babadeda | hxxps://avalaunch-app[.]com

Analysis

max time kernel
1174s
max time network
1213s
platform
windows7_x64
resource
win7-en-20211208
submitted
04-02-2022 08:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://avalaunch-app.com

Score

10^/10

babadeda remcos sys32 crypter loader persistence rat

Malware Config

Extracted

Family

remcos

Version

3.3.2 Pro

Botnet

Sys32

157.90.1.54:4783

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
true
install_flag
false
install_path
%AppData%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
Logs
keylog_path
%AppData%
mouse_option
false
mutex
Sys-PVUZ63
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title
notepad;solitaire;

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 4 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YFMJZ4T6\Avalaunch-dApp-2.1.0-installer.exe.9zdksxg.partial	family_babadeda
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YFMJZ4T6\Avalaunch-dApp-2.1.0-installer.exe	family_babadeda
C:\Users\Admin\AppData\Roaming\MiPony Installer\pg	family_babadeda
behavioral1/memory/1092-125-0x00000000050E0000-0x00000000090E0000-memory.dmp	family_babadeda

Remcos
Remcos is a closed-source remote control and surveillance software.
rat remcos
Downloads MZ/PE file
Executes dropped EXE 4 IoCs

Processes:

Avalaunch-dApp-2.1.0-installer.exeAvalaunch-dApp-2.1.0-installer.tmpmakecat.exelink.exe

pid process

1748 Avalaunch-dApp-2.1.0-installer.exe
1548 Avalaunch-dApp-2.1.0-installer.tmp
564 makecat.exe
1092 link.exe
Drops startup file 1 IoCs

Processes:

link.exe

description ioc process

File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cplinker.lnk link.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cplinker.lnk	link.exe

Loads dropped DLL 25 IoCs

Processes:

Avalaunch-dApp-2.1.0-installer.exeAvalaunch-dApp-2.1.0-installer.tmplink.exe

pid	process
1748	Avalaunch-dApp-2.1.0-installer.exe
1548	Avalaunch-dApp-2.1.0-installer.tmp
1548	Avalaunch-dApp-2.1.0-installer.tmp
1548	Avalaunch-dApp-2.1.0-installer.tmp
1092	link.exe
1092	link.exe
1092	link.exe
1092	link.exe
1092	link.exe
1092	link.exe
1092	link.exe
1092	link.exe
1092	link.exe
1092	link.exe
1092	link.exe
1092	link.exe
1092	link.exe
1092	link.exe
1092	link.exe
1092	link.exe
1092	link.exe
1092	link.exe
1092	link.exe
1092	link.exe
1092	link.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

link.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows\CurrentVersion\Run\Cross Platform Linker = "C:\\Users\\Admin\\AppData\\Roaming\\MiPony Installer\\link.exe"	link.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

Processes:

iexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = d03d7dc3a919d801	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\Main\DownloadWindowPlacement = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BD9A01F1-859C-11EC-8780-D67CB138B476} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "350731878"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a06b3bc6a919d801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f302f7a020b975438ea1f1f995ba978300000000020000000000106600000001000020000000ded8a49ed408e7c629de3a05f99acb846433ea33869a6165e466f3d8c86fb1c1000000000e8000000002000020000000bdf4942c1119c19647f78453906efcd84c27194785f1286c5ac0e6d7f7ec2def90000000daa3ece59a777c8c94232e085dcb9d1dc531b8e5d8852d3ca0e59723afa8dc104213c610ac6f3e71698191abcf7c815e2e26462e5f8109293bb3d745dbad728a68894cc35562ffd3090f6e29a191970254ddde0977036a58afe0b46bb8c58c125817e4853624a59fe090f07d869b16c10ba3732aaea187a4216809f23c0557f63dd7a63eee6b87f3994869ca8b6ed9464000000011d61bc173e38d1d25ed7ccebdee34e9732fb66e1c68feadb1a803c7726b0957b8821b2a38088b89f72fe78e1e2ac995921c6e3ebf5d858a8e446ed6d28b61a0	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f302f7a020b975438ea1f1f995ba97830000000002000000000010660000000100002000000069040157b200b10776601de23e0c587896a9fb6998f9d5ae0e74ea4e59d8f483000000000e80000000020000200000007bcbd0f89c2abf6f6c1705af42f1b702853ef9e44cb4e5307115b6387ba8af4b200000008500ea72763b49779949df2f182ddb5d19197d86e0c4996447d033a2c6a5730040000000e676051e276233dfd21081f580790c7243dfa5cd81980118ddf34de4b4ceebb742adf3b15a7d39d8c28dfa5c02a5b353fb065bff46986458734678ccf061d403	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Avalaunch-dApp-2.1.0-installer.tmp

pid process

1548 Avalaunch-dApp-2.1.0-installer.tmp
1548 Avalaunch-dApp-2.1.0-installer.tmp
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

link.exe

pid process

1092 link.exe

pid	process
1548	Avalaunch-dApp-2.1.0-installer.tmp
1548	Avalaunch-dApp-2.1.0-installer.tmp

pid	process
1092	link.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXE

description	pid	process
Token: 33	1964	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1964	AUDIODG.EXE
Token: 33	1964	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1964	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

iexplore.exeAvalaunch-dApp-2.1.0-installer.tmp

pid process

1352 iexplore.exe
1352 iexplore.exe
1548 Avalaunch-dApp-2.1.0-installer.tmp
Suspicious use of SetWindowsHookEx 9 IoCs

Processes:

iexplore.exeIEXPLORE.EXElink.exe

pid process

1352 iexplore.exe
1352 iexplore.exe
740 IEXPLORE.EXE
740 IEXPLORE.EXE
740 IEXPLORE.EXE
740 IEXPLORE.EXE
1092 link.exe
740 IEXPLORE.EXE
740 IEXPLORE.EXE

pid	process
1352	iexplore.exe
1352	iexplore.exe
1548	Avalaunch-dApp-2.1.0-installer.tmp

pid	process
1352	iexplore.exe
1352	iexplore.exe
740	IEXPLORE.EXE
740	IEXPLORE.EXE
740	IEXPLORE.EXE
740	IEXPLORE.EXE
1092	link.exe
740	IEXPLORE.EXE
740	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 32 IoCs

Processes:

iexplore.exeAvalaunch-dApp-2.1.0-installer.exeAvalaunch-dApp-2.1.0-installer.tmp

description	pid	process	target process
PID 1352 wrote to memory of 740	1352	iexplore.exe	IEXPLORE.EXE
PID 1352 wrote to memory of 740	1352	iexplore.exe	IEXPLORE.EXE
PID 1352 wrote to memory of 740	1352	iexplore.exe	IEXPLORE.EXE
PID 1352 wrote to memory of 740	1352	iexplore.exe	IEXPLORE.EXE
PID 1352 wrote to memory of 1748	1352	iexplore.exe	Avalaunch-dApp-2.1.0-installer.exe
PID 1352 wrote to memory of 1748	1352	iexplore.exe	Avalaunch-dApp-2.1.0-installer.exe
PID 1352 wrote to memory of 1748	1352	iexplore.exe	Avalaunch-dApp-2.1.0-installer.exe
PID 1352 wrote to memory of 1748	1352	iexplore.exe	Avalaunch-dApp-2.1.0-installer.exe
PID 1352 wrote to memory of 1748	1352	iexplore.exe	Avalaunch-dApp-2.1.0-installer.exe
PID 1352 wrote to memory of 1748	1352	iexplore.exe	Avalaunch-dApp-2.1.0-installer.exe
PID 1352 wrote to memory of 1748	1352	iexplore.exe	Avalaunch-dApp-2.1.0-installer.exe
PID 1748 wrote to memory of 1548	1748	Avalaunch-dApp-2.1.0-installer.exe	Avalaunch-dApp-2.1.0-installer.tmp
PID 1748 wrote to memory of 1548	1748	Avalaunch-dApp-2.1.0-installer.exe	Avalaunch-dApp-2.1.0-installer.tmp
PID 1748 wrote to memory of 1548	1748	Avalaunch-dApp-2.1.0-installer.exe	Avalaunch-dApp-2.1.0-installer.tmp
PID 1748 wrote to memory of 1548	1748	Avalaunch-dApp-2.1.0-installer.exe	Avalaunch-dApp-2.1.0-installer.tmp
PID 1748 wrote to memory of 1548	1748	Avalaunch-dApp-2.1.0-installer.exe	Avalaunch-dApp-2.1.0-installer.tmp
PID 1748 wrote to memory of 1548	1748	Avalaunch-dApp-2.1.0-installer.exe	Avalaunch-dApp-2.1.0-installer.tmp
PID 1748 wrote to memory of 1548	1748	Avalaunch-dApp-2.1.0-installer.exe	Avalaunch-dApp-2.1.0-installer.tmp
PID 1548 wrote to memory of 564	1548	Avalaunch-dApp-2.1.0-installer.tmp	makecat.exe
PID 1548 wrote to memory of 564	1548	Avalaunch-dApp-2.1.0-installer.tmp	makecat.exe
PID 1548 wrote to memory of 564	1548	Avalaunch-dApp-2.1.0-installer.tmp	makecat.exe
PID 1548 wrote to memory of 564	1548	Avalaunch-dApp-2.1.0-installer.tmp	makecat.exe
PID 1548 wrote to memory of 564	1548	Avalaunch-dApp-2.1.0-installer.tmp	makecat.exe
PID 1548 wrote to memory of 564	1548	Avalaunch-dApp-2.1.0-installer.tmp	makecat.exe
PID 1548 wrote to memory of 564	1548	Avalaunch-dApp-2.1.0-installer.tmp	makecat.exe
PID 1548 wrote to memory of 1092	1548	Avalaunch-dApp-2.1.0-installer.tmp	link.exe
PID 1548 wrote to memory of 1092	1548	Avalaunch-dApp-2.1.0-installer.tmp	link.exe
PID 1548 wrote to memory of 1092	1548	Avalaunch-dApp-2.1.0-installer.tmp	link.exe
PID 1548 wrote to memory of 1092	1548	Avalaunch-dApp-2.1.0-installer.tmp	link.exe
PID 1548 wrote to memory of 1092	1548	Avalaunch-dApp-2.1.0-installer.tmp	link.exe
PID 1548 wrote to memory of 1092	1548	Avalaunch-dApp-2.1.0-installer.tmp	link.exe
PID 1548 wrote to memory of 1092	1548	Avalaunch-dApp-2.1.0-installer.tmp	link.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://avalaunch-app.com
1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1352

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1352 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:740

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YFMJZ4T6\Avalaunch-dApp-2.1.0-installer.exe
"C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YFMJZ4T6\Avalaunch-dApp-2.1.0-installer.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1748

C:\Users\Admin\AppData\Local\Temp\is-0AKPF.tmp\Avalaunch-dApp-2.1.0-installer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-0AKPF.tmp\Avalaunch-dApp-2.1.0-installer.tmp" /SL5="$301E2,123570416,887296,C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YFMJZ4T6\Avalaunch-dApp-2.1.0-installer.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1548

C:\Users\Admin\AppData\Roaming\MiPony Installer\makecat.exe
"C:\Users\Admin\AppData\Roaming\MiPony Installer\makecat.exe"
4⤵
- Executes dropped EXE
PID:564

C:\Users\Admin\AppData\Roaming\MiPony Installer\link.exe
"C:\Users\Admin\AppData\Roaming\MiPony Installer\link.exe"
4⤵
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1092

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1964

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
MD5
23a7f87d843a3732de59667f264f2050

SHA1
4bd6b2cd0bd29529318d62b10a18e5220cd99db1

SHA256
350ba48e56a8303e1314548e388d7aff3ccfe3828a48a69cf7f34d4f0ee41093

SHA512
0aad4913ccea3109bb006c1f72e59007c009e6686bae80b442cc7b3529fc8f00e5cefd689454d7ecddc9214577abd252d12460799fd383af1deb29f4a5d7fae4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
MD5
552af401d20a828b736eb625b6532db3

SHA1
684c32d42aacc116880ab4bcbc7d09aee77248d3

SHA256
3948747e3bd1ca2c1d65d70d768039120b534f774c475b298d2279410f1b0ef4

SHA512
6a125f61ed9830e0bbdd8ce38e8eebf0aa6cfe721f408f673581ba32fe5a398557e9548b37ab18ad4de1863a15b9f0153dc1433d7550dfa170ef45879fec8e00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
MD5
b2cc2f89bca3c8bcf06b77ec5ead700f

SHA1
49c890fb000f49dfea05dec35fbea5e9db33312c

SHA256
1f713187757f8edfcd76e3080cd7600cd360c279e4a9fdac8cff1e6a1676fd90

SHA512
119e7c72bfba415902571f44c85e028b7389068ad4fc9f5f38f5a39796707accacc740ef6474a828c6b10d82863a1dbbd481e0307814f68faeb8d28d0db000fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\7w612sw\imagestore.dat
MD5
b4f467edce75d848a45bc30dcd95f721

SHA1
824c7ff9d4f59bd7c34f4280d3b9c26d9fa141fc

SHA256
d96b1a894b4f9925ee96be5a76bebcd3c3e845449e99ec41e927b5400fdb212e

SHA512
9517c92d4fcedc3834418f36d376cdd69516abca44711a6bc64e0b0129492d9636ed625688087937f727ebdd06208bcf147f935e6ad014c0d306bd212ed3e69b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YFMJZ4T6\Avalaunch-dApp-2.1.0-installer.exe
MD5
448166ffa55d2d5fbf0cfaefb21826f6

SHA1
e946af3ab6614f0b20515a3fa8b5a73210e8932d

SHA256
a69ac6cbe1ce50215d3f6df173f38bb3f9de174d32c87afbb7146662214b570b

SHA512
d9147720d3e691091c8a376776429eee992ab7a1b656109b091892483200b71606242dff085ca705807f081703ac7d182150f631a657c6a2d568b67b9bb32d55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YFMJZ4T6\Avalaunch-dApp-2.1.0-installer.exe.9zdksxg.partial
MD5
448166ffa55d2d5fbf0cfaefb21826f6

SHA1
e946af3ab6614f0b20515a3fa8b5a73210e8932d

SHA256
a69ac6cbe1ce50215d3f6df173f38bb3f9de174d32c87afbb7146662214b570b

SHA512
d9147720d3e691091c8a376776429eee992ab7a1b656109b091892483200b71606242dff085ca705807f081703ac7d182150f631a657c6a2d568b67b9bb32d55

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0AKPF.tmp\Avalaunch-dApp-2.1.0-installer.tmp
MD5
186f049568c683c2597f94ac445d054f

SHA1
b66903ea56214a05ede4f5228813028ba208041a

SHA256
55d0d8353358de375f54cdc67dc1226d809f34771f4b728e2a52a9c22744312c

SHA512
0b9d47c34fddbd7e2d021760ba562971948892a419151e56a5d081f0488b552577e824ce15a625247260da743937d38ccce1df3cc73489c35ecb8c5c0b97297a

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\MSVCP140.dll
MD5
1d8c79f293ca86e8857149fb4efe4452

SHA1
7474e7a5cb9c79c4b99fdf9fb50ef3011bef7e8f

SHA256
c09b126e7d4c1e6efb3ffcda2358252ce37383572c78e56ca97497a7f7c793e4

SHA512
83c4d842d4b07ba5cec559b6cd1c22ab8201941a667e7b173c405d2fc8862f7e5d9703e14bd7a1babd75165c30e1a2c95f9d1648f318340ea5e2b145d54919b1

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\VCRUNTIME140.dll
MD5
b77eeaeaf5f8493189b89852f3a7a712

SHA1
c40cf51c2eadb070a570b969b0525dc3fb684339

SHA256
b7c13f8519340257ba6ae3129afce961f137e394dde3e4e41971b9f912355f5e

SHA512
a09a1b60c9605969a30f99d3f6215d4bf923759b4057ba0a5375559234f17d47555a84268e340ffc9ad07e03d11f40dd1f3fb5da108d11eb7f7933b7d87f2de3

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-conio-l1-1-0.dll
MD5
4296cf3a7180e10aaf6147f4aecd24e4

SHA1
f81e09af979a1146774d554783d1a22a03a61393

SHA256
147f86ff93d61fea256b3de9149e1b36b68a83762e62a3389466218e18359ffc

SHA512
60357edde6572c5e796f927c3e72c31a96ff700624b7366fdda64bcf51ee00bf1e9ab477a46d8d3ba7391ba10491e69f745efec3607f8f49b6e1a3a3de7a0648

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-convert-l1-1-0.dll
MD5
5c6fd1c6a5e69313a853a224e18a7fac

SHA1
10bae352f09b214edef2dc6adcb364c45fafdbec

SHA256
3aa0eb4c47ac94b911f1a440324d26eee8ddf99557a718f0905bfee3cf56255f

SHA512
08c2b1150f6bf505d10085a515bbfab6c1e18663c6ef75ec988727e3d30210532d03bfbfbb048b1a843d4faa5d1060f9079e018a9e892bce03f899a5a85f6034

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-environment-l1-1-0.dll
MD5
6a3d5701446f6635faff87014a836eee

SHA1
7bbc9db1c9ce70e9fc7b7348a2c96681e5d8265b

SHA256
16ba05a1fa928501ffaee2e9dce449d28e8fe538df5ec6d8d1080b610b15d466

SHA512
839a1277b6dbb9f2d6e572e1b50b0ad08c93256a1367f36997db07285aa7b251346499a643a985a22d9a7618635c11964e414073aa7e1bf60d36368829de8fb3

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-filesystem-l1-1-0.dll
MD5
4ec243792d382305db59dc78b72d0a1e

SHA1
63b7285646c72ee640d34cdc200bfc5863db3563

SHA256
56e0bdf91edb21f5f5041f052723025c059a11360bb745f965a9903de9c61756

SHA512
88f648d45927db65ff8cead4bb1959b1297410bf3f5b3b2783a173d708649260a61470342694de8b93e9c1657de64db43db40ee71acc661b03786c0921d68d4b

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-heap-l1-1-0.dll
MD5
a51cfb8cf618571215eeba7095733b25

SHA1
db4215890757c7c105a8001b41ae19ce1a5d3558

SHA256
6501894e68a3871962731282a2e70614023ec3f63f600f933ec1785400716ce1

SHA512
9ae11ab21486dea1aba607a4262f62678c5b0e9f62b6a63c76cfdc7698d872d8696ffb1aaae7aa2e2cf02c1c7eaa53d0ce503432960f4be6886fae0de2659535

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-locale-l1-1-0.dll
MD5
8d097aa5bec8bdb5df8f39e0db30397c

SHA1
56f6da8703f8cdd4a8e4a170d1a6c0d3f2035158

SHA256
42c235914844ce5d1bb64002fca34a776ae25ee658fc2b7b9da3291e5def7d4d

SHA512
a891536e2a362fc73472fa7f5266ce29e8036959701bc0862f2b7ea5865dcd1505615edc8e064fb2f7aaa1b129e48422efe7b933b01faed9c2afadd8a64452dc

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-math-l1-1-0.dll
MD5
ab87bdae2f62e32a533f89cd362d081c

SHA1
40311859dd042a7e392877364568aad892792ba9

SHA256
0439703e47c8fce1f367f9e36248a738db6abcd9f2dd199cb190d5e59ed46978

SHA512
dbe0073da8979f3d32204680015b60435226840e732b5df964dbeeb7920c0bc5df92d866964f905518c97cc3539f628664503ffa64e50a2ef90c459b62555444

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-multibyte-l1-1-0.dll
MD5
169e20a74258b182d2cdc76f1ae77fc5

SHA1
fce3f718e6de505ac910cb7333a03a2c6544f654

SHA256
224f526871c961615de17b5d7f7bbef2f3a799055cab2c8e3447b43c10c25372

SHA512
0881c8704421a5f6e51abd22c55608dd7fb678491682ce86066e068b1973ebf11d6c2163be610a49f87e800c8563ebb41abfe36e1913d7d0b8485fd29ed81bf7

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-runtime-l1-1-0.dll
MD5
49363f3cf4671baa6be1abd03033542f

SHA1
e58902a82df86adf16f44ebdc558b92ad214a979

SHA256
505d2bde0d4d7cd3900a9c795cb84ab9c05208d6e5132749ab7c554ccd3c0fcc

SHA512
98e78a607cfbb777237dc812f468ec7a1abcba9472e20a5780dfc526f7992da1841fcd9e2f76f20fa161240007f185c7fbdc120fb4c3c1f2b90fdad5913d65dd

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-stdio-l1-1-0.dll
MD5
be16965acc8b0ce3a8a7c42d09329577

SHA1
6ac0f1e759781c7e5342b20f2a200a6aab66535e

SHA256
fcd55331cc1f0ff4fb44c9590a9fb8f891b161147a6947ce48b88bf708786c21

SHA512
7ba55fa204d43c15aca02031f584b3396bb175365dad88e4047b8a991f1f1ddd88d769e4d8cb93ee0ed45e060a1156e953df794f9cb8bb687c84c4a088da2edf

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-string-l1-1-0.dll
MD5
3eae6d370f2623b37ec39c521d1f1461

SHA1
86d43e2e69b2066333e4afa28a27c7a74ff89991

SHA256
ce74bdc6999d084a1b44b2ecea42dd28849b2825d7779effdc4c18360308b79b

SHA512
30b2b6cf5cd1bbdf68de048e6d992133fe7ab0c847fa0d5eb8c681a9688d60794621a40178451a104036a0fff2e1bd66a18d9f96be6b28dbdc0bc1c8a535fc85

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-time-l1-1-0.dll
MD5
a440776e10098f3a8ef1c5eaca72958e

SHA1
7b8662714f6e44fb29a4224a038e4127964003e9

SHA256
40d8bc312ac7bca072703e5f0852228cde418f89ba9ad69551aa7a80a2b30316

SHA512
b043cd020d184a239510b2607c94210dc5fdc5d2a2b9285836bdce8934cc86a1cc3f47a2f520b15db84f755ac2e7c67e0247099648d292bbd5fb76f683d928df

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-utility-l1-1-0.dll
MD5
a0a883e26be6800508162e2a898148d9

SHA1
4f79892e7766cb7831211864978575598c86a11b

SHA256
9753ae83536767c73e340c36c5f1610bc76a3e67e033b07503ec31431cba7b90

SHA512
70904f2fd074073aebcf665178b34cf7f0f42ced7223ca296f7f202f6fa0175ace2832d9802f5bff4d67891ca09ae14fac47420d69107e72aa44b541a190f6c3

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\cmswrite.dll
MD5
3aa620a3832249894026a7bcef141947

SHA1
465efee181f8d8288c4a34b0a80e7070f3aa48f7

SHA256
568e680c3ecaa84a76e111054a138d867813b9f65bbdc967c98304d6a0b4cf69

SHA512
a788cdb4cdafbd7b96f5b9e88b72cb57fd18d8ab70e0e166fcdcdd553e1de559a6017535274e09e30d6183c7c9baae58d711820f927a8ed3c3811c6f994809a7

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\libwmf2.dll
MD5
830c6fdda9cd0cee12dba51f793eecf8

SHA1
1923f3fb75e5d81a40e0aa3ffe613138fe9402c6

SHA256
695ac459ba83bb3dfeb45294b2d7669b7b032a10c20be8acee337017a62f2099

SHA512
34d2ec03224cca7dc9f77c0ff1d5a9f535944c3f83ac0a8562f467b3099db83ebf678f80c77c5d888a96a1efee65ff8a69ca49e649d2013d7e318662c9fbedd4

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\link.exe
MD5
e1e23f21b223a052c39e8c67acd38105

SHA1
7f0e0baf554412a45fb10b04b0b159394f0cf3ab

SHA256
f1261751289ad124a521bad5bcab76826f70b9d4686a48b9f5b3523415004cf1

SHA512
d6191bdaecefe06589676c2fe54bbb2ed68e79b62f931fd3d2257e2fe1089c89508e6c09c88257f039c581200dc1b709bfff85e9de767ab5f7555765e2ca6958

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\link.exe
MD5
e1e23f21b223a052c39e8c67acd38105

SHA1
7f0e0baf554412a45fb10b04b0b159394f0cf3ab

SHA256
f1261751289ad124a521bad5bcab76826f70b9d4686a48b9f5b3523415004cf1

SHA512
d6191bdaecefe06589676c2fe54bbb2ed68e79b62f931fd3d2257e2fe1089c89508e6c09c88257f039c581200dc1b709bfff85e9de767ab5f7555765e2ca6958

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\makecat.exe
MD5
8fa639e29c7d1e7a1bd0d493354df226

SHA1
3ad3203b18dec68815f084f28bb956f0e1f8b9fe

SHA256
9177d32598d86cbe839d9a64e7654a76c2f33a91fb01186ecaed1f9e98292438

SHA512
4d0bb6ccbc53bd4c9fca04bac51814a6064df2d954bf260ec24eadad61226fbea4ab569b0c2f9ba3c046284e12051a653be534aa6556d6849bff172e2c73f626

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\pg
MD5
d759799c9fab5a28a2c8b5eda93c5546

SHA1
aeefd53b64901005cd5fb6d3be7c8192fa505772

SHA256
8e6ae6f2c0c1dbe9b9fa315206b824ba9d72c337fec6d22763beb5d15c68c7d1

SHA512
8aa394ca09ba9e9893d29e44ee709042b207ba025bc8b5b102f53d74e48c806213dda8ef74ea8085ad69deec712db34b107ab448d2eb0d80fa43723ac5718c34

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\tbbmalloc.dll
MD5
b61a9ee5a6c3c7a4d8b2944bee989250

SHA1
b3268110ebe8d565847a34340987465c7394989b

SHA256
c51fc91e9b7c855b691217dea5bc72fdf0c567f76deb204a80a0f7f50a885694

SHA512
83224db6dbf8c7e1a2939126f3bdd8c110d9efde08e2243d22dcbed30d58c3730c319cc8424fd155728236cf0d4cf4d0f7c79e713df9eb840dad1a4013aac1bf

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\ucrtbase.DLL
MD5
8ed02a1a11cec72b6a6a4989bf03cfcc

SHA1
172908ff0f8d7e1c0cbf107f7075ed1dba4b36c8

SHA256
4fd02f2699c49579319079b963425991198f59cb1589b8afa8795b5d6a0e5db3

SHA512
444fe62a5c324d38bdc055d298b5784c741f3ca8faaeaed591bd6dcf94205dbf28c7d7f7d3825ccb99eff04e3ffd831e3f98d9b314820841a0c0960ae6a5e416

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\wmfobserve.dll
MD5
5eb5c4fcc56dacb39450926293183153

SHA1
eb9558f47af92c962e10f8a43b6e4e8b87c1be24

SHA256
b819b42c75a35760c8ac5cd8dbfe0814c440098ca0b891a2e2f415f0b61ce844

SHA512
840962c61768d4e62b3d5bcb4c29039d455cb41c8bfcc1651306f12d3dce42735adfeacde7d7f97c501b3276042bd645f4a81a9f1779a81d1b147149898bd5ac

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\W1L8YMXS.txt
MD5
eb720e5097d2c9c0fa10fd78d9636c95

SHA1
7f2e7ce6a483c9e2c3c71044b3d244a567f80e4f

SHA256
43111d65ab6ee32e43fa0a3f2077ba8319493f259db68f36ae16acdd5f4a8d17

SHA512
bc6000e358d643fef72a902456034c1056685a2a1b3d9f49bf26ac9d48b1c39561014d3beca99b2fc6f6c6aedac23113036f22d4638af2d6a2312d2609b00705

Download Submit
\Users\Admin\AppData\Local\Temp\is-0AKPF.tmp\Avalaunch-dApp-2.1.0-installer.tmp
MD5
186f049568c683c2597f94ac445d054f

SHA1
b66903ea56214a05ede4f5228813028ba208041a

SHA256
55d0d8353358de375f54cdc67dc1226d809f34771f4b728e2a52a9c22744312c

SHA512
0b9d47c34fddbd7e2d021760ba562971948892a419151e56a5d081f0488b552577e824ce15a625247260da743937d38ccce1df3cc73489c35ecb8c5c0b97297a

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-conio-l1-1-0.dll
MD5
4296cf3a7180e10aaf6147f4aecd24e4

SHA1
f81e09af979a1146774d554783d1a22a03a61393

SHA256
147f86ff93d61fea256b3de9149e1b36b68a83762e62a3389466218e18359ffc

SHA512
60357edde6572c5e796f927c3e72c31a96ff700624b7366fdda64bcf51ee00bf1e9ab477a46d8d3ba7391ba10491e69f745efec3607f8f49b6e1a3a3de7a0648

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-convert-l1-1-0.dll
MD5
5c6fd1c6a5e69313a853a224e18a7fac

SHA1
10bae352f09b214edef2dc6adcb364c45fafdbec

SHA256
3aa0eb4c47ac94b911f1a440324d26eee8ddf99557a718f0905bfee3cf56255f

SHA512
08c2b1150f6bf505d10085a515bbfab6c1e18663c6ef75ec988727e3d30210532d03bfbfbb048b1a843d4faa5d1060f9079e018a9e892bce03f899a5a85f6034

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-environment-l1-1-0.dll
MD5
6a3d5701446f6635faff87014a836eee

SHA1
7bbc9db1c9ce70e9fc7b7348a2c96681e5d8265b

SHA256
16ba05a1fa928501ffaee2e9dce449d28e8fe538df5ec6d8d1080b610b15d466

SHA512
839a1277b6dbb9f2d6e572e1b50b0ad08c93256a1367f36997db07285aa7b251346499a643a985a22d9a7618635c11964e414073aa7e1bf60d36368829de8fb3

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-filesystem-l1-1-0.dll
MD5
4ec243792d382305db59dc78b72d0a1e

SHA1
63b7285646c72ee640d34cdc200bfc5863db3563

SHA256
56e0bdf91edb21f5f5041f052723025c059a11360bb745f965a9903de9c61756

SHA512
88f648d45927db65ff8cead4bb1959b1297410bf3f5b3b2783a173d708649260a61470342694de8b93e9c1657de64db43db40ee71acc661b03786c0921d68d4b

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-heap-l1-1-0.dll
MD5
a51cfb8cf618571215eeba7095733b25

SHA1
db4215890757c7c105a8001b41ae19ce1a5d3558

SHA256
6501894e68a3871962731282a2e70614023ec3f63f600f933ec1785400716ce1

SHA512
9ae11ab21486dea1aba607a4262f62678c5b0e9f62b6a63c76cfdc7698d872d8696ffb1aaae7aa2e2cf02c1c7eaa53d0ce503432960f4be6886fae0de2659535

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-locale-l1-1-0.dll
MD5
8d097aa5bec8bdb5df8f39e0db30397c

SHA1
56f6da8703f8cdd4a8e4a170d1a6c0d3f2035158

SHA256
42c235914844ce5d1bb64002fca34a776ae25ee658fc2b7b9da3291e5def7d4d

SHA512
a891536e2a362fc73472fa7f5266ce29e8036959701bc0862f2b7ea5865dcd1505615edc8e064fb2f7aaa1b129e48422efe7b933b01faed9c2afadd8a64452dc

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-math-l1-1-0.dll
MD5
ab87bdae2f62e32a533f89cd362d081c

SHA1
40311859dd042a7e392877364568aad892792ba9

SHA256
0439703e47c8fce1f367f9e36248a738db6abcd9f2dd199cb190d5e59ed46978

SHA512
dbe0073da8979f3d32204680015b60435226840e732b5df964dbeeb7920c0bc5df92d866964f905518c97cc3539f628664503ffa64e50a2ef90c459b62555444

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-multibyte-l1-1-0.dll
MD5
169e20a74258b182d2cdc76f1ae77fc5

SHA1
fce3f718e6de505ac910cb7333a03a2c6544f654

SHA256
224f526871c961615de17b5d7f7bbef2f3a799055cab2c8e3447b43c10c25372

SHA512
0881c8704421a5f6e51abd22c55608dd7fb678491682ce86066e068b1973ebf11d6c2163be610a49f87e800c8563ebb41abfe36e1913d7d0b8485fd29ed81bf7

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-runtime-l1-1-0.dll
MD5
49363f3cf4671baa6be1abd03033542f

SHA1
e58902a82df86adf16f44ebdc558b92ad214a979

SHA256
505d2bde0d4d7cd3900a9c795cb84ab9c05208d6e5132749ab7c554ccd3c0fcc

SHA512
98e78a607cfbb777237dc812f468ec7a1abcba9472e20a5780dfc526f7992da1841fcd9e2f76f20fa161240007f185c7fbdc120fb4c3c1f2b90fdad5913d65dd

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-stdio-l1-1-0.dll
MD5
be16965acc8b0ce3a8a7c42d09329577

SHA1
6ac0f1e759781c7e5342b20f2a200a6aab66535e

SHA256
fcd55331cc1f0ff4fb44c9590a9fb8f891b161147a6947ce48b88bf708786c21

SHA512
7ba55fa204d43c15aca02031f584b3396bb175365dad88e4047b8a991f1f1ddd88d769e4d8cb93ee0ed45e060a1156e953df794f9cb8bb687c84c4a088da2edf

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-string-l1-1-0.dll
MD5
3eae6d370f2623b37ec39c521d1f1461

SHA1
86d43e2e69b2066333e4afa28a27c7a74ff89991

SHA256
ce74bdc6999d084a1b44b2ecea42dd28849b2825d7779effdc4c18360308b79b

SHA512
30b2b6cf5cd1bbdf68de048e6d992133fe7ab0c847fa0d5eb8c681a9688d60794621a40178451a104036a0fff2e1bd66a18d9f96be6b28dbdc0bc1c8a535fc85

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-time-l1-1-0.dll
MD5
a440776e10098f3a8ef1c5eaca72958e

SHA1
7b8662714f6e44fb29a4224a038e4127964003e9

SHA256
40d8bc312ac7bca072703e5f0852228cde418f89ba9ad69551aa7a80a2b30316

SHA512
b043cd020d184a239510b2607c94210dc5fdc5d2a2b9285836bdce8934cc86a1cc3f47a2f520b15db84f755ac2e7c67e0247099648d292bbd5fb76f683d928df

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-utility-l1-1-0.dll
MD5
a0a883e26be6800508162e2a898148d9

SHA1
4f79892e7766cb7831211864978575598c86a11b

SHA256
9753ae83536767c73e340c36c5f1610bc76a3e67e033b07503ec31431cba7b90

SHA512
70904f2fd074073aebcf665178b34cf7f0f42ced7223ca296f7f202f6fa0175ace2832d9802f5bff4d67891ca09ae14fac47420d69107e72aa44b541a190f6c3

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\cmswrite.dll
MD5
3aa620a3832249894026a7bcef141947

SHA1
465efee181f8d8288c4a34b0a80e7070f3aa48f7

SHA256
568e680c3ecaa84a76e111054a138d867813b9f65bbdc967c98304d6a0b4cf69

SHA512
a788cdb4cdafbd7b96f5b9e88b72cb57fd18d8ab70e0e166fcdcdd553e1de559a6017535274e09e30d6183c7c9baae58d711820f927a8ed3c3811c6f994809a7

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\libwmf2.dll
MD5
830c6fdda9cd0cee12dba51f793eecf8

SHA1
1923f3fb75e5d81a40e0aa3ffe613138fe9402c6

SHA256
695ac459ba83bb3dfeb45294b2d7669b7b032a10c20be8acee337017a62f2099

SHA512
34d2ec03224cca7dc9f77c0ff1d5a9f535944c3f83ac0a8562f467b3099db83ebf678f80c77c5d888a96a1efee65ff8a69ca49e649d2013d7e318662c9fbedd4

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\link.exe
MD5
e1e23f21b223a052c39e8c67acd38105

SHA1
7f0e0baf554412a45fb10b04b0b159394f0cf3ab

SHA256
f1261751289ad124a521bad5bcab76826f70b9d4686a48b9f5b3523415004cf1

SHA512
d6191bdaecefe06589676c2fe54bbb2ed68e79b62f931fd3d2257e2fe1089c89508e6c09c88257f039c581200dc1b709bfff85e9de767ab5f7555765e2ca6958

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\link.exe
MD5
e1e23f21b223a052c39e8c67acd38105

SHA1
7f0e0baf554412a45fb10b04b0b159394f0cf3ab

SHA256
f1261751289ad124a521bad5bcab76826f70b9d4686a48b9f5b3523415004cf1

SHA512
d6191bdaecefe06589676c2fe54bbb2ed68e79b62f931fd3d2257e2fe1089c89508e6c09c88257f039c581200dc1b709bfff85e9de767ab5f7555765e2ca6958

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\makecat.exe
MD5
8fa639e29c7d1e7a1bd0d493354df226

SHA1
3ad3203b18dec68815f084f28bb956f0e1f8b9fe

SHA256
9177d32598d86cbe839d9a64e7654a76c2f33a91fb01186ecaed1f9e98292438

SHA512
4d0bb6ccbc53bd4c9fca04bac51814a6064df2d954bf260ec24eadad61226fbea4ab569b0c2f9ba3c046284e12051a653be534aa6556d6849bff172e2c73f626

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\makecat.exe
MD5
8fa639e29c7d1e7a1bd0d493354df226

SHA1
3ad3203b18dec68815f084f28bb956f0e1f8b9fe

SHA256
9177d32598d86cbe839d9a64e7654a76c2f33a91fb01186ecaed1f9e98292438

SHA512
4d0bb6ccbc53bd4c9fca04bac51814a6064df2d954bf260ec24eadad61226fbea4ab569b0c2f9ba3c046284e12051a653be534aa6556d6849bff172e2c73f626

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\msvcp140.dll
MD5
1d8c79f293ca86e8857149fb4efe4452

SHA1
7474e7a5cb9c79c4b99fdf9fb50ef3011bef7e8f

SHA256
c09b126e7d4c1e6efb3ffcda2358252ce37383572c78e56ca97497a7f7c793e4

SHA512
83c4d842d4b07ba5cec559b6cd1c22ab8201941a667e7b173c405d2fc8862f7e5d9703e14bd7a1babd75165c30e1a2c95f9d1648f318340ea5e2b145d54919b1

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\tbbmalloc.dll
MD5
b61a9ee5a6c3c7a4d8b2944bee989250

SHA1
b3268110ebe8d565847a34340987465c7394989b

SHA256
c51fc91e9b7c855b691217dea5bc72fdf0c567f76deb204a80a0f7f50a885694

SHA512
83224db6dbf8c7e1a2939126f3bdd8c110d9efde08e2243d22dcbed30d58c3730c319cc8424fd155728236cf0d4cf4d0f7c79e713df9eb840dad1a4013aac1bf

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\ucrtbase.dll
MD5
8ed02a1a11cec72b6a6a4989bf03cfcc

SHA1
172908ff0f8d7e1c0cbf107f7075ed1dba4b36c8

SHA256
4fd02f2699c49579319079b963425991198f59cb1589b8afa8795b5d6a0e5db3

SHA512
444fe62a5c324d38bdc055d298b5784c741f3ca8faaeaed591bd6dcf94205dbf28c7d7f7d3825ccb99eff04e3ffd831e3f98d9b314820841a0c0960ae6a5e416

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\vcruntime140.dll
MD5
b77eeaeaf5f8493189b89852f3a7a712

SHA1
c40cf51c2eadb070a570b969b0525dc3fb684339

SHA256
b7c13f8519340257ba6ae3129afce961f137e394dde3e4e41971b9f912355f5e

SHA512
a09a1b60c9605969a30f99d3f6215d4bf923759b4057ba0a5375559234f17d47555a84268e340ffc9ad07e03d11f40dd1f3fb5da108d11eb7f7933b7d87f2de3

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\wmfobserve.dll
MD5
5eb5c4fcc56dacb39450926293183153

SHA1
eb9558f47af92c962e10f8a43b6e4e8b87c1be24

SHA256
b819b42c75a35760c8ac5cd8dbfe0814c440098ca0b891a2e2f415f0b61ce844

SHA512
840962c61768d4e62b3d5bcb4c29039d455cb41c8bfcc1651306f12d3dce42735adfeacde7d7f97c501b3276042bd645f4a81a9f1779a81d1b147149898bd5ac

Download Submit
memory/1092-119-0x00000000007E0000-0x0000000000857000-memory.dmp

Filesize
476KB

Download
memory/1092-125-0x00000000050E0000-0x00000000090E0000-memory.dmp

Filesize
64.0MB

Download
memory/1548-69-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1548-72-0x0000000070DC1000-0x0000000070DC3000-memory.dmp

Filesize
8KB

Download
memory/1748-63-0x0000000075021000-0x0000000075023000-memory.dmp

Filesize
8KB

Download
memory/1748-64-0x0000000000400000-0x00000000004E6000-memory.dmp

Filesize
920KB

Download