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-core-file-l2-1-0.dll

MD5 422adad24e8da100f85bf3de86b5f302
SHA1 7004b3ed8663b5890cd25e1a7899a766be912728
SHA256 e04642684dc7376839c570bc11e9b46cae14420f1a85f7562fd2c4d656a22956
SHA512 e689ecb1a1cb1e7735cb6a961fd054d87bcad01acf76950b14a3bf4e08ddb7a8d31805c203374ee081a4ec13c40b25b3dc83b3895b9bfbd9c135673e98e6ee63

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-core-file-l2-1-0.dll

MD5 422adad24e8da100f85bf3de86b5f302
SHA1 7004b3ed8663b5890cd25e1a7899a766be912728
SHA256 e04642684dc7376839c570bc11e9b46cae14420f1a85f7562fd2c4d656a22956
SHA512 e689ecb1a1cb1e7735cb6a961fd054d87bcad01acf76950b14a3bf4e08ddb7a8d31805c203374ee081a4ec13c40b25b3dc83b3895b9bfbd9c135673e98e6ee63

\Users\Admin\AppData\Roaming\Code VBA Examiner\api-ms-win-core-timezone-l1-1-0.dll

MD5 a9c7db516186c8e367fed757e238c61a
SHA1 1318d6496e7146e773aca85be6d0e9b87a09e284
SHA256 ded52bac23633a03341969c5b98b0d94d24fa3284c1ddd0c489e453b39cec659
SHA512 6aad003287afe86abccf34f6b15338c0c7380f4837805d919064a26380d2f3f7698515f927c148e618c12f0943d3621184bebc70a8b07eed64ad88689fbcc5cb

\Users\Admin\AppData\Roaming\Code VBA Examiner\ucrtbase.dll

MD5 5dafe0bfb955e780b3d50da4524b752f
SHA1 91c0d9fabe748d373215ba21b90278671b5f8957
SHA256 6255112c9978c07a05c6feaee01cf4be74b2920dc7017fbc1a42f8f5d23c20f9
SHA512 37fd37f3ad87838f596d1e8e497fe66d1a1c4128625ab456ec850179dd1e1f33cf4945d0faaf6cdbd1ed586ecfb7ff3e7cf10a88a823cc5eb06c2fc4fa16bff3

Analysis: behavioral2

Detonation Overview

Submitted

2023-02-05 13:35

Reported

2023-02-05 13:38

Platform

win10v2004-20221111-en

Max time kernel

91s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe"

Signatures

Babadeda

loader crypter babadeda

Babadeda Crypter

Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe

"C:\Users\Admin\AppData\Local\Temp\e746622d49fbb761eff8dae70917972a07eecff7.exe"

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe

"C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe"

Network

Country Destination Domain Proto
US 93.184.221.240:80 tcp
US 13.107.21.200:443 tcp
IE 20.50.73.10:443 tcp
NL 104.80.225.205:443 tcp

Files

C:\Users\Admin\AppData\Local\Temp\BRL000011e8\BR816A.tmp

MD5 c5dc46c377c927c8e91b18cde57cf0fc
SHA1 22ce8600d4dbaf9af6eded556d390212274911d1
SHA256 a53f9dbbe62911ddc088a10bc8d10b5d8b30ed999438e788b6bfe24f0ba6e2b8
SHA512 f208b88f84b9fea0fc184926551eb60f843e997390ceed7cfde5ff7bb7c6b6bcd47a0d5021a92064e57e6b400bbbe21cec93fa2358728a29c35d2bc147cc1432

C:\Users\Admin\AppData\Local\Temp\BRL000011e8\BR81F7.tmp

MD5 122a3741699fb5c0950273245c9dea15
SHA1 811f9149e3310a8e6521da156f92f3aaab012145
SHA256 f675eba3b22e0a2238ec4961d99de3bacca0ab553ab26eecb49800a12a9371ab
SHA512 567c480f70fdc78769ae45bf83b6632f7ab380ebeb00689028d39ff03840c8b778149a3fafe1dab2ac77a1fd17a23b09f58774b1c5e791bfd33b99528225eccc

C:\Users\Admin\AppData\Local\Temp\BRL000011e8\BR82E3.tmp

MD5 08ad4cd2a940379f1dcdbdb9884a1375
SHA1 c302b7589ba4f05c6429e7f89ad0cb84dd9dfbac
SHA256 78827e2b1ef0aad4f8b1b42d0964064819aa22bfcd537ebaacb30d817edc06d8
SHA512 f37bd071994c31b361090a149999e8b2d4a7839f19ea63e1d4563aada1371be37f2bfcc474e24de95ff77ca4124a39580c9f711e2fbe54265713ab76f631835a

C:\Users\Admin\AppData\Local\Temp\BRL000011e8\BR8312.tmp

MD5 f5cec0e851d679bc6cfe5923c8cdd5c8
SHA1 5eee0f3192e2656d0891e363a5d69f61f457b186
SHA256 ac0976f2a6f221045d0fd22bb32bab0c8439d186acd118ad0faa2d69cbd2840e
SHA512 226f47164392ee339412f8ee5dad3faf40e26c52e2ae039826323ea0ef66d23776b1e972cd6f817e7dea1da0f87f20d3b6c7380fd8e891ec21a2f13dfc4915f8

C:\Users\Admin\AppData\Local\Temp\BRL000011e8\BR8342.tmp

MD5 a6f7a08b0676f0564a51b5c47973e635
SHA1 d56f5f9e2580b81717317da6582da9d379426d5b
SHA256 5dd27e845af9333ad7b907a37ab3d239b75be6ccc1f51ef4b21e59b037ce778c
SHA512 1101813034db327af1c16d069a4dfa91ab97ee8188f9ed1a6da9d25558866e7e9af59102e58127e64441d3e4a768b2ad788fd0e5a16db994a14637bfbade2954

C:\Users\Admin\AppData\Local\Temp\BRL000011e8\BR83C0.tmp

MD5 c04970b55bcf614f24ca75b1de641ae2
SHA1 52b182caef513ed1c36f28eb45cedb257fa8ce40
SHA256 5ddee4aab3cf33e505f52199d64809125b26de04fb9970ca589cd8619c859d80
SHA512 a5f2660e336bf74a1936fb2e1c724220d862632907f5fd690b365009ac3e1bf35fa6689071f3da4049e495f340ff83f8438b79079ef1f248b9dcaedbdd5d3e40

C:\Users\Admin\AppData\Local\Temp\BRL000011e8\BR83E1.tmp

MD5 77fe66d74901495f4b41a5918acd02ff
SHA1 ce5bbd53152cd5b03df8bcc232a1aea36a012764
SHA256 b017168c69ef40115141813e47122391602e1af28af342c56495b09f1c3c7522
SHA512 cc6e323d0076577a0a04dbe2c33d90dc616cb5ec3637d3df67cbf169766ca2e6de567fcff4f32938fd6118d98e4796642a3010b7264f0ae247fa8f0fe079bd70

C:\Users\Admin\AppData\Local\Temp\BRL000011e8\BR84DC.tmp

MD5 d74aadd701bfacc474c431acab7b9265
SHA1 8a2b424d1f949430ddc1faddee3e9ccb79c95de2
SHA256 f1029f5cca3dabfeffe2c9db6ad84a9ff0f64f5b2fb85cb6ab348740f756e07d
SHA512 0ef85e311fb4843997fd5f87f0a2eec9715e26eae76bfb7bb701d8c043720aeaf7f4825d25187bf35e0a9f00def15ed071120128805445f1330c07c3e0ea5ced

C:\Users\Admin\AppData\Local\Temp\BRL000011e8\BR86D1.tmp

MD5 924b90c3d9e645dfad53f61ea4e91942
SHA1 65d397199ff191e5078095036e49f08376f9ae4e
SHA256 41788435f245133ec5511111e2c5d52f7515e359876180067e0b5ba85c729322
SHA512 76833708828c8f3fad941abeea158317aff98cf0691b5d5dfa4bca15279cdad1cc23a771258e4de41cf12a58f7033a3ee08b0b5eb834d22be568ea98b183ccd9

C:\Users\Admin\AppData\Local\Temp\BRL000011e8\BR86F1.tmp

MD5 77c853090012e97f6ce9212e66ef8a5e
SHA1 69425ae525ceff28c14e4855c002db432421ca92
SHA256 122debc552cb9a54704c3bb4a363b2494df16f0797642e0dee84712282d4df21
SHA512 17b62a1defc291a8af7b7e701ca7ab1a0d72605c6595a52c89b8e94c4a49e2d037931371e9966ac66dc764e968dca3728633e81545d8ba6aba09d8f39a6f914c

memory/4836-142-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe

MD5 bd27db520fc5b84bdde116701338e561
SHA1 fe52c23197a661c03af85e124f31e60bfd019fe6
SHA256 161946d013bc1efdbaa7a9f7a0cc64af06f880a2c0050097f8c490a3dfe1cd96
SHA512 4e8c93c3effecd59e0b2aef9079e2ddd4bfa9f06eaeed429b52547a827a5847fcfc2d7b626cbc15e72db265255f6e6559ad784c6ca89a1a3e99156d5b0f93c9e

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\appAutoUpdate.exe

MD5 bd27db520fc5b84bdde116701338e561
SHA1 fe52c23197a661c03af85e124f31e60bfd019fe6
SHA256 161946d013bc1efdbaa7a9f7a0cc64af06f880a2c0050097f8c490a3dfe1cd96
SHA512 4e8c93c3effecd59e0b2aef9079e2ddd4bfa9f06eaeed429b52547a827a5847fcfc2d7b626cbc15e72db265255f6e6559ad784c6ca89a1a3e99156d5b0f93c9e

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\LIBEAY32.dll

MD5 2c4aee80c87af1aa5a297b2afbd5f35e
SHA1 0a4c89d0484418f4efdf444311eec9d1f86b307b
SHA256 0c75b48201829766b2b7aaba3e3d42a791ff6d3d17ddfee42bbe42ae20acfde0
SHA512 0aaf831b0e65cbcd37c62a1e515f0d2fb2a2e257bd87f5a00df618bcd90761bba722ba234db98c8c8cbb0177d7b27c603605728ccb3cb862b5344b18e0f0d91d

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Xml.dll

MD5 df3dc0b4449ea3e87bdb77e3ce1e7470
SHA1 3648d4f10a21821f63b6d5bb23f36b1e62e5d9c1
SHA256 ef00e3df3bea4181e913d22e7a7017c8eb4d8e0e4ac9ac45436d7cdf30808141
SHA512 5d3c95dcfa0672376427cb9fecab15cdce10f2d7843a2cde7a44ddb7f8d47ace91a07ad879ede19b5831f3fc3d4bd11ba99b237536c15447adc667c1c477b302

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Widgets.dll

MD5 23e5ebf7dad35f0569ec2f208c74a3d2
SHA1 721783554606c8785f47c608de047bafeeecf781
SHA256 9e024db068b3cd661027abc14b5f3c6f31d7e9e347673086a586da6c82c40c10
SHA512 6b1204b9634c00811b852793a53b188a53437b08cd50fb7bf4f6612be5827291f7b4425c1e40c4754738e70c2fe4396d9c7f19b9bbd86257b7d7d580eddbb3f4

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Xml.dll

MD5 df3dc0b4449ea3e87bdb77e3ce1e7470
SHA1 3648d4f10a21821f63b6d5bb23f36b1e62e5d9c1
SHA256 ef00e3df3bea4181e913d22e7a7017c8eb4d8e0e4ac9ac45436d7cdf30808141
SHA512 5d3c95dcfa0672376427cb9fecab15cdce10f2d7843a2cde7a44ddb7f8d47ace91a07ad879ede19b5831f3fc3d4bd11ba99b237536c15447adc667c1c477b302

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\SSLEAY32.dll

MD5 f600dee1e1242343c05b1d94c18540bb
SHA1 c47c2ac1a865c5afbe9e1ace852a72621576119e
SHA256 2f7d415c7018aaa8f676c94db3908d5040a00da2ce4e3fc8269ccf53e86ac9eb
SHA512 744259566f4e581885297a551920953fc69451e11e79e49a5b0251bb12cbaa56254bb5a49046620f60ef6de350d9039d1b82638e7e516760315aa8a9fdefd761

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Gui.dll

MD5 ecdec0e838c9a98bec9e3e14c51b914b
SHA1 c33eeef1ae3975441f798a651a8329e3549fe09a
SHA256 4a8c855f2415c548bf5b477f90f9b81c40e3fc46950332ffe0a9da75a33cf36e
SHA512 1e739d96acea7380a286de70faf5fd5852fd437acd18182a756d8a59c03293f5190162474172d847ba83f318a4a1fb7365764e493c3f041cefabd9ac9e2e5ac2

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\ssleay32.dll

MD5 f600dee1e1242343c05b1d94c18540bb
SHA1 c47c2ac1a865c5afbe9e1ace852a72621576119e
SHA256 2f7d415c7018aaa8f676c94db3908d5040a00da2ce4e3fc8269ccf53e86ac9eb
SHA512 744259566f4e581885297a551920953fc69451e11e79e49a5b0251bb12cbaa56254bb5a49046620f60ef6de350d9039d1b82638e7e516760315aa8a9fdefd761

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Network.dll

MD5 c5f3c3b214396224f50d1cb67cde2e69
SHA1 7873b6da40616f301c36bd58e5e70524bb96c076
SHA256 1e69f798afc35ef64250d2cb1cdf1cf5756385975fa74470450ed8e608872388
SHA512 ec67921960e7af895b12aae8bbc933f13695656ab7e381850f8a48e4d31a4bff3a7145458a6c1058b0fc4cfd2b3e1129efdde5334f36a762a62b5b58d880c5e8

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Network.dll

MD5 c5f3c3b214396224f50d1cb67cde2e69
SHA1 7873b6da40616f301c36bd58e5e70524bb96c076
SHA256 1e69f798afc35ef64250d2cb1cdf1cf5756385975fa74470450ed8e608872388
SHA512 ec67921960e7af895b12aae8bbc933f13695656ab7e381850f8a48e4d31a4bff3a7145458a6c1058b0fc4cfd2b3e1129efdde5334f36a762a62b5b58d880c5e8

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Core.dll

MD5 293bd22258209132cf35337827e6e0bd
SHA1 5529cb7ff7fe5edde9e557810aa4fe7419ceec82
SHA256 fa700c2a81bf2f22d0feb74a287ca906ce4376d14a0922b0c1382672bc29ab38
SHA512 49ce7123a0c02570484780e3c374b5a60e1fb85c9c47f486ba2c3fbabe933546e4912ad55d3d793e7020ea3405b4fccb2bd6f946e80d486f9d299ae09b733850

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\libeay32.dll

MD5 2c4aee80c87af1aa5a297b2afbd5f35e
SHA1 0a4c89d0484418f4efdf444311eec9d1f86b307b
SHA256 0c75b48201829766b2b7aaba3e3d42a791ff6d3d17ddfee42bbe42ae20acfde0
SHA512 0aaf831b0e65cbcd37c62a1e515f0d2fb2a2e257bd87f5a00df618bcd90761bba722ba234db98c8c8cbb0177d7b27c603605728ccb3cb862b5344b18e0f0d91d

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Widgets.dll

MD5 23e5ebf7dad35f0569ec2f208c74a3d2
SHA1 721783554606c8785f47c608de047bafeeecf781
SHA256 9e024db068b3cd661027abc14b5f3c6f31d7e9e347673086a586da6c82c40c10
SHA512 6b1204b9634c00811b852793a53b188a53437b08cd50fb7bf4f6612be5827291f7b4425c1e40c4754738e70c2fe4396d9c7f19b9bbd86257b7d7d580eddbb3f4

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\lognet.dll

MD5 3f1c8dfe58ef24cffc90988e905f8161
SHA1 7d26e165d1ebf692260797a811b3237300e7f31f
SHA256 89c458c242bc708fdb7f8efa210fb59b60d477c45bdc4183929c7e2f3d631ffb
SHA512 028536d5aa57cc45352cc309be4a4bf1773f71236add501e7951ba132901b3cf63bdb42a1ba6e6d94390ed03d92c2bd38a38bfcc4959c9a04b84a3c5abf617c9

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\lognet.dll

MD5 3f1c8dfe58ef24cffc90988e905f8161
SHA1 7d26e165d1ebf692260797a811b3237300e7f31f
SHA256 89c458c242bc708fdb7f8efa210fb59b60d477c45bdc4183929c7e2f3d631ffb
SHA512 028536d5aa57cc45352cc309be4a4bf1773f71236add501e7951ba132901b3cf63bdb42a1ba6e6d94390ed03d92c2bd38a38bfcc4959c9a04b84a3c5abf617c9

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\fftw3.dll

MD5 d7fdbc8549b82d25e757ca9becc446b6
SHA1 c957a2bc431a361680f6ba42e27d25afbb908498
SHA256 c3b595633eb076138d10a26bbff932669a7dec27c216efa02f0dd6764a8ff472
SHA512 1bb90cbe2e1db7c7956eb382e74b51e83f2f2e218d4bc219927c534980a856caca0dc578523493619e9921f3ee28084185d7d042d3f1e59e6e4e12baa17b91d9

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\MSVCP140.dll

MD5 fdd04dbbcf321eee5f4dd67266f476b0
SHA1 65ffdfe2664a29a41fcf5039229ccecad5b825b9
SHA256 21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794
SHA512 04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\msvcp140.dll

MD5 fdd04dbbcf321eee5f4dd67266f476b0
SHA1 65ffdfe2664a29a41fcf5039229ccecad5b825b9
SHA256 21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794
SHA512 04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\SDL2.dll

MD5 d60643229ea9b319f4de76ba47f0e138
SHA1 8811a3d790915e4bbe9deb1d9c7fa499a2679408
SHA256 eab38202aa56c843c561c6a5009efc8ef4468f547f55c562341be38ea512951c
SHA512 95095958378e4c2e0e3924c5245d8fc6f788b926e8e751d40c55dba0ad1c4ed66379fe8dc148a8c39618eeb75e94cba1b3859462051a249f09cd7b483ba45ccd

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\ZLIB1.dll

MD5 87104304432b5d91c82ea15a58a8654e
SHA1 3f52d71c68e74885645ef31ef57831a73232e562
SHA256 eb002fcaf11a08ce8916bcb9a27281b2832bd9668db21e72d915029d380c1447
SHA512 87b6f940a921cec9be5e48ed182ce0775ecef46113aca780f31b215612f24bf742d3c1c6cf94f258dfa8a2fabcaae7c2dc0651d6c4412635aa35086b58c117a6

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\MSVCR100.dll

MD5 411cd486b87c63fd35c9266aa3b595f2
SHA1 41624fe4e7e2e182105c028b75ade607deb508ae
SHA256 75f101c7696ec140d11df1eeeeaaa0128dce7bcb73e8527b5b87aa426836c904
SHA512 f368d28980417dfe77e9105c59697ff5db492331c99530b06a59f2fc8e72b1639d2cef527c6dc4dc688de9a5c0af2e0adce6d87bec6ed535951a94076d473293

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\im

MD5 4925ee881129c439d0f72adc99b27ee6
SHA1 9ece12714441f597d650ca70652f77f6b80bc3bc
SHA256 d677fede97feb8b1ceda92fdf55119dea4ffc15f85116f0ccdacede7e4367f49
SHA512 e5327880001ca5d90932a97bdc8616e6609d6cc263bbe3031830aa9c510a1cbf9256a810e77bfe99c84a5df5f9dfe37f9cb8bde4ea3cff3c0eb04fd5fbede190

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\libmagnum.dll

MD5 53634bc76f19ea065981ac1b02225df9
SHA1 7d1cb4ae535c30d2443c4b8f14927300c8449839
SHA256 e9053b628bf89440e0ad4874a5c234fe058539f20f9bf02d36c7492fed70857a
SHA512 3b46f34b4d370f44f219f0a404ae1f9a53897ddaabfb7665197dc16b538a13d9ee89af7053fd74998dc38321af8f076759f535d5a855f6ff5212d88704c79d3a

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\libmagnum.dll

MD5 53634bc76f19ea065981ac1b02225df9
SHA1 7d1cb4ae535c30d2443c4b8f14927300c8449839
SHA256 e9053b628bf89440e0ad4874a5c234fe058539f20f9bf02d36c7492fed70857a
SHA512 3b46f34b4d370f44f219f0a404ae1f9a53897ddaabfb7665197dc16b538a13d9ee89af7053fd74998dc38321af8f076759f535d5a855f6ff5212d88704c79d3a

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\msvcr100.dll

MD5 411cd486b87c63fd35c9266aa3b595f2
SHA1 41624fe4e7e2e182105c028b75ade607deb508ae
SHA256 75f101c7696ec140d11df1eeeeaaa0128dce7bcb73e8527b5b87aa426836c904
SHA512 f368d28980417dfe77e9105c59697ff5db492331c99530b06a59f2fc8e72b1639d2cef527c6dc4dc688de9a5c0af2e0adce6d87bec6ed535951a94076d473293

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\zlib1.dll

MD5 87104304432b5d91c82ea15a58a8654e
SHA1 3f52d71c68e74885645ef31ef57831a73232e562
SHA256 eb002fcaf11a08ce8916bcb9a27281b2832bd9668db21e72d915029d380c1447
SHA512 87b6f940a921cec9be5e48ed182ce0775ecef46113aca780f31b215612f24bf742d3c1c6cf94f258dfa8a2fabcaae7c2dc0651d6c4412635aa35086b58c117a6

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\vcruntime140.dll

MD5 ba65db6bfef78a96aee7e29f1449bf8a
SHA1 06c7beb9fd1f33051b0e77087350903c652f4b77
SHA256 141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493
SHA512 ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\VCRUNTIME140.dll

MD5 ba65db6bfef78a96aee7e29f1449bf8a
SHA1 06c7beb9fd1f33051b0e77087350903c652f4b77
SHA256 141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493
SHA512 ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\fftw3.dll

MD5 d7fdbc8549b82d25e757ca9becc446b6
SHA1 c957a2bc431a361680f6ba42e27d25afbb908498
SHA256 c3b595633eb076138d10a26bbff932669a7dec27c216efa02f0dd6764a8ff472
SHA512 1bb90cbe2e1db7c7956eb382e74b51e83f2f2e218d4bc219927c534980a856caca0dc578523493619e9921f3ee28084185d7d042d3f1e59e6e4e12baa17b91d9

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\SDL2.dll

MD5 d60643229ea9b319f4de76ba47f0e138
SHA1 8811a3d790915e4bbe9deb1d9c7fa499a2679408
SHA256 eab38202aa56c843c561c6a5009efc8ef4468f547f55c562341be38ea512951c
SHA512 95095958378e4c2e0e3924c5245d8fc6f788b926e8e751d40c55dba0ad1c4ed66379fe8dc148a8c39618eeb75e94cba1b3859462051a249f09cd7b483ba45ccd

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Gui.dll

MD5 ecdec0e838c9a98bec9e3e14c51b914b
SHA1 c33eeef1ae3975441f798a651a8329e3549fe09a
SHA256 4a8c855f2415c548bf5b477f90f9b81c40e3fc46950332ffe0a9da75a33cf36e
SHA512 1e739d96acea7380a286de70faf5fd5852fd437acd18182a756d8a59c03293f5190162474172d847ba83f318a4a1fb7365764e493c3f041cefabd9ac9e2e5ac2

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Gui.dll

MD5 ecdec0e838c9a98bec9e3e14c51b914b
SHA1 c33eeef1ae3975441f798a651a8329e3549fe09a
SHA256 4a8c855f2415c548bf5b477f90f9b81c40e3fc46950332ffe0a9da75a33cf36e
SHA512 1e739d96acea7380a286de70faf5fd5852fd437acd18182a756d8a59c03293f5190162474172d847ba83f318a4a1fb7365764e493c3f041cefabd9ac9e2e5ac2

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Core.dll

MD5 293bd22258209132cf35337827e6e0bd
SHA1 5529cb7ff7fe5edde9e557810aa4fe7419ceec82
SHA256 fa700c2a81bf2f22d0feb74a287ca906ce4376d14a0922b0c1382672bc29ab38
SHA512 49ce7123a0c02570484780e3c374b5a60e1fb85c9c47f486ba2c3fbabe933546e4912ad55d3d793e7020ea3405b4fccb2bd6f946e80d486f9d299ae09b733850

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Core.dll

MD5 293bd22258209132cf35337827e6e0bd
SHA1 5529cb7ff7fe5edde9e557810aa4fe7419ceec82
SHA256 fa700c2a81bf2f22d0feb74a287ca906ce4376d14a0922b0c1382672bc29ab38
SHA512 49ce7123a0c02570484780e3c374b5a60e1fb85c9c47f486ba2c3fbabe933546e4912ad55d3d793e7020ea3405b4fccb2bd6f946e80d486f9d299ae09b733850

C:\Users\Admin\AppData\Roaming\Code VBA Examiner\Qt5Core.dll

MD5 293bd22258209132cf35337827e6e0bd
SHA1 5529cb7ff7fe5edde9e557810aa4fe7419ceec82
SHA256 fa700c2a81bf2f22d0feb74a287ca906ce4376d14a0922b0c1382672bc29ab38
SHA512 49ce7123a0c02570484780e3c374b5a60e1fb85c9c47f486ba2c3fbabe933546e4912ad55d3d793e7020ea3405b4fccb2bd6f946e80d486f9d299ae09b733850