babadeda | 4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2024 22:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Size

6.3MB
MD5

f519bedcebceefef74d90b41bb91dd09
SHA1

801c2788587669b36d8a4a16f3e822ca4bc51676
SHA256

4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d
SHA512

f9c9cb90e6fef6ff75bbcdd6485d8d34ea2413e5ef289adae05d331384cf1dfdc563c9a70cf812797823b0e8e71f101af736be2eff4a4b979c1efaac9b0dbc24
SSDEEP

98304:UPdx/6o/EJ6N6ExIxrnumYqGX2LsQmzpVPIlZj3B25RlEYzc8+edv+173j6amzqa:UL6ocnTszpVPOGr/+epGqamz86

Score

10^/10

babadeda cryptbot crypter discovery loader spyware stealer

Malware Config

Extracted

Family

cryptbot

veoxjo24.top

morpib02.top

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 1 IoCs

Processes:

resource	yara_rule
behavioral2/files/0x0007000000023ca8-258.dat	family_babadeda

Babadeda family
babadeda
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
spyware stealer cryptbot
Cryptbot family
cryptbot

Executes dropped EXE 1 IoCs

Processes:

bsconsole.exe

pid	Process
2880	bsconsole.exe

Loads dropped DLL 12 IoCs

Processes:

4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exeMsiExec.exeMsiExec.exebsconsole.exe

pid	Process
4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
2512	MsiExec.exe
2512	MsiExec.exe
980	MsiExec.exe
980	MsiExec.exe
980	MsiExec.exe
980	MsiExec.exe
980	MsiExec.exe
980	MsiExec.exe
4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
2880	bsconsole.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exemsiexec.exemsiexec.exe

description	ioc	Process
File opened (read-only)	\??\W:	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\R:	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
File opened (read-only)	\??\P:	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\J:	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
File opened (read-only)	\??\M:	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
File opened (read-only)	\??\S:	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\B:	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
File opened (read-only)	\??\E:	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
File opened (read-only)	\??\H:	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
File opened (read-only)	\??\Y:	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\A:	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
File opened (read-only)	\??\N:	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
File opened (read-only)	\??\X:	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
File opened (read-only)	\??\Z:	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\O:	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\I:	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\G:	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\Q:	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
File opened (read-only)	\??\T:	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
File opened (read-only)	\??\U:	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe

Drops file in Windows directory 13 IoCs

Processes:

msiexec.exe

description	ioc	Process
File created	C:\Windows\Installer\e57bbfd.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBD16.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBD84.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBDF3.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBE72.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBEB1.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC1CF.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e57bbfd.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBE42.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{CD23C16F-6841-4E3A-A1E5-0CD7B95502B3}	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exeMsiExec.exemsiexec.exeMsiExec.exebsconsole.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msiexec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bsconsole.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

bsconsole.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	bsconsole.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	bsconsole.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

msiexec.exe

pid	Process
3060	msiexec.exe
3060	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

msiexec.exe4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe

description	pid	Process
Token: SeSecurityPrivilege	3060	msiexec.exe
Token: SeCreateTokenPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeAssignPrimaryTokenPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeLockMemoryPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeIncreaseQuotaPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeMachineAccountPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeTcbPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeSecurityPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeTakeOwnershipPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeLoadDriverPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeSystemProfilePrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeSystemtimePrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeProfSingleProcessPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeIncBasePriorityPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeCreatePagefilePrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeCreatePermanentPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeBackupPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeRestorePrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeShutdownPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeDebugPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeAuditPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeSystemEnvironmentPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeChangeNotifyPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeRemoteShutdownPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeUndockPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeSyncAgentPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeEnableDelegationPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeManageVolumePrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeImpersonatePrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeCreateGlobalPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeCreateTokenPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeAssignPrimaryTokenPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeLockMemoryPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeIncreaseQuotaPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeMachineAccountPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeTcbPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeSecurityPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeTakeOwnershipPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeLoadDriverPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeSystemProfilePrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeSystemtimePrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeProfSingleProcessPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeIncBasePriorityPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeCreatePagefilePrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeCreatePermanentPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeBackupPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeRestorePrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeShutdownPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeDebugPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeAuditPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeSystemEnvironmentPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeChangeNotifyPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeRemoteShutdownPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeUndockPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeSyncAgentPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeEnableDelegationPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeManageVolumePrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeImpersonatePrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeCreateGlobalPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeCreateTokenPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeAssignPrimaryTokenPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeLockMemoryPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeIncreaseQuotaPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
Token: SeMachineAccountPrivilege	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

msiexec.exe

pid	Process
4940	msiexec.exe
4940	msiexec.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

msiexec.exe4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe

description	pid	Process	procid_target
PID 3060 wrote to memory of 2512	3060	msiexec.exe	84
PID 3060 wrote to memory of 2512	3060	msiexec.exe	84
PID 3060 wrote to memory of 2512	3060	msiexec.exe	84
PID 4420 wrote to memory of 4940	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe	85
PID 4420 wrote to memory of 4940	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe	85
PID 4420 wrote to memory of 4940	4420	4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe	85
PID 3060 wrote to memory of 980	3060	msiexec.exe	86
PID 3060 wrote to memory of 980	3060	msiexec.exe	86
PID 3060 wrote to memory of 980	3060	msiexec.exe	86
PID 3060 wrote to memory of 2880	3060	msiexec.exe	89
PID 3060 wrote to memory of 2880	3060	msiexec.exe	89
PID 3060 wrote to memory of 2880	3060	msiexec.exe	89

C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe
"C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4420
- C:\Windows\SysWOW64\msiexec.exe
  "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\adv1.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1732246615 " AI_EUIMSI=""
  2⤵
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  PID:4940

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D5F91CEDCDB62000476D95B08B83BD7B C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2512
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 14D1AC76B6998213712E1AA0F997F684
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:980
- C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe
  "C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  PID:2880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57bc00.rbs

Filesize
21KB

MD5
51aa7c8f51879c01b966002622baebb2

SHA1
00cfbcaa75b0519c11481a5d1b831f16cb09ffae

SHA256
796887ac652780b19b0bfbb71f92b131df6cddadac31d0818e39671de24035e7

SHA512
955e9dd693cf9ce601893cdc71437d3f95728f63ae415a557ad1d139ddb2d57f8e7fe472641d664d367f2285518376ad094d8111c26199e0c11a8d1598e95be4

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB9BC.tmp

Filesize
393KB

MD5
3d24a2af1fb93f9960a17d6394484802

SHA1
ee74a6ceea0853c47e12802961a7a8869f7f0d69

SHA256
8d23754e6b8bb933d79861540b50deca42e33ac4c3a6669c99fb368913b66d88

SHA512
f6a19d00896a63debb9ee7cdd71a92c0a3089b6f4c44976b9c30d97fcbaacd74a8d56150be518314fac74dd3ebea2001dc3859b0f3e4e467a01721b29f6227ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIBA49.tmp

Filesize
866KB

MD5
0be6e02d01013e6140e38571a4da2545

SHA1
9149608d60ca5941010e33e01d4fdc7b6c791bea

SHA256
3c5db91ef77b947a0924675fc1ec647d6512287aa891040b6ade3663aa1fd3a3

SHA512
f419a5a95f7440623edb6400f9adbfb9ba987a65f3b47996a8bb374d89ff53e8638357285485142f76758bffcb9520771e38e193d89c82c3a9733ed98ae24fcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\dslCBOstad\YStgtnFbfwcqC.zip

Filesize
46KB

MD5
7b285f58cddd26458f173f1dbdca4eb2

SHA1
f1c45d08dd73bd566e094457765a838b0b7a00ba

SHA256
ac37fde0b8b9d6694134ba72eb3a824e49c1599a146df341c994a404493bc378

SHA512
19672f6cafdfe007ca070f0f3b19962e178680157d2e4fe6a02c11e6842bdac841277af0bba102e2499ad72552caf18d4a163be72c766dac1a5a1bfad1c355f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\dslCBOstad\_Files\_Information.txt

Filesize
564B

MD5
cce09e90a634fe19c2710c13f1da065d

SHA1
f0ef5b1ea557ce8d311f426c3e74b532b38fcde9

SHA256
6670c43bac9d54c43ace4c91b5e85f8fc086adcf656d96df0db5f1aa5bda94dc

SHA512
d8af52dcd45303787085e3d9c9a09018fb9fb01fd126391102b56866a752f485af0a171ad147d02793ef47c43ed6966bfb064d634ffba08e9613f382572cacb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\dslCBOstad\_Files\_Information.txt

Filesize
1KB

MD5
1a454dfc9de5289e1e2a9d31326f1e45

SHA1
d3df2f72a3b7c180803a089441dedc5cb3b9cd28

SHA256
2e46b8bfcd237af980381bb567daef5c2e0ad56fe00b3aa9bd65a66731e7e0e4

SHA512
6dbea292d8b257eef25ccc7d6acca760f343d8cad3827753843e20dd366141791ade6136282485bf0b5d0e6ec2a0d2b17ffe6ba835e2e5c2ab921eb9af32d231

Download Submit
C:\Users\Admin\AppData\Local\Temp\dslCBOstad\_Files\_Information.txt

Filesize
7KB

MD5
7f4357de7ff412e692e11d6f6d49847b

SHA1
2a4c7413e4c5b248c4ebc2ae4ef336e7707511f8

SHA256
c5405a9bbb2f8d44e030aaa1c2e7fd1cfac8f2c8dbda3d8eb45f579745510a23

SHA512
380eb2a5afb8128ec242cfb2e338fcf0638db494c4e70e0715980fa2ed7c6196edc0129b305cdc32752ba6f47246eb19664359dbde675d835084393fa59be2fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\dslCBOstad\_Files\_Screen_Desktop.jpeg

Filesize
51KB

MD5
9055ea393abab79333ecae06b12657ed

SHA1
b759f675e6e5dc7c9d1e5a007fd3880832e39f43

SHA256
8ee78882c77b6f263904f937820d54c4bfe8eb71430bea6cda0c8777c8ea923a

SHA512
b9d01955abf22723c03776c2de85e637292a9cf1c73f8fb79f54e47057b2d9a51786addf8fa66012b90846bf711eb68640f02f674e263f4cff14247e52ca6bb3

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\3DBITMAP.LGO

Filesize
3KB

MD5
c7eb72cbf51334c39e297403a6e00e5c

SHA1
eb8e6b0b81888da182730c055ad228907c0e49b1

SHA256
f29fc7faf7d4bb8797367c5ab027c797c2af33edcf081efa9daa7a7e7bd9ee0f

SHA512
f6e79a3e723baeba11b21694d5177d8211510ac69e770f9f05553094c681e91613c2e6687da1b253a72d9e242c9975c25d62b3493fc070a1fdecd41cf3bd02f2

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\3DSIMPLE.LGO

Filesize
1KB

MD5
77eae74dd7bd2ca9982bd2f12adff615

SHA1
9c82d2fadc1ead2cd0848a261b1430b49f806e79

SHA256
4018202e5192fdf1e92a2d4784b884af3c9f27409cabe16a8f1b8803df599ccf

SHA512
0d2c268994584fa15c88e54f7c673349ee259f006a40b69098b673d28ecaca6042840b98198015b80cfd61b106b2585ff05f47e6c470b4e8a2aa6cd967a6ffe2

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\3DSTEPS.LGO

Filesize
8KB

MD5
8bb174bb497395b6d679af159b75e9b1

SHA1
6e286d495c5720c6c236f2d521e4baa7affd09ed

SHA256
520cb66f51f5822ab2c164fd23badf8879f3c22f63706a9875b4f3d87db0919c

SHA512
6ab2ec5c91442c6ba0412d6d66b65f274fee303a053f883ca934bb8791c18871c239347967c1ccaaf56724aa1115a39257deebfacf70abc7ce7d8c6ac715122c

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\CHECKER.LGO

Filesize
1KB

MD5
829044c299c931e3773faa5340869b2d

SHA1
4a88dbf1901bba3b5d8b4cf2bb7c66998add9a58

SHA256
2cf7197f40b2cdb9b381975690f664a305696a1e84b56202364321b009e5eb54

SHA512
65bc42f88c69b1539ffac2d34a45efa98b8b684c3a35643f779a1176d3a0095ff15ce51d816b314b35c6ad73c3e59a47b9601947f0db96f772a1f7a405fa0c37

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\ICOSAHED.LGO

Filesize
4KB

MD5
1a52a14106fd3e659d3f960f7cf45ab5

SHA1
72e840e28848c0e0ea0c60eae20bfd775043c8e3

SHA256
9caf0a5e3ea51b7125a67fc6a8acfc21aecce0bb35746bb57c0abca8e9c801fa

SHA512
e2d81e0d9f9f9199296a097e859859227e31063110568221deae5a6651378a45920915a57b6c84c64e1ea497fa59621d0491133d05525b46796735f50bfc6a0a

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\SHUTTLE.LGO

Filesize
2KB

MD5
ba4b027fb49d27471ee578dc93d5296b

SHA1
d9fdd8bed9931dcdb2d3f3056cbd5286d903c6ac

SHA256
0d4839f083cf2037256048560fb3979113f2948941d580158dde559429491ebd

SHA512
65bb4b4fe447c5c86bde7d4e85b524cee9e707c0ab10f07df189fdddb844a1fa83cc29aadd0c99028d71a17a6158ae6b3104ae1cd4a01cad60ae0daf84efff0c

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\fmslogo.bmp

Filesize
66KB

MD5
074091f21cae34e830cac8ef5422b840

SHA1
2cf882243c45a7bb657cc74543850c07227ffa3d

SHA256
f8656e1e1ab41af29efa9550769e354e7e0f4476b802e32090e706880ec86603

SHA512
62ea398ffa3be0ad6c128bb51bb6d28d9dd2366420beb88a357d27f3a3d3951e69b822e23c6f4389d994408e647c4ee294a37f71615a4945b7d25ff851adcd81

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\CAR.BMP

Filesize
1KB

MD5
5fc366b3371bde5c769a8c5b9d0ff966

SHA1
124f3a48111e1adba8cbee101655d6bf438c9129

SHA256
4b0231a2577be467d7d37612b75e38d6e944b7ba757f7fe1c36b697e0fc5ee46

SHA512
e78445e2e70e7ffe3100ff91f5c388817b3cec3964e58ea3e5f415e221c88faf421712d363edcb954ec32d929f6c9e7e3da9e8fed0877e2516312afc5fa585b3

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\CARMASK.BMP

Filesize
1KB

MD5
afe2ac27f1ae91549f64971d1ba81e1c

SHA1
a717af1a26506bf440d8ade244e12b9283b2b7bc

SHA256
c889fe2430b247aa02e7a101360002b88151cfef4df3a99116c22ee80040db0d

SHA512
15f45e1a6743fd2d6b2ae06840466e20efa3018e659f3af65bec14ae372f42adc9ac81e5745c38ad7ae40d6c033d087d82699975afc482d89e441b772ed4703a

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\CLOCK.LGO

Filesize
1KB

MD5
c4acddb7dacd73b0a509fc54e9c607bb

SHA1
9f1e79be02b00a5eea5d615094eda6ffc4a45af0

SHA256
070086e62f194b7de43c7145508c1e68b8081d7c8393a43e4c49d6e5a147143d

SHA512
e21ec056a9952a441ba571db14d681274b1384e6dd10299d193223516f6ffea9bcc31c3bc114bc9cea8e71c9ce15fc483e7d51ca0295e8d3cd02aa81838ddb17

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\HANOI.LGO

Filesize
3KB

MD5
a21687bf228a38528aa1963d2c8a78e3

SHA1
c816e2c99e20f2a79ec0ce9a8e0e9f3c05c9af13

SHA256
288699cdfee3880ca1ad2056e1cf4a2217a9d684005c5c690a6594f3d54709ae

SHA512
1802a7ab95a54fd17c11e2214da5c671618994fcba3efe2e4d366c59e8941a592f845c9f71826d266b15062554e6a32fd207ec09cea14e7bf12fa66966bff887

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\CDROM.LGO

Filesize
638B

MD5
b7e032a03eca04ab9a57cd9378c2daea

SHA1
9819866aa84e9f69ac1cf244306e4055c20376c2

SHA256
4dac6972d0437a91f0e8d122c2d5a3b3dbd7ea7cae44ba30a210b948b7bc8082

SHA512
1ce2cd639efb2ac6ad6dbff9ca895485fd67d27b0497973003957769c4a9167288816d21c61af047500caf7f16cc0822a3b7d6b6c44a76ca64fd12d95e0d1544

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\ECHO.LGO

Filesize
1021B

MD5
4ce0cb03e9b2e5707843f40f051c7e2a

SHA1
cf264b2656cb5515edd4728cbd3800aac335fa9d

SHA256
de0662b380865e9a1986d583c3279f1daa806db77d8a51061e9ceb9fa4c1dc04

SHA512
94d09dc730eba52110824cc46560172dde98bcd8cb8065637868baf9f9c11929ab7d847eaa4588f0f72c717d95d0bb9841eeca18c0ed06f1fef06bc12041e8bb

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\PAINT.LGO

Filesize
9KB

MD5
ac8a45e9af464471cb24ae03f6a013eb

SHA1
7e5d6fbc7f8a2e602400d5b5cea72340604c26f9

SHA256
f6233aa2a13cd8a69a0121b10a4980263b697dde777db0019117d2f7d0ba5405

SHA512
6b2c9097af60cc08f54c783852a272eb29956a86b6e215f8d7d245054dc309126a49c5561aaa06e1ca439d2dd8461d516660f79381cfa15116feb80f89d07c1a

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\SHAPES.LGO

Filesize
1KB

MD5
0332b5c3611edd45f37327f77790bdb3

SHA1
2d7c75029ef8b90ab5967882477a359a75c3ed7e

SHA256
5ab5a634483c48e05ffa3ae23615cdc5aeef699e374c9cbd0e6a002b4fab80e1

SHA512
0ec71ac30c03dff87baf70808add8b15cb13de990f352eb50140ca78bca5b85dfc0b292cc527ce6f6f38595af7552c747dc5354a09aa1881058418e9c3cfb1fd

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\SOUNDS.LGO

Filesize
1KB

MD5
f7057962212a95c144bcc6e60aef04dc

SHA1
abce5ff6866f17549efa4c236e337e8ab79a1087

SHA256
8199e3101e53dcba42657fc9a83aeed957e1df4dde0a9aa6cca7addb9a02883f

SHA512
b2e5521debecd8589d6dcd1a112d0f39c04d2d121bd2bdb821c7573aa6e91f7523361aecab58404edc90144c2563f84b2ba3fc3111c2aaf52b0d420a9e0e822e

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\VIDEO.LGO

Filesize
858B

MD5
41e2e2486bed7aa9f30ba50886dc7091

SHA1
b30e92ef28ad24604eb52f8c3dcfb86e6a155285

SHA256
1d8bb0715855870c869995e6f118cc8cbca85e777491a8dc343707e1b85d1714

SHA512
ac1ce071612fe55a41c57ca0b26ecfd5db2f694be7c0ab0cf87a75b9696003717907c3c73cc66c1d60808182823f5c59cade7595b9f04d7f93c98ee407a84a0b

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Network\NETLOCAL.LGO

Filesize
559B

MD5
886a6ec4c437b9d71c061c0b95f4fd40

SHA1
9e601bb54017a9a24df60b6c5709b86321fbdd60

SHA256
04ebc67ede85c171148c4a41c19ddfaf64a8342c6d10aaf97a3b7dc8da08ae76

SHA512
b2ee5ac1a59e3003469435b1138e7d2b64f0cee50eb7c7f1e47daec9d6d222b5c38f8ee0e482865d2845ef3bddeb0b0c525121f5a7bd1386360363529190f023

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Pascal\CARDS.PAS

Filesize
1KB

MD5
b5e99669b838116e212ff4cdc97550ad

SHA1
2642129e6ca9263e465908ad3f2164442a5ec3b4

SHA256
9df2836c574e5597fde9decf6e626f3dfab36cb8e286a67ccc269a085f2263df

SHA512
465f0a13ec509c018894e2b0ce02bfe04c7458d4a4b398da8899a96fd02a61a5703764eafa4148d06b99263bdc8fa190d5fbf30b333be2954d5ac821f26ad281

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\UCBLogo\ALGS.LGO

Filesize
7KB

MD5
6adc19d9f3ffdefd4853fcc2cb7a7b7d

SHA1
0f245efb8ba7286b63caccd559b602beda8957ae

SHA256
4299e80f6ad590041c422c0927200b3effd2bb0a1bd186b25c5277e93c5d1ca6

SHA512
fa941a5a93f34dacd4f624918041ccd9ee43f94ef51f4dc9d25b4165af33594e1fcd6dcd85426c207a8c97bf9916c5ff9976bf1f0988790c268cdb5ec221c7e4

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\UCBLogo\DOCSETUP.LGO

Filesize
22KB

MD5
af2338b665a5417db65558498a59040f

SHA1
63549951dab5a788a2878eeb7842f09101bbb264

SHA256
5fb8b83555b911685ad6893d5d292065b46964a9b4a9a662406b0c93f72e370d

SHA512
a3478490d40492d99a8895a06716140d40333cc2fdebd70c345d577fb26931d2c9bf4f1194062c660fd764573526d5aa6c69d6e2843edf9a93b49082a30a6bcb

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Windows\CALC.LGO

Filesize
2KB

MD5
038f7f7c01d85f43fb2db6e7fdd2f0aa

SHA1
96c34836eb5885f55808c52d4faf5c255d7d97a7

SHA256
4d5927b1336479d0c0fb6974e74574fc55fab91292d19ffe1ecc4fac490daf6d

SHA512
9b92d33e545f7a8d3e89b82483c8dd10c833e62bfd4c0986ce1542dd6376a3a1fa258863631d2921b80cbb955a596ced85c20fc838449961937a6638c9cffcac

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\index.html

Filesize
8KB

MD5
6e86736d64a4522b490c716cde97a8bc

SHA1
e48de1ddecfc842bbb8924c1023029ec21f838f6

SHA256
26d4e150e3fcb0b881d9cadf4adfc1aa369ca96e16b46c6935b7903d3916c04e

SHA512
67fe43cacf04a4844c4b11580ca549f4cb7fff160f32be5cd8d8449a6c47775f91a78b6503802615a5fc7e450358bfc53d486a07d302099fc73f8d67fa2b9804

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\LICENSE.TXT

Filesize
17KB

MD5
cab5d95bb20bd0f36241edd276851797

SHA1
31848479ee67d58a013f018bc165ce1674166c3f

SHA256
4cba25dfea9f5cf0454c4cfee27091740f8e556196330c010d1fbe35235dc59e

SHA512
c73db59553c69cf1d0cc1e945b2dfe38c59781c1d638bd8e044493732f255cb5f5b992a9db06086853608d81d7572f716922aa6a9042cf99ab1fc38c579ba478

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Qt5TextToSpeech.dll

Filesize
114KB

MD5
99f5b275115a749309c0febb2c553a2a

SHA1
c3383e554c5c8d66ab1656603ff4f6d23568a520

SHA256
f4f008cec54534178cfd7164871adf4962c269e2b44d22491c580d2d589358ae

SHA512
f80ad1e94ae58ac5404e8a548200ec01e4941dd2460fa470fb6508c2d9a036d7d12f4547731999bd7dfa7ecd8b4bdf8a6ee4ad3d32ff07e39f6fb99ce1cb1f69

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\README.TXT

Filesize
3KB

MD5
2f271a2d2d92de5579f58b32f59993b2

SHA1
7582831fc25e3ce9c327706fd6d27f8a19e7abb0

SHA256
c3ffeaf3b4ee2c949c398e65dfeed95f8ef56da140b9a132c6d12d93d83dde2d

SHA512
7a0535c46553e39b507a994186b48c4d110296488306d6756fd42489dee5d317c238f725e44f167bb3f993d04fef996bad9956b40e86f42cd02b6de53b229681

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\adv1.msi

Filesize
2.1MB

MD5
68f6c681ccc9cefd9642fef8b5cd75b2

SHA1
d2002a07e362813e3866378f78b880cf168002da

SHA256
4ac28d03135f3f09894c9f5b32931df8d490159f9b4d9d9e68ff249d4f9be739

SHA512
39985b0c3d3350d576936b7d4f77d653ee93de68643e9dd27d40bef8d8a5aa545e8b9d7b839659206bcf0940436a3baa540a05a1281bc95dc56acf71193cbed5

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\bsconsole.exe

Filesize
3.6MB

MD5
862bdeb6127c708986b3f35fbb3c0358

SHA1
9da8fb4ede3495782db44a3b66bf82caeaa95a2d

SHA256
dc0bea0732c39b709ae477630b359321bc46b6b039b9d47b79711c85230aea4d

SHA512
ff01cb7ac8e34766b05dc231a5b1d5c2ef05cdb91466638b443abd61be2a582e9c8319fad38f26a74e9baf773710eef3a9bdc81ff2afe2580e6ef5cb5b716950

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\icuin30.dll

Filesize
196KB

MD5
3204dadc26ec04db0fadfc9adf914513

SHA1
fc4bf25277ce523b235b09eead166b05081cc943

SHA256
195a654a1bcd29d42543c870b72861fe07558c347426931b0e9e18defb445406

SHA512
7c271459281bb6fe596431ce1f4e48d95e6d58dac286f475700bbe5e48feed53cb0bab387e66b827334f8672ac502dc77655e9020f2db174d6a62e1bfc738d96

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\libEGL.dll

Filesize
67KB

MD5
2874582e39562af961a6d1c59447459c

SHA1
3cf7d154637aac69913b1f549938a21c7c4b16ba

SHA256
b1070d55627c2899d5928eff2f2e3187537162e93e189458fadd7ccfd6a2ca3d

SHA512
eeca63a7020346bda9a399b83f4e57b6b54bbb222c4a3cf7191ab7fe0271f6473bcc58f0e60ce5f7d5cbd57298b858ffa042b62ed9a9be0806e08e4c6f5c7091

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\libgcc_s_seh-1.dll

Filesize
74KB

MD5
534b365361004828059600f05b34006d

SHA1
d8ff411b0939a021f47c845c6a90f1240bab5268

SHA256
438ae82ffd621a2413199155574cc85681f8986f05420b1485aa4be936c3bc0b

SHA512
1ccb3732a82f2fedca85c27afdd48e65dde70d5b1620e436d457624a2cb796887c5e7dc2983a0794ebbbcade3e5b9f9fc9320b390894471993c7b1e85268592d

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\libwinpthread-1.dll

Filesize
51KB

MD5
db18b7ec5f93127e6099744ea9568c1b

SHA1
e9143c76e308a816837e2f1a19dd0c5e2306ed08

SHA256
5bbef249a0d00e2d32c699d0bbe89f714ebeb872b3990a5cbeccb1d89f63e5e8

SHA512
ee1e645bed0bc3ad9e959d6342153e608ad21a7f5aef60b4cd8cc96fde7aeec4bbbb7474b59cab8ced8f28dc9f66cab32f4825333c891524901dcc40e70a1580

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logohelp.chm

Filesize
395KB

MD5
4498d1584997d8ee7626b51f23bccdd1

SHA1
707c0b366848b51a16be5b858d021d1f687a4a6e

SHA256
1d8254bc535746478c18de7613731fbc87c5754126d260c40888d38c56007f81

SHA512
4cbb7f9191a39d5de8a8dedc054db71695fd54c292eb5a33657efd4483e6276427f076e9c9d49045282829dad57f04e07364532ed8bf96c3c55747ab66bc867f

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\#

Filesize
88B

MD5
f0a82f611f562197355d1d8b19de1fcb

SHA1
6cc0f96476fa9cf1f92e8d6dbdc3932d2c65c3f3

SHA256
ec9546682cb6e9f0cd51acf4e40a21d7e37cc5bf511718bf77857d82839eda5c

SHA512
fd4a2e5319ff95712bb663095d3989a21d2291aab1a80fe6edebe3178e6ad919fe3b42005a476f50d823c2224ecfbf5e3a569d360d5f9328cca5d61a999a0ef4

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\demo

Filesize
18KB

MD5
8d9a244c414e9b9ba1bfe71666f7ead8

SHA1
66a250b57064d290b0aa73e33e4e02acdd416b4e

SHA256
a17348301387f93f0b95f6adb5c38c44ffd46e57c82bab3aee08425bcf6b2e82

SHA512
001511a731a5997e50f9a847fef2a9a4ddd095a3872fb0f1aa66daaf546182e4f733377adeec421956d5378923570da016092a8cb3703c2c4e4953cacd02089e

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\edpls

Filesize
43B

MD5
2c26ed91698c48237926c26856896a33

SHA1
8fbfbcadb2f40547feb3f9ac8c00dfba047dcc9d

SHA256
e267a396ac8c3d5d7b397e6a3a11b5a7bb380456e34bfa6affa7dd7bc8197b82

SHA512
924bc31885ed0f11fa6f4e10890d942e02b8db4336b013f6cd578cdc0520ed9fa451f05c3ab44738fd3e1798d5fef5614c97922881f346376f4062fb20a04116

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\erpls

Filesize
44B

MD5
e2f61a3e179e96b2552d68472b157f98

SHA1
1502e4db6d4607e3bf01b7c4a5a40aa939bb83d7

SHA256
bf31c8a529c1109938b70ad0b2098f47b1a225eb09d76c0a83a4fd01ae0cad3e

SHA512
e255b2a8fed46adad6d50718606a647349de28c61655b256c038e7b524ecb9ade6f17afb6602f637e6fd8477d0ffe0921e50bed0f7db0203b9cba7794ddd5e49

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\erps

Filesize
46B

MD5
3a9773d3c628a26efb158de5db1ef67e

SHA1
61e7b83995bf00c0cb8a506f31be47f31b257ef7

SHA256
f19570aa8b73e09307ca290ae4c13d644ce3d2a64c72681b673901e189bd619f

SHA512
f2bd8130f987da979fafaa956cd4b42e62312014df8f363f7f1c229143f5e357b48e0798a8b592b506359f1c723ab37aa272a40debbe882c7741d96c5c12a6e1

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\for

Filesize
879B

MD5
5a85db59e054e34f5460cbdf9b57d3dd

SHA1
d56cd71b96f08a94b71844ed4c155f205077cc04

SHA256
84a2d29f34c06aaebaf99eb1ba408079657792f6996f07bcdffafe8ceb17336a

SHA512
890c70d61a10d1aea85e5e978d0fb6c18c8ff47223caaa28d0b8de4f4f40657a13009c8f664893d974a5be8e12a7337ed2a8dafffe5985d87bfe9daf4921c9ca

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\gensym

Filesize
156B

MD5
77593a26b09d56f2a9df693179603e53

SHA1
d9fb47106caf05a1f670ebcf343bef0666b587b7

SHA256
0dc3a5b044985442823c861c934228121414bdf4d0bba640a6f4f7f16e6878ce

SHA512
c699fc79e198e4e589340f11c0e512e43c3b6666eebe799266eae98a297479a98d9b85ee68b92fb50e19c567950504e4b29266c6b9679697e573e29ebbe9c28f

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\popls

Filesize
41B

MD5
b2055b58a8ff5e036ef3c7a26294b6fe

SHA1
e7c23b4c2f5025ddd5da319a0c0d08f4cbc46709

SHA256
b17b51b97e24131d63315f1c7c07923ea698ec7609f023fa3d51f7a7aa2c0c64

SHA512
13ddb6c0d53107514b785141cd50d4baf9f928301f1b509f2e9c664948223c8f2c59157bddc107c41354f7711c26d8928e2fb23ca80719417ae3ad777261c997

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\sort

Filesize
2KB

MD5
cd20b9c3705eefa651bade693c6dac2c

SHA1
a6331b125bc04c8564f4bbdba15abc1a5f44e997

SHA256
7d7dea747b020fcedec8a09bcf698dd8e781fe9c976cfe47af340c17d301a55f

SHA512
d5d232c4f238cfbc0e7a1003edab19e72504df9e4644f20a5de8bfdacd656fa1932abb3f17155c4ab0a182ef49715fb4100dd0fd28f700c98e29256d05c7331c

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\qwebpdV2.dll

Filesize
2.7MB

MD5
9cd67695fcba8780d389442ff8ad43d2

SHA1
2cb7fee581066294516041bcaa3bd0bb9917210b

SHA256
c4a78c680a0df3be0a07fa45cdfe1cf1b632bf5b6b8772444174ad9ee41ce455

SHA512
0a8f47e5bad81bd0da064ee602a5ec162abdd537d6fa625bd6f4c52cb84224e86079ff1adb4133999b76356a9d185d4ad2ed906cf83134affca57cc71bd39aa1

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\turtle.bmp

Filesize
1KB

MD5
8e5bc954263e6706359c06686159d143

SHA1
b5cdbfb8d0f200b580116404c6b6433b4df2c9d0

SHA256
bae9f06df713100360694f784164649e9595636e7a0ada30177152db0c1a584c

SHA512
66716ad105a16796ba27c40098e8bc2639107c858f97c743194a1a2b0076a3ab444547de1c2bd3b3f3923b1d9ce78364ed37a1af49adf297a1ecb33ac37c38dc

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\ugof

Filesize
636KB

MD5
f7974c955a850c79b7d051450bbde204

SHA1
c3e444061f92cda6ea172f1d16512dc6895d3d3c

SHA256
a09a6ee7aa2cb89841d2b6e7b8c616f72eae5ca410098638d690a56cc567c78e

SHA512
a9f512d26fd27337284f74b116e728096bf9348f65ee2658c6d7ff4ee08846b6619d879275c144dfc4dfffb6e587ea981ebc0c857172e4de3f68900f82110f61

Download Submit
C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\decoder.dll

Filesize
202KB

MD5
454418ebd68a4e905dc2b9b2e5e1b28c

SHA1
a54cb6a80d9b95451e2224b6d95de809c12c9957

SHA256
73d5f96a6a30bbd42752bffc7f20db61c8422579bf8a53741488be34b73e1409

SHA512
171f85d6f6c44acc90d80ba4e6220d747e1f4ff4c49a6e8121738e8260f4fceb01ff2c97172f8a3b20e40e6f6ed29a0397d0c6e5870a9ebff7b7fb6faf20c647

Download Submit
C:\Windows\Installer\MSIBEB1.tmp

Filesize
573KB

MD5
2a6c81882b2db41f634b48416c8c8450

SHA1
f36f3a30a43d4b6ee4be4ea3760587056428cac6

SHA256
245d57afb74796e0a0b0a68d6a81be407c7617ec6789840a50f080542dace805

SHA512
e9ef1154e856d45c5c37f08cf466a4b10dee6cf71da47dd740f2247a7eb8216524d5b37ff06bb2372c31f6b15c38101c19a1cf7185af12a17083207208c6ccbd

Download Submit
memory/2880-499-0x0000000000B20000-0x0000000000EBB000-memory.dmp

Filesize
3.6MB

Download
memory/2880-623-0x0000000000B20000-0x0000000000EBB000-memory.dmp

Filesize
3.6MB

Download