babadeda | 86be6338e4d75689fc329804b275191df2707927e8d0424d0eb08eb7014f5148

Analysis

max time kernel
200s
max time network
206s
platform
windows7_x64
resource
win7-en-20211208
submitted
04-02-2022 08:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SushiSwap-dApp-3.1.0-installer.exe
Size

118.7MB
MD5

6d18c493a8795bd7ee7d25577b40ca14
SHA1

50c8c47bd149db109d79ccee985eb20b52abbb87
SHA256

86be6338e4d75689fc329804b275191df2707927e8d0424d0eb08eb7014f5148
SHA512

b275a81ea6953b09c622c43edba117790c737f8cf92f0e8a6275d1ea879ad4e9a0c776360bc1d199cc5b14a6468f985d4991485d89c0a63e9b23170ae90b4996

Score

10^/10

babadeda remcos sys32 crypter loader rat

Malware Config

Extracted

Family

remcos

Botnet

Sys32

157.90.1.54:4783

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
true
install_flag
false
install_path
%AppData%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
Logs
keylog_path
%AppData%
mouse_option
false
mutex
Sys-PVUZ63
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title
notepad;solitaire;

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 2 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\MiPony Installer\pg	family_babadeda
behavioral1/memory/1688-114-0x0000000004EC0000-0x0000000008EC0000-memory.dmp	family_babadeda

Remcos
Remcos is a closed-source remote control and surveillance software.
rat remcos
Executes dropped EXE 3 IoCs

Processes:

SushiSwap-dApp-3.1.0-installer.tmpmakecat.exelink.exe

pid process

592 SushiSwap-dApp-3.1.0-installer.tmp
884 makecat.exe
1688 link.exe

pid	process
592	SushiSwap-dApp-3.1.0-installer.tmp
884	makecat.exe
1688	link.exe

Loads dropped DLL 24 IoCs

Processes:

SushiSwap-dApp-3.1.0-installer.exeSushiSwap-dApp-3.1.0-installer.tmplink.exe

pid	process
808	SushiSwap-dApp-3.1.0-installer.exe
592	SushiSwap-dApp-3.1.0-installer.tmp
592	SushiSwap-dApp-3.1.0-installer.tmp
592	SushiSwap-dApp-3.1.0-installer.tmp
1688	link.exe
1688	link.exe
1688	link.exe
1688	link.exe
1688	link.exe
1688	link.exe
1688	link.exe
1688	link.exe
1688	link.exe
1688	link.exe
1688	link.exe
1688	link.exe
1688	link.exe
1688	link.exe
1688	link.exe
1688	link.exe
1688	link.exe
1688	link.exe
1688	link.exe
1688	link.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

SushiSwap-dApp-3.1.0-installer.tmp

pid process

592 SushiSwap-dApp-3.1.0-installer.tmp
592 SushiSwap-dApp-3.1.0-installer.tmp
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

link.exe

pid process

1688 link.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

SushiSwap-dApp-3.1.0-installer.tmp

pid process

592 SushiSwap-dApp-3.1.0-installer.tmp
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

link.exe

pid process

1688 link.exe

pid	process
592	SushiSwap-dApp-3.1.0-installer.tmp
592	SushiSwap-dApp-3.1.0-installer.tmp

pid	process
1688	link.exe

pid	process
592	SushiSwap-dApp-3.1.0-installer.tmp

pid	process
1688	link.exe

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

SushiSwap-dApp-3.1.0-installer.exeSushiSwap-dApp-3.1.0-installer.tmp

description	pid	process	target process
PID 808 wrote to memory of 592	808	SushiSwap-dApp-3.1.0-installer.exe	SushiSwap-dApp-3.1.0-installer.tmp
PID 808 wrote to memory of 592	808	SushiSwap-dApp-3.1.0-installer.exe	SushiSwap-dApp-3.1.0-installer.tmp
PID 808 wrote to memory of 592	808	SushiSwap-dApp-3.1.0-installer.exe	SushiSwap-dApp-3.1.0-installer.tmp
PID 808 wrote to memory of 592	808	SushiSwap-dApp-3.1.0-installer.exe	SushiSwap-dApp-3.1.0-installer.tmp
PID 808 wrote to memory of 592	808	SushiSwap-dApp-3.1.0-installer.exe	SushiSwap-dApp-3.1.0-installer.tmp
PID 808 wrote to memory of 592	808	SushiSwap-dApp-3.1.0-installer.exe	SushiSwap-dApp-3.1.0-installer.tmp
PID 808 wrote to memory of 592	808	SushiSwap-dApp-3.1.0-installer.exe	SushiSwap-dApp-3.1.0-installer.tmp
PID 592 wrote to memory of 884	592	SushiSwap-dApp-3.1.0-installer.tmp	makecat.exe
PID 592 wrote to memory of 884	592	SushiSwap-dApp-3.1.0-installer.tmp	makecat.exe
PID 592 wrote to memory of 884	592	SushiSwap-dApp-3.1.0-installer.tmp	makecat.exe
PID 592 wrote to memory of 884	592	SushiSwap-dApp-3.1.0-installer.tmp	makecat.exe
PID 592 wrote to memory of 1688	592	SushiSwap-dApp-3.1.0-installer.tmp	link.exe
PID 592 wrote to memory of 1688	592	SushiSwap-dApp-3.1.0-installer.tmp	link.exe
PID 592 wrote to memory of 1688	592	SushiSwap-dApp-3.1.0-installer.tmp	link.exe
PID 592 wrote to memory of 1688	592	SushiSwap-dApp-3.1.0-installer.tmp	link.exe

C:\Users\Admin\AppData\Local\Temp\SushiSwap-dApp-3.1.0-installer.exe
"C:\Users\Admin\AppData\Local\Temp\SushiSwap-dApp-3.1.0-installer.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:808

C:\Users\Admin\AppData\Local\Temp\is-E76TK.tmp\SushiSwap-dApp-3.1.0-installer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-E76TK.tmp\SushiSwap-dApp-3.1.0-installer.tmp" /SL5="$7014A,123591408,908288,C:\Users\Admin\AppData\Local\Temp\SushiSwap-dApp-3.1.0-installer.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:592

C:\Users\Admin\AppData\Roaming\MiPony Installer\makecat.exe
"C:\Users\Admin\AppData\Roaming\MiPony Installer\makecat.exe"
3⤵
- Executes dropped EXE
PID:884

C:\Users\Admin\AppData\Roaming\MiPony Installer\link.exe
"C:\Users\Admin\AppData\Roaming\MiPony Installer\link.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1688

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-E76TK.tmp\SushiSwap-dApp-3.1.0-installer.tmp
MD5
7fb26b330a47962e9969ef798b397f78

SHA1
64f9a1ef303dcf59ca06d0d7808124bd7d060d83

SHA256
4c97063d575f9d8d0b439676f71cae00f0b7cf6f7cb0e7a43167a9d7dc1223b3

SHA512
9252182cc27bdc75295dcab4918a5ed5becd900b8261a250dbf34c1a9ceb37194bb69963f2b2304a40ffe70bb0aa2ee337d3cf3cf082874bfbf352cc97c240bc

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\MSVCP140.dll
MD5
1d8c79f293ca86e8857149fb4efe4452

SHA1
7474e7a5cb9c79c4b99fdf9fb50ef3011bef7e8f

SHA256
c09b126e7d4c1e6efb3ffcda2358252ce37383572c78e56ca97497a7f7c793e4

SHA512
83c4d842d4b07ba5cec559b6cd1c22ab8201941a667e7b173c405d2fc8862f7e5d9703e14bd7a1babd75165c30e1a2c95f9d1648f318340ea5e2b145d54919b1

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\VCRUNTIME140.dll
MD5
b77eeaeaf5f8493189b89852f3a7a712

SHA1
c40cf51c2eadb070a570b969b0525dc3fb684339

SHA256
b7c13f8519340257ba6ae3129afce961f137e394dde3e4e41971b9f912355f5e

SHA512
a09a1b60c9605969a30f99d3f6215d4bf923759b4057ba0a5375559234f17d47555a84268e340ffc9ad07e03d11f40dd1f3fb5da108d11eb7f7933b7d87f2de3

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-conio-l1-1-0.dll
MD5
4296cf3a7180e10aaf6147f4aecd24e4

SHA1
f81e09af979a1146774d554783d1a22a03a61393

SHA256
147f86ff93d61fea256b3de9149e1b36b68a83762e62a3389466218e18359ffc

SHA512
60357edde6572c5e796f927c3e72c31a96ff700624b7366fdda64bcf51ee00bf1e9ab477a46d8d3ba7391ba10491e69f745efec3607f8f49b6e1a3a3de7a0648

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-convert-l1-1-0.dll
MD5
5c6fd1c6a5e69313a853a224e18a7fac

SHA1
10bae352f09b214edef2dc6adcb364c45fafdbec

SHA256
3aa0eb4c47ac94b911f1a440324d26eee8ddf99557a718f0905bfee3cf56255f

SHA512
08c2b1150f6bf505d10085a515bbfab6c1e18663c6ef75ec988727e3d30210532d03bfbfbb048b1a843d4faa5d1060f9079e018a9e892bce03f899a5a85f6034

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-environment-l1-1-0.dll
MD5
6a3d5701446f6635faff87014a836eee

SHA1
7bbc9db1c9ce70e9fc7b7348a2c96681e5d8265b

SHA256
16ba05a1fa928501ffaee2e9dce449d28e8fe538df5ec6d8d1080b610b15d466

SHA512
839a1277b6dbb9f2d6e572e1b50b0ad08c93256a1367f36997db07285aa7b251346499a643a985a22d9a7618635c11964e414073aa7e1bf60d36368829de8fb3

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-filesystem-l1-1-0.dll
MD5
4ec243792d382305db59dc78b72d0a1e

SHA1
63b7285646c72ee640d34cdc200bfc5863db3563

SHA256
56e0bdf91edb21f5f5041f052723025c059a11360bb745f965a9903de9c61756

SHA512
88f648d45927db65ff8cead4bb1959b1297410bf3f5b3b2783a173d708649260a61470342694de8b93e9c1657de64db43db40ee71acc661b03786c0921d68d4b

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-heap-l1-1-0.dll
MD5
a51cfb8cf618571215eeba7095733b25

SHA1
db4215890757c7c105a8001b41ae19ce1a5d3558

SHA256
6501894e68a3871962731282a2e70614023ec3f63f600f933ec1785400716ce1

SHA512
9ae11ab21486dea1aba607a4262f62678c5b0e9f62b6a63c76cfdc7698d872d8696ffb1aaae7aa2e2cf02c1c7eaa53d0ce503432960f4be6886fae0de2659535

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-locale-l1-1-0.dll
MD5
8d097aa5bec8bdb5df8f39e0db30397c

SHA1
56f6da8703f8cdd4a8e4a170d1a6c0d3f2035158

SHA256
42c235914844ce5d1bb64002fca34a776ae25ee658fc2b7b9da3291e5def7d4d

SHA512
a891536e2a362fc73472fa7f5266ce29e8036959701bc0862f2b7ea5865dcd1505615edc8e064fb2f7aaa1b129e48422efe7b933b01faed9c2afadd8a64452dc

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-math-l1-1-0.dll
MD5
ab87bdae2f62e32a533f89cd362d081c

SHA1
40311859dd042a7e392877364568aad892792ba9

SHA256
0439703e47c8fce1f367f9e36248a738db6abcd9f2dd199cb190d5e59ed46978

SHA512
dbe0073da8979f3d32204680015b60435226840e732b5df964dbeeb7920c0bc5df92d866964f905518c97cc3539f628664503ffa64e50a2ef90c459b62555444

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-multibyte-l1-1-0.dll
MD5
169e20a74258b182d2cdc76f1ae77fc5

SHA1
fce3f718e6de505ac910cb7333a03a2c6544f654

SHA256
224f526871c961615de17b5d7f7bbef2f3a799055cab2c8e3447b43c10c25372

SHA512
0881c8704421a5f6e51abd22c55608dd7fb678491682ce86066e068b1973ebf11d6c2163be610a49f87e800c8563ebb41abfe36e1913d7d0b8485fd29ed81bf7

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-runtime-l1-1-0.dll
MD5
49363f3cf4671baa6be1abd03033542f

SHA1
e58902a82df86adf16f44ebdc558b92ad214a979

SHA256
505d2bde0d4d7cd3900a9c795cb84ab9c05208d6e5132749ab7c554ccd3c0fcc

SHA512
98e78a607cfbb777237dc812f468ec7a1abcba9472e20a5780dfc526f7992da1841fcd9e2f76f20fa161240007f185c7fbdc120fb4c3c1f2b90fdad5913d65dd

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-stdio-l1-1-0.dll
MD5
be16965acc8b0ce3a8a7c42d09329577

SHA1
6ac0f1e759781c7e5342b20f2a200a6aab66535e

SHA256
fcd55331cc1f0ff4fb44c9590a9fb8f891b161147a6947ce48b88bf708786c21

SHA512
7ba55fa204d43c15aca02031f584b3396bb175365dad88e4047b8a991f1f1ddd88d769e4d8cb93ee0ed45e060a1156e953df794f9cb8bb687c84c4a088da2edf

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-string-l1-1-0.dll
MD5
3eae6d370f2623b37ec39c521d1f1461

SHA1
86d43e2e69b2066333e4afa28a27c7a74ff89991

SHA256
ce74bdc6999d084a1b44b2ecea42dd28849b2825d7779effdc4c18360308b79b

SHA512
30b2b6cf5cd1bbdf68de048e6d992133fe7ab0c847fa0d5eb8c681a9688d60794621a40178451a104036a0fff2e1bd66a18d9f96be6b28dbdc0bc1c8a535fc85

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-time-l1-1-0.dll
MD5
a440776e10098f3a8ef1c5eaca72958e

SHA1
7b8662714f6e44fb29a4224a038e4127964003e9

SHA256
40d8bc312ac7bca072703e5f0852228cde418f89ba9ad69551aa7a80a2b30316

SHA512
b043cd020d184a239510b2607c94210dc5fdc5d2a2b9285836bdce8934cc86a1cc3f47a2f520b15db84f755ac2e7c67e0247099648d292bbd5fb76f683d928df

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-utility-l1-1-0.dll
MD5
a0a883e26be6800508162e2a898148d9

SHA1
4f79892e7766cb7831211864978575598c86a11b

SHA256
9753ae83536767c73e340c36c5f1610bc76a3e67e033b07503ec31431cba7b90

SHA512
70904f2fd074073aebcf665178b34cf7f0f42ced7223ca296f7f202f6fa0175ace2832d9802f5bff4d67891ca09ae14fac47420d69107e72aa44b541a190f6c3

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\cmswrite.dll
MD5
3aa620a3832249894026a7bcef141947

SHA1
465efee181f8d8288c4a34b0a80e7070f3aa48f7

SHA256
568e680c3ecaa84a76e111054a138d867813b9f65bbdc967c98304d6a0b4cf69

SHA512
a788cdb4cdafbd7b96f5b9e88b72cb57fd18d8ab70e0e166fcdcdd553e1de559a6017535274e09e30d6183c7c9baae58d711820f927a8ed3c3811c6f994809a7

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\libwmf2.dll
MD5
c171e05121a8393bdb0a8b20b46b793e

SHA1
14b958dfd13525d3f96bc0e9f958871f7c98386e

SHA256
054d62f9ec90bc66ff5fd227af22530d6d7ed0b29bc21ec298bb809f10dc7d49

SHA512
c568fb5fd7207b8c961fdb45fdacdc79c42ff05d0fe1b00fbe60664a7fc19052573f44f92bdb8143b3f72507d09a63b761edcb06b84840849a1a9075a6ce0713

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\link.exe
MD5
e1e23f21b223a052c39e8c67acd38105

SHA1
7f0e0baf554412a45fb10b04b0b159394f0cf3ab

SHA256
f1261751289ad124a521bad5bcab76826f70b9d4686a48b9f5b3523415004cf1

SHA512
d6191bdaecefe06589676c2fe54bbb2ed68e79b62f931fd3d2257e2fe1089c89508e6c09c88257f039c581200dc1b709bfff85e9de767ab5f7555765e2ca6958

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\makecat.exe
MD5
8fa639e29c7d1e7a1bd0d493354df226

SHA1
3ad3203b18dec68815f084f28bb956f0e1f8b9fe

SHA256
9177d32598d86cbe839d9a64e7654a76c2f33a91fb01186ecaed1f9e98292438

SHA512
4d0bb6ccbc53bd4c9fca04bac51814a6064df2d954bf260ec24eadad61226fbea4ab569b0c2f9ba3c046284e12051a653be534aa6556d6849bff172e2c73f626

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\pg
MD5
d759799c9fab5a28a2c8b5eda93c5546

SHA1
aeefd53b64901005cd5fb6d3be7c8192fa505772

SHA256
8e6ae6f2c0c1dbe9b9fa315206b824ba9d72c337fec6d22763beb5d15c68c7d1

SHA512
8aa394ca09ba9e9893d29e44ee709042b207ba025bc8b5b102f53d74e48c806213dda8ef74ea8085ad69deec712db34b107ab448d2eb0d80fa43723ac5718c34

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\tbbmalloc.dll
MD5
b61a9ee5a6c3c7a4d8b2944bee989250

SHA1
b3268110ebe8d565847a34340987465c7394989b

SHA256
c51fc91e9b7c855b691217dea5bc72fdf0c567f76deb204a80a0f7f50a885694

SHA512
83224db6dbf8c7e1a2939126f3bdd8c110d9efde08e2243d22dcbed30d58c3730c319cc8424fd155728236cf0d4cf4d0f7c79e713df9eb840dad1a4013aac1bf

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\ucrtbase.DLL
MD5
8ed02a1a11cec72b6a6a4989bf03cfcc

SHA1
172908ff0f8d7e1c0cbf107f7075ed1dba4b36c8

SHA256
4fd02f2699c49579319079b963425991198f59cb1589b8afa8795b5d6a0e5db3

SHA512
444fe62a5c324d38bdc055d298b5784c741f3ca8faaeaed591bd6dcf94205dbf28c7d7f7d3825ccb99eff04e3ffd831e3f98d9b314820841a0c0960ae6a5e416

Download Submit
C:\Users\Admin\AppData\Roaming\MiPony Installer\wmfobserve.dll
MD5
5eb5c4fcc56dacb39450926293183153

SHA1
eb9558f47af92c962e10f8a43b6e4e8b87c1be24

SHA256
b819b42c75a35760c8ac5cd8dbfe0814c440098ca0b891a2e2f415f0b61ce844

SHA512
840962c61768d4e62b3d5bcb4c29039d455cb41c8bfcc1651306f12d3dce42735adfeacde7d7f97c501b3276042bd645f4a81a9f1779a81d1b147149898bd5ac

Download Submit
\Users\Admin\AppData\Local\Temp\is-E76TK.tmp\SushiSwap-dApp-3.1.0-installer.tmp
MD5
7fb26b330a47962e9969ef798b397f78

SHA1
64f9a1ef303dcf59ca06d0d7808124bd7d060d83

SHA256
4c97063d575f9d8d0b439676f71cae00f0b7cf6f7cb0e7a43167a9d7dc1223b3

SHA512
9252182cc27bdc75295dcab4918a5ed5becd900b8261a250dbf34c1a9ceb37194bb69963f2b2304a40ffe70bb0aa2ee337d3cf3cf082874bfbf352cc97c240bc

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-conio-l1-1-0.dll
MD5
4296cf3a7180e10aaf6147f4aecd24e4

SHA1
f81e09af979a1146774d554783d1a22a03a61393

SHA256
147f86ff93d61fea256b3de9149e1b36b68a83762e62a3389466218e18359ffc

SHA512
60357edde6572c5e796f927c3e72c31a96ff700624b7366fdda64bcf51ee00bf1e9ab477a46d8d3ba7391ba10491e69f745efec3607f8f49b6e1a3a3de7a0648

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-convert-l1-1-0.dll
MD5
5c6fd1c6a5e69313a853a224e18a7fac

SHA1
10bae352f09b214edef2dc6adcb364c45fafdbec

SHA256
3aa0eb4c47ac94b911f1a440324d26eee8ddf99557a718f0905bfee3cf56255f

SHA512
08c2b1150f6bf505d10085a515bbfab6c1e18663c6ef75ec988727e3d30210532d03bfbfbb048b1a843d4faa5d1060f9079e018a9e892bce03f899a5a85f6034

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-environment-l1-1-0.dll
MD5
6a3d5701446f6635faff87014a836eee

SHA1
7bbc9db1c9ce70e9fc7b7348a2c96681e5d8265b

SHA256
16ba05a1fa928501ffaee2e9dce449d28e8fe538df5ec6d8d1080b610b15d466

SHA512
839a1277b6dbb9f2d6e572e1b50b0ad08c93256a1367f36997db07285aa7b251346499a643a985a22d9a7618635c11964e414073aa7e1bf60d36368829de8fb3

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-filesystem-l1-1-0.dll
MD5
4ec243792d382305db59dc78b72d0a1e

SHA1
63b7285646c72ee640d34cdc200bfc5863db3563

SHA256
56e0bdf91edb21f5f5041f052723025c059a11360bb745f965a9903de9c61756

SHA512
88f648d45927db65ff8cead4bb1959b1297410bf3f5b3b2783a173d708649260a61470342694de8b93e9c1657de64db43db40ee71acc661b03786c0921d68d4b

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-heap-l1-1-0.dll
MD5
a51cfb8cf618571215eeba7095733b25

SHA1
db4215890757c7c105a8001b41ae19ce1a5d3558

SHA256
6501894e68a3871962731282a2e70614023ec3f63f600f933ec1785400716ce1

SHA512
9ae11ab21486dea1aba607a4262f62678c5b0e9f62b6a63c76cfdc7698d872d8696ffb1aaae7aa2e2cf02c1c7eaa53d0ce503432960f4be6886fae0de2659535

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-locale-l1-1-0.dll
MD5
8d097aa5bec8bdb5df8f39e0db30397c

SHA1
56f6da8703f8cdd4a8e4a170d1a6c0d3f2035158

SHA256
42c235914844ce5d1bb64002fca34a776ae25ee658fc2b7b9da3291e5def7d4d

SHA512
a891536e2a362fc73472fa7f5266ce29e8036959701bc0862f2b7ea5865dcd1505615edc8e064fb2f7aaa1b129e48422efe7b933b01faed9c2afadd8a64452dc

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-math-l1-1-0.dll
MD5
ab87bdae2f62e32a533f89cd362d081c

SHA1
40311859dd042a7e392877364568aad892792ba9

SHA256
0439703e47c8fce1f367f9e36248a738db6abcd9f2dd199cb190d5e59ed46978

SHA512
dbe0073da8979f3d32204680015b60435226840e732b5df964dbeeb7920c0bc5df92d866964f905518c97cc3539f628664503ffa64e50a2ef90c459b62555444

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-multibyte-l1-1-0.dll
MD5
169e20a74258b182d2cdc76f1ae77fc5

SHA1
fce3f718e6de505ac910cb7333a03a2c6544f654

SHA256
224f526871c961615de17b5d7f7bbef2f3a799055cab2c8e3447b43c10c25372

SHA512
0881c8704421a5f6e51abd22c55608dd7fb678491682ce86066e068b1973ebf11d6c2163be610a49f87e800c8563ebb41abfe36e1913d7d0b8485fd29ed81bf7

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-runtime-l1-1-0.dll
MD5
49363f3cf4671baa6be1abd03033542f

SHA1
e58902a82df86adf16f44ebdc558b92ad214a979

SHA256
505d2bde0d4d7cd3900a9c795cb84ab9c05208d6e5132749ab7c554ccd3c0fcc

SHA512
98e78a607cfbb777237dc812f468ec7a1abcba9472e20a5780dfc526f7992da1841fcd9e2f76f20fa161240007f185c7fbdc120fb4c3c1f2b90fdad5913d65dd

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-stdio-l1-1-0.dll
MD5
be16965acc8b0ce3a8a7c42d09329577

SHA1
6ac0f1e759781c7e5342b20f2a200a6aab66535e

SHA256
fcd55331cc1f0ff4fb44c9590a9fb8f891b161147a6947ce48b88bf708786c21

SHA512
7ba55fa204d43c15aca02031f584b3396bb175365dad88e4047b8a991f1f1ddd88d769e4d8cb93ee0ed45e060a1156e953df794f9cb8bb687c84c4a088da2edf

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-string-l1-1-0.dll
MD5
3eae6d370f2623b37ec39c521d1f1461

SHA1
86d43e2e69b2066333e4afa28a27c7a74ff89991

SHA256
ce74bdc6999d084a1b44b2ecea42dd28849b2825d7779effdc4c18360308b79b

SHA512
30b2b6cf5cd1bbdf68de048e6d992133fe7ab0c847fa0d5eb8c681a9688d60794621a40178451a104036a0fff2e1bd66a18d9f96be6b28dbdc0bc1c8a535fc85

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-time-l1-1-0.dll
MD5
a440776e10098f3a8ef1c5eaca72958e

SHA1
7b8662714f6e44fb29a4224a038e4127964003e9

SHA256
40d8bc312ac7bca072703e5f0852228cde418f89ba9ad69551aa7a80a2b30316

SHA512
b043cd020d184a239510b2607c94210dc5fdc5d2a2b9285836bdce8934cc86a1cc3f47a2f520b15db84f755ac2e7c67e0247099648d292bbd5fb76f683d928df

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\api-ms-win-crt-utility-l1-1-0.dll
MD5
a0a883e26be6800508162e2a898148d9

SHA1
4f79892e7766cb7831211864978575598c86a11b

SHA256
9753ae83536767c73e340c36c5f1610bc76a3e67e033b07503ec31431cba7b90

SHA512
70904f2fd074073aebcf665178b34cf7f0f42ced7223ca296f7f202f6fa0175ace2832d9802f5bff4d67891ca09ae14fac47420d69107e72aa44b541a190f6c3

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\cmswrite.dll
MD5
3aa620a3832249894026a7bcef141947

SHA1
465efee181f8d8288c4a34b0a80e7070f3aa48f7

SHA256
568e680c3ecaa84a76e111054a138d867813b9f65bbdc967c98304d6a0b4cf69

SHA512
a788cdb4cdafbd7b96f5b9e88b72cb57fd18d8ab70e0e166fcdcdd553e1de559a6017535274e09e30d6183c7c9baae58d711820f927a8ed3c3811c6f994809a7

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\libwmf2.dll
MD5
83c79543f8bb607bb7bfc7d7a7adbac4

SHA1
c307ff1435694d071dc427c97aee329c55a9126a

SHA256
b50ca4c172fe55f5403e072f8b852ba2d4e87615dd809143846b21d67c341adc

SHA512
b215548060fb40658baa1fb3069ecb7e1d6ef8244e73e7fe3ed3f78643ac8a4abf812f54c6479b6a2a7510d9978da706797fa3fb9bf8c30c55f200f91c8af5ea

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\link.exe
MD5
e1e23f21b223a052c39e8c67acd38105

SHA1
7f0e0baf554412a45fb10b04b0b159394f0cf3ab

SHA256
f1261751289ad124a521bad5bcab76826f70b9d4686a48b9f5b3523415004cf1

SHA512
d6191bdaecefe06589676c2fe54bbb2ed68e79b62f931fd3d2257e2fe1089c89508e6c09c88257f039c581200dc1b709bfff85e9de767ab5f7555765e2ca6958

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\makecat.exe
MD5
8fa639e29c7d1e7a1bd0d493354df226

SHA1
3ad3203b18dec68815f084f28bb956f0e1f8b9fe

SHA256
9177d32598d86cbe839d9a64e7654a76c2f33a91fb01186ecaed1f9e98292438

SHA512
4d0bb6ccbc53bd4c9fca04bac51814a6064df2d954bf260ec24eadad61226fbea4ab569b0c2f9ba3c046284e12051a653be534aa6556d6849bff172e2c73f626

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\makecat.exe
MD5
8fa639e29c7d1e7a1bd0d493354df226

SHA1
3ad3203b18dec68815f084f28bb956f0e1f8b9fe

SHA256
9177d32598d86cbe839d9a64e7654a76c2f33a91fb01186ecaed1f9e98292438

SHA512
4d0bb6ccbc53bd4c9fca04bac51814a6064df2d954bf260ec24eadad61226fbea4ab569b0c2f9ba3c046284e12051a653be534aa6556d6849bff172e2c73f626

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\msvcp140.dll
MD5
1d8c79f293ca86e8857149fb4efe4452

SHA1
7474e7a5cb9c79c4b99fdf9fb50ef3011bef7e8f

SHA256
c09b126e7d4c1e6efb3ffcda2358252ce37383572c78e56ca97497a7f7c793e4

SHA512
83c4d842d4b07ba5cec559b6cd1c22ab8201941a667e7b173c405d2fc8862f7e5d9703e14bd7a1babd75165c30e1a2c95f9d1648f318340ea5e2b145d54919b1

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\tbbmalloc.dll
MD5
b61a9ee5a6c3c7a4d8b2944bee989250

SHA1
b3268110ebe8d565847a34340987465c7394989b

SHA256
c51fc91e9b7c855b691217dea5bc72fdf0c567f76deb204a80a0f7f50a885694

SHA512
83224db6dbf8c7e1a2939126f3bdd8c110d9efde08e2243d22dcbed30d58c3730c319cc8424fd155728236cf0d4cf4d0f7c79e713df9eb840dad1a4013aac1bf

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\ucrtbase.dll
MD5
8ed02a1a11cec72b6a6a4989bf03cfcc

SHA1
172908ff0f8d7e1c0cbf107f7075ed1dba4b36c8

SHA256
4fd02f2699c49579319079b963425991198f59cb1589b8afa8795b5d6a0e5db3

SHA512
444fe62a5c324d38bdc055d298b5784c741f3ca8faaeaed591bd6dcf94205dbf28c7d7f7d3825ccb99eff04e3ffd831e3f98d9b314820841a0c0960ae6a5e416

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\vcruntime140.dll
MD5
b77eeaeaf5f8493189b89852f3a7a712

SHA1
c40cf51c2eadb070a570b969b0525dc3fb684339

SHA256
b7c13f8519340257ba6ae3129afce961f137e394dde3e4e41971b9f912355f5e

SHA512
a09a1b60c9605969a30f99d3f6215d4bf923759b4057ba0a5375559234f17d47555a84268e340ffc9ad07e03d11f40dd1f3fb5da108d11eb7f7933b7d87f2de3

Download Submit
\Users\Admin\AppData\Roaming\MiPony Installer\wmfobserve.dll
MD5
5eb5c4fcc56dacb39450926293183153

SHA1
eb9558f47af92c962e10f8a43b6e4e8b87c1be24

SHA256
b819b42c75a35760c8ac5cd8dbfe0814c440098ca0b891a2e2f415f0b61ce844

SHA512
840962c61768d4e62b3d5bcb4c29039d455cb41c8bfcc1651306f12d3dce42735adfeacde7d7f97c501b3276042bd645f4a81a9f1779a81d1b147149898bd5ac

Download Submit
memory/592-62-0x0000000074D61000-0x0000000074D63000-memory.dmp

Filesize
8KB

Download
memory/592-60-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/808-55-0x0000000000400000-0x00000000004EB000-memory.dmp

Filesize
940KB

Download
memory/808-54-0x00000000766D1000-0x00000000766D3000-memory.dmp

Filesize
8KB

Download
memory/1688-108-0x0000000002480000-0x00000000024F7000-memory.dmp

Filesize
476KB

Download
memory/1688-114-0x0000000004EC0000-0x0000000008EC0000-memory.dmp

Filesize
64.0MB

Download