Overview

overview

10

Static

static

1

27828516c3...18.exe

windows7-x64

10

27828516c3...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    155s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-03-2024 16:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    27828516c38739491a3d20e733850aa5_JaffaCakes118.exe

  • Size

    7.0MB

  • MD5

    27828516c38739491a3d20e733850aa5

  • SHA1

    823a9262cfea211e5ca6bb211c185661e3a5f33e

  • SHA256

    2e8b750d6a8b14cff802d89ba55447014d63ffd4c5c711f36e900d6a9aff66df

  • SHA512

    517016ed37a6c912910e8dd9d36599ea6b1389af2df0ab4b68b9f1328ff0f4bd0b6e20cc32e81fd47c96168a4db2cf9abaff969dab3121a9e5f37ed90f3e4738

  • SSDEEP

    196608:QL6ocnTV67JnbhUtuvbPORiE9Z1v8KMf4UUIHSMi:a6JnTE7Jn1UGW7v8HQsi

Score
10/10
babadedaremcosbk_upcrypterloaderrat

Malware Config

Extracted

Family

remcos

Botnet

BK_UP

C2

185.7.214.157:666

Attributes
  • audio_folder

    MicRecords

  • audio_path

    %AppData%

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • install_path

    %AppData%

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    dll

  • keylog_path

    %AppData%

  • mouse_option

    false

  • mutex

    GFHDGFHhkgjjhjfFGdesdewsddfGH-GL07UD

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    Remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

  • take_screenshot_title

    notepad;solitaire;

Signatures

  • Babadeda

    Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    loadercrypterbabadeda
  • Babadeda Crypter 3 IoCs
  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 13 IoCs
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\27828516c38739491a3d20e733850aa5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\27828516c38739491a3d20e733850aa5_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4636
    • C:\Windows\SysWOW64\msiexec.exe
      "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\adv.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\27828516c38739491a3d20e733850aa5_JaffaCakes118.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1711490729 " AI_EUIMSI=""
      2⤵
      • Enumerates connected drives
      • Suspicious use of FindShellTrayWindow
      PID:3852
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4468
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding A566658444B201CC979BF5B9169AE19E C
      2⤵
      • Loads dropped DLL
      PID:5072
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding F1F855D2F9A1861C3BD1CC3AEA4EA950
      2⤵
      • Loads dropped DLL
      PID:2716
    • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator\powersnmp.exe
      "C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator\powersnmp.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1348

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\e579ca1.rbs
    Filesize

    33KB

    MD5

    5769e0b82bad226b3f658c9af70b586d

    SHA1

    12d18c6eb833487d682b5fdd239d0d6218a57335

    SHA256

    30042d157bc7b9ad5806de1aebe9408fccb7c6fd2d4172d15e0d919c132a9061

    SHA512

    4c1329bcd738d8143fd85ca7d5049966725cffeab23e873cdad1e300fb3541ad22abc606c3b4bfe88e1f9de37f57dfa41b629ecf3cf3519a47caead88af70c24

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSI9888.tmp
    Filesize

    393KB

    MD5

    3d24a2af1fb93f9960a17d6394484802

    SHA1

    ee74a6ceea0853c47e12802961a7a8869f7f0d69

    SHA256

    8d23754e6b8bb933d79861540b50deca42e33ac4c3a6669c99fb368913b66d88

    SHA512

    f6a19d00896a63debb9ee7cdd71a92c0a3089b6f4c44976b9c30d97fcbaacd74a8d56150be518314fac74dd3ebea2001dc3859b0f3e4e467a01721b29f6227ba

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSI9973.tmp
    Filesize

    866KB

    MD5

    0be6e02d01013e6140e38571a4da2545

    SHA1

    9149608d60ca5941010e33e01d4fdc7b6c791bea

    SHA256

    3c5db91ef77b947a0924675fc1ec647d6512287aa891040b6ade3663aa1fd3a3

    SHA512

    f419a5a95f7440623edb6400f9adbfb9ba987a65f3b47996a8bb374d89ff53e8638357285485142f76758bffcb9520771e38e193d89c82c3a9733ed98ae24fcb

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\API-MS-Win-core-xstate-l2-1-0.dll
    Filesize

    9KB

    MD5

    c6d1a1159e1df20726bdb54a06b245cc

    SHA1

    ae424c1bdbbcd20b31f2ed4e6e2bb1e0bd83fb3c

    SHA256

    32ac9c9a7981cbd858197bc7220f30c39bada26eb3e1c06d235cbfc48f321216

    SHA512

    989d93693b11b9b2e0fba462dbf25a0dfef068fd45f5ed329bd910c7a329963a30df42bbaf6df07a5ebc29f94c75dc024c5d5165c00320ec30302bc3aedc89f0

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\adv.msi
    Filesize

    2.1MB

    MD5

    f57d90ca47cdf25daa0bbc00bc18429f

    SHA1

    59bdeecfe04a153fbd82286de439b82841716acc

    SHA256

    68349b5df0219b1f6a32c319ead4c545b42280bcfc53c4239934e2fe08b4235a

    SHA512

    b719a266f108ad290fe5e70fd5e81cf4952327f7c8b8d901f07a9d93dd32cb9d354765a66de7c433784a5177b83eaa43b588b4139915bb619d217cb75d001c66

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-core-handle-l1-1-0.dll
    Filesize

    9KB

    MD5

    3fa0e776b686cb0cc635c60111e4c17e

    SHA1

    c7ca3b263f8919bb53c674f48c861cdee40c7306

    SHA256

    7a3ab249091f68728e08b6c52a23009d194ff433b990ec4a79c9e1367a0503a9

    SHA512

    f3ef8e192e1f460e15aa4c9c1b556bf8a18ae5c5c6ceba06a482af8f3958ed5c41903bfcd85091714d5b9a364503b1479c2b98d0e189ba704f165f937357735a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-core-heap-l1-1-0.dll
    Filesize

    9KB

    MD5

    9249c6047a70da77505ac028296f4c11

    SHA1

    a41dd10c73af0f2d91610c81276f737e2cd399a4

    SHA256

    e2fde6f30b39508ad36338b11c626c22db725908be13824c11c7e2b64b8b1714

    SHA512

    c8a88da0fc89d22459172b8230df57855d8d11048ffc220a8fc85a870b48a9f988b2d480b7ee209183b813e98a11f8e5caa47539b765ed6e5903220a3f570a17

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-core-interlocked-l1-1-0.dll
    Filesize

    9KB

    MD5

    1c0a13452168b0abc94768a0583da0e9

    SHA1

    2d6be592f81f8aea2c53f7b970f3800d4e4df4dc

    SHA256

    1cf54da2df682162430dc612bf5a3a230dab684d83d2e933598ef2d63dd3d8a3

    SHA512

    81b3cb04a14f4ed345c707c5327f3d545f5cf46fbe93554b55543fff3027f14f6c3231284fb31775027a65ad8bf550111c08b03758bc0fd308d76f6a7f59ef44

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-core-libraryloader-l1-1-0.dll
    Filesize

    10KB

    MD5

    ca4da696d643460a39ed95e89d1f88e5

    SHA1

    169fd3db84149b6ecd69ae91be6753dd1314071f

    SHA256

    e0a4cbb12f89889fb9c5936f8bb3859e84f750f704fbbbdee2daee21e7dc6a30

    SHA512

    e5dd1c79b1f5084015491c92e5c903a5945d1a56fe2c13d0483a8973daf63a95728f3d81bda759e9fddff34609ee3a9292c2299de4864f3f11ecda5bb2793387

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-core-localization-l1-2-0.dll
    Filesize

    11KB

    MD5

    d4b84893705e2c246490fe20a40102ab

    SHA1

    0d940cbc25fbabe57d78d32bc52b59e768d3715f

    SHA256

    f047a504fc0c2c051287f46e3456c871339ec797df96ded873a22d49889eb749

    SHA512

    3c2a89b79a6da8cd6c24667b95f6fd175e07130a74c3ac12f3e2083077d42a19d860ed0189a1a5a042e3c8773bcba74cd2a4613aeb0c0a70698a5f3e007b2fb3

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-core-memory-l1-1-0.dll
    Filesize

    9KB

    MD5

    278bae8853cd07599fefd924103091bb

    SHA1

    d9b3d97c88570adbe8b23ae526d6a225a06f3bc3

    SHA256

    b594a6e0c0356572bcebeadde7f4d318a1041ac1b5f6e023cf130d219a91fb30

    SHA512

    fe913e261b3227dde725165a34d9c6af88640bf2386e1d2b6aa308de61298df9ce19e7de0582440a677ff709e9416fe3a74f2fad1500a136f8d1f3eae0f55c89

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-core-namedpipe-l1-1-0.dll
    Filesize

    9KB

    MD5

    ff8ac9369e35ca91a89dbb8ae2a35c39

    SHA1

    0a5857f0efa423081df4430273fdfd3b740b933f

    SHA256

    b7f86ed3fc0e0c1eb05da96d47f3336be705ef8a622d8fd8bbf1030074987691

    SHA512

    b6fdf947cc4234f9e1b78f31309fea384212fedd257df6cac22e3457cfc039f55071987096e8baba771fc8e6ff75e5c6366f85d40a27306fb0bcb82c2af5c884

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-core-processenvironment-l1-1-0.dll
    Filesize

    10KB

    MD5

    b0a8b962fbffccf4887891d06d6930f4

    SHA1

    aefe232b372fa0c907edae789472c136b34058de

    SHA256

    2883a5708f19f99475035f53fcf0433edae0a0e08d93ad023902c302ac8493a1

    SHA512

    b83bdca2268ce5ef872ab359af5801c0f1f8285fdb5d8a30c857693faac03caf444a4bb002679ae9ef88263e34ebf6d79e1800b486f04232230119d4d18395a9

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-core-processthreads-l1-1-0.dll
    Filesize

    11KB

    MD5

    c6075890623d20fe25934107a2887176

    SHA1

    9a83a682cdb9e304ad1bb914cdb0751c58affe28

    SHA256

    4a5916080b7349fd9b657c04e1e7a848df04a1bee195f6b6b3301e18cb0c8b9d

    SHA512

    0cc6c90b119635431b241a328c69f21f95d6ac967887d45c21117c45d9ce108362502cdf14d10128f3397930fed1b0b4501085b006c43506539a78b55b603a9c

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-core-processthreads-l1-1-1.dll
    Filesize

    9KB

    MD5

    31793ec93ec9f1e187714d096611b5bc

    SHA1

    64093509b31eec092f2697ae00480840dc32b6fe

    SHA256

    c0917e7e1eb9310bbdcc96e6f150ba8b8b34ca17b28a5e59fdfac9f517cd0922

    SHA512

    dd434f849a4f2e9f0e73894a947ad37833c248074082dc6dd7eaf60427a67a9410b636cca9abee9e1b99762b3eeb5aefae1dd0280c85c574d021d81b26a87d68

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-core-profile-l1-1-0.dll
    Filesize

    8KB

    MD5

    4490653137e5add800046027dfb7f950

    SHA1

    35f8b0bb859ee5ba5e9b854f70d2a371eec65101

    SHA256

    93361b2f66f9b3017c5fa5455f43058be7db8aef3b9f5dadec7cd79898f86f7d

    SHA512

    a1c475f8cbc53bd571c4a7f27084be5812e99388b8cc24d3c876eebcd371e1cc16dd64e336d506d6fd6ff5b35c5d84d9fcc76ef60b9133bb4d3289fe80b2eea4

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-core-rtlsupport-l1-1-0.dll
    Filesize

    9KB

    MD5

    ef0cb2b988bb6f6d444e4feb5e96c4c1

    SHA1

    fe86b74174d0d30d6ce565da0a6003ed00aca7e1

    SHA256

    b8cc20183820322a298cc782ed86d97143a651aa11d8bf30038764d9398e75b4

    SHA512

    10b9bcf0df53a5f4dff8c600a5fc3d6443ceaba5405528d60d48a299f6571c7183c7794b29a8bf2912f06ccc732626ba081306d33957bbe996730cd41dee99d1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-core-string-l1-1-0.dll
    Filesize

    9KB

    MD5

    ab807e67cd4dc5d037d0409913d8f80d

    SHA1

    cee9c8eda09ea4a32514a2a64a91b8e7df763c83

    SHA256

    f8eeefc46268088461ec2b37fa09af995052d721542d0aa99caf3f3db1058f73

    SHA512

    bd61fe1c8798945ae0e941a9ce6bd3a027fa86352e5a566cb6bc4ad2438ab4edc176032dfe785d3a5ba3a274021faedf2b62ba7e71925b657274051f55bfcb68

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-core-synch-l1-1-0.dll
    Filesize

    11KB

    MD5

    3ce632480e98c5f57532cd5b07623151

    SHA1

    12c2b675a8b480efc96d57d7b25301a76513e4bb

    SHA256

    502357912f5f8f9526f1d5a978aa595d8226b6ecdd60e607abd78aa37782c4a4

    SHA512

    3cfe6d45e49dd4a594512ce6fc89b8e562afd8d8884d64405dac174a53a91eae48200579d20b29aeff47ae6e2893074a92f77c171a89ed501598feb3931bb484

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-core-synch-l1-2-0.dll
    Filesize

    9KB

    MD5

    9fb78b09692ad0cee8b5cd283c6ca56f

    SHA1

    b359f653bef423950c05daa3b3e3c5bc2874576e

    SHA256

    145131ede3526a3fc6b4cb3abdc00514bca52cf7b5a7696ffb0ed8e7c0aa7834

    SHA512

    0c064a0d56a9602a9559065bff0cfb02917af3cde9272b99ff30da9bce59dd5126c70667305d9fb64ed13637f1267b62c24a1e25ad4dcd7cd3c79a12a6285c17

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-core-sysinfo-l1-1-0.dll
    Filesize

    10KB

    MD5

    7b4aaebda2ced4882b9c5e205ed276ce

    SHA1

    df6174b706961f778791628a9d5e8a3198ab6fdd

    SHA256

    f38b6f67c988a76c82dc8600c72865eca53f3ba48fc4b91c153092bbd642f2ad

    SHA512

    af81f1ebf3ab545c1c2e453ad1ff3c1e1f192a772d7a19c41ec4d68fdd3d874cfa6dd488d109586cd55df9b7775bda4b374f41301f524296d3d81a1b94b14015

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-core-timezone-l1-1-0.dll
    Filesize

    9KB

    MD5

    2c9e3c220c46b58512dcd93e2670abcf

    SHA1

    dbafc8b15b160b35747a8a0de7225b4f317d4b95

    SHA256

    7bb65725a2e5cfc130eb6883ecb340b7bdc1b90cc33d31c638b0ae66ae8c318c

    SHA512

    54fe5e284282e7a19e6b64e1424c9972eb0887a98e7f21135297852bd662bafefac3a15438355deef84172b920100771ebc6104bc291b3e5dfa5ada6cebd95dd

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-core-util-l1-1-0.dll
    Filesize

    9KB

    MD5

    b48a159b580a21f048ffc5b90b2aa6ad

    SHA1

    00785243ba9341798041d6212a0779ed76c4d347

    SHA256

    2c4c6770441f03465509c16c1a78c6194133bb636e861e1ea09b26aad521cea2

    SHA512

    39a5b59f7147c3eba9c4618c351f7ac2c45e64dcd058042a843c44e977f07de96948e2ae1c39ef2fc8d7143d13b3ad78a43c0fbef834c6e2dfe7d601858e4e52

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-crt-conio-l1-1-0.dll
    Filesize

    10KB

    MD5

    9c236c9e60e61a5cf6e70637a6a0e544

    SHA1

    93c219d6fb295f9ad9f76b34d5b2801e041d6374

    SHA256

    76c077c4a7832f2d4532391d486267264cdf8dedd73261cf93f3c97ac615d549

    SHA512

    821038430d70a089fd703db94103d6200ddfe8b240f5fcbca084a1ff4969d8cfcf0786a166f60b91db81aa6bcf70bab295e17589aeecea4c6cada40360733a71

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-crt-convert-l1-1-0.dll
    Filesize

    13KB

    MD5

    f28b8963cee07f284fdfb43e7dd597ee

    SHA1

    ae2735eebf2a8399fd20064393c8193a97cf1633

    SHA256

    dba0a2c8ff7c29e8b3b78a613b33b2a025014b4d8ec879f53bdbc35d3a3b9887

    SHA512

    0eac19521d18fab06e9255103f61a8cade48c64152533cdd018be75265965a5c19875a10d01827b145909737be9fb7b4353c47042a0238077f382057fbfc81be

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-crt-environment-l1-1-0.dll
    Filesize

    9KB

    MD5

    ea1ee640c96f6d3440d480eb592b358c

    SHA1

    e318757ab3a9957c76deb0c870ba93471a34b975

    SHA256

    8c123d33b7be2f3b0af9ece9d678c2e46391631665cde12a0e98f50bdb97b13a

    SHA512

    5c4c77f9b104bbbd91e21cbd0c632c38e41c057be58acc2561b971f001eb76583f09ca2913ab8edd218a17400556443d71a6ab4b936ac315ccfe66a11eef564d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-crt-filesystem-l1-1-0.dll
    Filesize

    11KB

    MD5

    6a33a463ea36b3302e558ca30ce088ae

    SHA1

    0e25639290f08709655ee948d95ccc194f3e5d02

    SHA256

    4f796d33c99adc71ff87b83d5fb86e1a71dd77fef63e4679f49557c984ff210d

    SHA512

    2bd69c946491349cf1f687895856029e216f4b4aff4afee5ef0e108908db398edf57dabd7df54e223275eccd6d01b27797bd10d8ac2a6e194ddc0ee61fc8a7ed

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-crt-heap-l1-1-0.dll
    Filesize

    10KB

    MD5

    b71a08a274d47357ecca41d7e1688373

    SHA1

    a81bfe436a7f58eab3e35b574b0d517addbf8a12

    SHA256

    841abc4ef3c4525c6d0c778117437e9da1d140470352a0c213a1a7f4a55c57a4

    SHA512

    ee2c2d341b678a32bfa7ac22e56beae303d5f98db4c7d4fdd3eeba58b1d9901602e8dc3a2fb9f2576676cc0792722bc50eea4906ff0a9ee81efba053225fa93b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-crt-locale-l1-1-0.dll
    Filesize

    9KB

    MD5

    69f968f71943ccb31ef3623add2e5deb

    SHA1

    960879280743ad7f732bbdca8a3e0538a4e8f34f

    SHA256

    2e5f177565a4e6a97350388c063f957140db07799618acbe0ab2cd2684e5244c

    SHA512

    9b312f04833c9daa8505cc64f895baa0c83ffc2efc4a9c1329c98b6a5a1f538e75095f56880d9eae0ed7be18ca592e286ae77f06c7ec6a0c8f6aaa2591630e03

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-crt-math-l1-1-0.dll
    Filesize

    19KB

    MD5

    2fc94139ef2415f09d4019436c5893e1

    SHA1

    8239d3d10b2682553d5f927ce488e110f983f082

    SHA256

    8dda938588c7e2fbc36e0329b8a8d122f3bf363724dbf5e62fa205d9d5fb79a6

    SHA512

    9f694f016ea7a12bdda239c07d1497cf40ddc07991057f23c7132df61aa518ab01bb9d73bdf1f96dc6d18c6b86a2dde86231592aa38d96dce2b840a03c05c7c3

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-crt-multibyte-l1-1-0.dll
    Filesize

    17KB

    MD5

    15ff8cd6cfa210eee7351fad81b6f05b

    SHA1

    ff0d0aaafa1222bbde34cfd80b0927af15f9ca1f

    SHA256

    2127d6e30c14209f903ba60bb348074ead409123e2e1f1b38495c2b0c37cbb86

    SHA512

    f900a25d7c57903d40e780a880d70b2dd988a48039da451d71b46efca3d08ca06733568449324861192863572265167bc5b1045e6236cac76a48469878b0179e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-crt-private-l1-1-0.dll
    Filesize

    62KB

    MD5

    f4ded00886060a3b4383cbff84a549e2

    SHA1

    4a2341623c518e358fc62e2807673fb6cf1fab0f

    SHA256

    422c2affa32975992cca063e8c76b1cb5b5e2d502cdf6be6257b48023afdcb3a

    SHA512

    bc9339d1fbd1bcbf8fcde5b9a024a44c1b0beb4b7a2a7044e66a798a23e07e3d6f45cb065f26116385c94c31938c0d251fed1e5a5861b34ce7255f19e7702b99

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-crt-process-l1-1-0.dll
    Filesize

    10KB

    MD5

    adbb9d7327dd24bce73c566cadb00fc6

    SHA1

    8a7d817eead1062d616c085c2ed8db9968901ea5

    SHA256

    3d87fa0ba60b005ee381388f7ec13fc4ac2548be05325f60ae677a512f8ad2ec

    SHA512

    61effe4563daba6bfe027973e2a79280520a15898e11997774cbc4882641c5e508861771f76009a56e0c5e28f7262af7664ad914869daf951da5a14397a51c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-crt-runtime-l1-1-0.dll
    Filesize

    13KB

    MD5

    aaccd10d6cedbb73496380d0d1be1798

    SHA1

    618279be52c0756540d22bc98fea570d591687e5

    SHA256

    64f658b918a73aca326cc6c9f7543d7abe1706335f7683a2e4691a37f8c146ba

    SHA512

    96fed5540405b92c3a0e8105fefc6eb34c568f2c378ab121688306fb77f32cf66feff2b6a90b53db32b7987d4440a4b824a93a26f88a3cd3cda34545e5a0868e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-crt-stdio-l1-1-0.dll
    Filesize

    15KB

    MD5

    7e1aafd095ceaed8408a784799d32461

    SHA1

    5fc2d2ba6223320ab87e60e00c480690a4216b74

    SHA256

    753a40fd838dbd0f0f86133858ecebf35c969d0329f0067fb7dcc283a9966c3c

    SHA512

    f956707b146d76aa4d14e5b665631142710f8dd16c4d597a300c13a0f9e10520da577e1b8d0db648212b24457460e56b02a85726c2c4d52034fc18d3b5ebec8f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-crt-string-l1-1-0.dll
    Filesize

    15KB

    MD5

    6e3edbc12992d36d473f5499d8757d77

    SHA1

    9d50a47c8a63d67126dcb1c0fd283d48ba5b893d

    SHA256

    92eebf142060ce2d8ed6e8e3aeaa7dead8d388ffe99b7a6ab0d0709c7d7c262a

    SHA512

    7b1ee43bedbe292aaa784369f8391250dc598e6cf8686e4d69f96e10c29c99a9ef54edec32a5cccdde41bf63c8bad3150236c3c6bba71a5418ed0f639ddc8c16

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-crt-time-l1-1-0.dll
    Filesize

    11KB

    MD5

    d63250c999cd31894ed418e970300923

    SHA1

    6717a785d37da7b00ddbcaa715c7d6e81feec77f

    SHA256

    eeb0430c1807eed6e03e8f826dad8eb1a4356a52aa0991ecfa9d5944ba4c3327

    SHA512

    2c564e933e03aca11d5673739110a0b56e7ac684e9226f65875b985fd17ed169d59ff663bb4056f92e9bc79d96ff3f0718fa04945c6ea768a66ece38165292cb

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\api-ms-win-crt-utility-l1-1-0.dll
    Filesize

    9KB

    MD5

    f1b7dd4337c6c6b6179b8fcc77159ca2

    SHA1

    968dce64676ce80b35c867a309894568a6776ddc

    SHA256

    970ba300d98dc6e9e9ca54e2725897f618f56324b60335d3cc2f249bbd657705

    SHA512

    9fc6adbaf4f5b226b4b6cf22b3ecb9d10f55b20c3bd7704764584d0e40598a3679947d733659855ddf6994b90956e496ac2d568ab6c46efd7a9a8b8fc8a81fea

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\ghl
    Filesize

    1.4MB

    MD5

    16de638fabbe6d9a106104a805839271

    SHA1

    451edadad6701860d7c0308e061b6518efb75010

    SHA256

    cb508acdfd23bffbbdac3070d5b6091e3d5173a3bd1ae3b52f7fa0a2758ad5d5

    SHA512

    5b03a92d619ff8cf76210510364c7672be609f7bdbf924cd8cc99a3ef24a5961f48ecf040eca5ba3936b20482441a1dc4da8ce49d5e305e123f6fb039d5cdf96

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\icuin51.dll
    Filesize

    4.8MB

    MD5

    9d35e463b18ad70cffba04a35e85850c

    SHA1

    e4d8bc838410a813f83cfcad12f8b1d38f405e36

    SHA256

    842c65e150db5d7c26bc8d569a8fff27dca86282d13a9512502e423bf9434d4d

    SHA512

    2a72e459acaca85fbd08b15bd843996c04fc98031d91c63df2a6790367beb2c077db879fc6713205b2d2ca38dc53f92f1f6b9ff0153c1772f85eb6c471f95bb4

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\libftw2.dll
    Filesize

    1.4MB

    MD5

    21022f1a4d1f0706b5f8f489a0590598

    SHA1

    9787b67519e7a6ca9fc31e0cc5c73bee54cbd393

    SHA256

    fa8cb25c599e083a944ce9971031cd552e18e4bc5431222948c3580e7789976a

    SHA512

    5059cb63afd1428308b4ec87a8297af3d30e45ea4acbe040030b2d320108e3b952fca6f60de499ceab530b57468ea03c2c7fad55e4333cdceef854252c35eca5

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\msvcp140.dll
    Filesize

    424KB

    MD5

    a1f7dafae09c45a40a57e32c0ae4ad8a

    SHA1

    e0cbdce0f806d3784d7dd4cb8dc738969a1803bb

    SHA256

    c4c120a7770537bc50f0c9f6705d8ddd5111461427deaedf6c380da3feb08660

    SHA512

    46d382a13982568ba4f843ca3b5aedbabe237824bd55379af6230a08db19f8d08fcd45617f1f084f4dabc965a1fef1cbe0a535dd47a58f64ec19f298cc41e113

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\msvcp140_1.dll
    Filesize

    18KB

    MD5

    3e79e6d7c9bd8eb75d66d3496b315787

    SHA1

    7b3555c8d64dfbf63e4aee0c892437957c67ad76

    SHA256

    02425b1451af5b47fd8949c27d6d3d1b51fda126b0f075000c04dbd50ef32420

    SHA512

    ac013e64f76d46f66a4f0f94f2414b832e011170c421fdd3a92c26f94122c8d6e84320902bec178972d53cb074e7a63e2f62c8be589ee72852016e345dfba037

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\msvcp140_2.dll
    Filesize

    160KB

    MD5

    107f84fe5df102ee54282003f38a1e4c

    SHA1

    6a0b699bf7b4a0a73f3526dd89f9b7133a644745

    SHA256

    96620a8e5b812281de3f702bbebb8a788425952bac3b8f876c526dc18f00ef9f

    SHA512

    899dd2a13d7ff7cc75ddf4b3ea33b91c7e7a4acd953ef743e2e7f088bc7871ccc8d5a5b0815b7c70c48edd986f4c1cf228835f0461288cdc00f15af4dff99abf

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\msvcp140_atomic_wait.dll
    Filesize

    48KB

    MD5

    3fc0a8ee9e8ad8bfdeb69fac53110d3a

    SHA1

    e9aeae5b328add59a5652e14f0c38644c22de95e

    SHA256

    ca8b77453956c745895723b83aacc826f71843be05cde9549cb8fc495ffa2084

    SHA512

    36f73b8f7ef086199041a4c703399c35ab62321ea34104c4beb203b0956adefc35eff5970d7f1aae1b0b3a49add8a94830bd5093aac02948bc5699a822f5fe22

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\msvcp140_codecvt_ids.dll
    Filesize

    16KB

    MD5

    156a7c391e04b47857a8090130a007a4

    SHA1

    18465b5e3f6e3fa700a83d9fe78d3e344717a50c

    SHA256

    031c1ca46e00f407fa33bd90b27956adba49b62de99f4fd4888cd7aa4a0ed33f

    SHA512

    2077cca8120760b32280e8559346077fef7d5607a2035c7b28cf81426a1752d2aba77e2f89768f2976a066b4a7d409618e09272a671c85595d262cdc2e9c09f0

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\powersnmp.exe
    Filesize

    237KB

    MD5

    34d5811141e1d515b544fb7d62bcf079

    SHA1

    861d5104b3e5b721ca289fff4ebf3afa0cc4166a

    SHA256

    ea0859583bb60fb8b26b6d9f056b00b509aedac38296708a9173639ba3ce8045

    SHA512

    edc8897871e80a2c2c066350286da42409aaf38689b4c64f1b78af40b6c43489126fac56595cf63a5b8688cf0b1972fb93144cc67dec6d03856fbe6a337e47c9

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\E817FBF\vccorlib140.dll
    Filesize

    259KB

    MD5

    cdf8cb16898df89512373e09810887f3

    SHA1

    9369a3cd29814c6a4bab6c76b228f207e9881140

    SHA256

    459bc2b73e7dd3e614092599d645273aafa8c9d130305a9bcc81d55199198fba

    SHA512

    f1ef0fdf8bedba8efc1731e9469e6bb453c746fb62ed9eb4e5b5f643c0f4bf9aeabfed84b579d62a2696584c55ed22987f73b55f02977b8d378f24f2d7cdd839

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Dart Communications\Power iCalconfigurator 15.3.6.2\install\decoder.dll
    Filesize

    202KB

    MD5

    454418ebd68a4e905dc2b9b2e5e1b28c

    SHA1

    a54cb6a80d9b95451e2224b6d95de809c12c9957

    SHA256

    73d5f96a6a30bbd42752bffc7f20db61c8422579bf8a53741488be34b73e1409

    SHA512

    171f85d6f6c44acc90d80ba4e6220d747e1f4ff4c49a6e8121738e8260f4fceb01ff2c97172f8a3b20e40e6f6ed29a0397d0c6e5870a9ebff7b7fb6faf20c647

    Download Submit

  • C:\Users\Admin\AppData\Roaming\dll\logs.dat
    Filesize

    148B

    MD5

    aa47e90488ffd220cf32332bac7e3e3e

    SHA1

    9f2c4191ed302b5c53a803232945f8e924c6f177

    SHA256

    2eb5b5b1b0d30e7a322ace8bb051cf3d6577de443ee32833207447a1c335a9fc

    SHA512

    69dd38b6dd24a94ffb0c15332ac2f8ada56425496f2ea63c48323b5d12208f400f61abf6fa3af7c7a2b669d5eef1ca8ea9fe2f16024e813b2c510a859a6b84ba

    Download Submit

  • C:\Windows\Installer\MSI9FEE.tmp
    Filesize

    573KB

    MD5

    2a6c81882b2db41f634b48416c8c8450

    SHA1

    f36f3a30a43d4b6ee4be4ea3760587056428cac6

    SHA256

    245d57afb74796e0a0b0a68d6a81be407c7617ec6789840a50f080542dace805

    SHA512

    e9ef1154e856d45c5c37f08cf466a4b10dee6cf71da47dd740f2247a7eb8216524d5b37ff06bb2372c31f6b15c38101c19a1cf7185af12a17083207208c6ccbd

    Download Submit

  • memory/1348-625-0x0000000000580000-0x00000000005BE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1348-649-0x0000000008EB0000-0x0000000008F25000-memory.dmp

    Filesize

    468KB

    Download

  • memory/1348-628-0x0000000005DB0000-0x0000000008EB0000-memory.dmp

    Filesize

    49.0MB

    Download

  • memory/1348-629-0x0000000008EB0000-0x0000000008F25000-memory.dmp

    Filesize

    468KB

    Download

  • memory/1348-641-0x0000000008EB0000-0x0000000008F25000-memory.dmp

    Filesize

    468KB

    Download

  • memory/1348-639-0x0000000008EB0000-0x0000000008F25000-memory.dmp

    Filesize

    468KB

    Download

  • memory/1348-637-0x0000000008EB0000-0x0000000008F25000-memory.dmp

    Filesize

    468KB

    Download

  • memory/1348-642-0x0000000008EB0000-0x0000000008F25000-memory.dmp

    Filesize

    468KB

    Download

  • memory/1348-648-0x0000000005DB0000-0x0000000008EB0000-memory.dmp

    Filesize

    49.0MB

    Download

  • memory/1348-627-0x0000000071CE0000-0x0000000072490000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1348-650-0x0000000008EB0000-0x0000000008F25000-memory.dmp

    Filesize

    468KB

    Download

  • memory/1348-626-0x0000000071CE0000-0x0000000072490000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1348-655-0x0000000008EB0000-0x0000000008F25000-memory.dmp

    Filesize

    468KB

    Download

  • memory/1348-656-0x0000000008EB0000-0x0000000008F25000-memory.dmp

    Filesize

    468KB

    Download

  • memory/1348-662-0x0000000008EB0000-0x0000000008F25000-memory.dmp

    Filesize

    468KB

    Download

  • memory/1348-663-0x0000000008EB0000-0x0000000008F25000-memory.dmp

    Filesize

    468KB

    Download

  • memory/1348-669-0x0000000008EB0000-0x0000000008F25000-memory.dmp

    Filesize

    468KB

    Download