Overview

overview

10

Static

static

1.exe

windows7_x64

10

1.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    186s
  • max time network
    71s
  • platform
    windows7_x64
  • resource
    win7-20220331-en
  • submitted
    02-04-2022 04:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1.exe

  • Size

    8.1MB

  • MD5

    72ad5cebf69de22b971997bb261ef519

  • SHA1

    27aef0b7214b93b44cbeab76af1dd39db3d938fd

  • SHA256

    1b9a300d4e882a59e4bb15f7aa7069df6cc48057d1f89a71fff6df4e70d483f1

  • SHA512

    a4879dae60d580b3fad31311ae64acdc92604164cc95bd721a4a789c66791c5586eac3922e621c33aab5f919ad92e68ef6cbbc43b3d4857b547e627855bcefe8

Score
10/10
babadedaphoboscrypterevasionloaderpersistenceransomware

Malware Config

Signatures

  • Babadeda

    Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    loadercrypterbabadeda
  • Babadeda Crypter 3 IoCs
  • Phobos

    Phobos ransomware appeared at the beginning of 2019.

    ransomwarephobos
  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Executes dropped EXE 2 IoCs
  • Modifies Windows Firewall 1 TTPs
    evasion
  • Drops startup file 1 IoCs
  • Loads dropped DLL 47 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops desktop.ini file(s) 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Interacts with shadow copies 2 TTPs 1 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1.exe
    "C:\Users\Admin\AppData\Local\Temp\1.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1344
    • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\AdobeIPCBroker.exe
      "C:\Users\Admin\AppData\Roaming\GreatSim\Milling\AdobeIPCBroker.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      PID:1448
      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\AdobeIPCBroker.exe
        C:\Users\Admin\AppData\Roaming\GreatSim\Milling\AdobeIPCBroker.exe "-relaunchedForIntegrityLevel -launchedbyvulcan-1448 C:\Users\Admin\AppData\Roaming\GreatSim\Milling\AdobeIPCBroker.exe"
        3⤵
        • Executes dropped EXE
        • Drops startup file
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops desktop.ini file(s)
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:656
        • C:\Windows\system32\cmd.exe
          "C:\Windows\system32\cmd.exe"
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:1484
          • C:\Windows\system32\vssadmin.exe
            vssadmin delete shadows /all /quiet
            5⤵
            • Interacts with shadow copies
            PID:952
        • C:\Windows\system32\cmd.exe
          "C:\Windows\system32\cmd.exe"
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:1524
          • C:\Windows\system32\netsh.exe
            netsh advfirewall set currentprofile state off
            5⤵
              PID:1700
            • C:\Windows\system32\netsh.exe
              netsh firewall set opmode mode=disable
              5⤵
                PID:388
      • C:\Windows\system32\vssvc.exe
        C:\Windows\system32\vssvc.exe
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1724

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\AdobeIPCBroker.exe
        Filesize

        4.6MB

        MD5

        25d5826c1136dde91cb8ed3b9319c50d

        SHA1

        627b989677c7d3d7431ca2d1c591fee095197a1e

        SHA256

        098467cdf594b08bd6643592f24745f6f37132ab794da2d0263919d5d131bc81

        SHA512

        73bf5a1b8371bd70df4fb40ed1c08e2ad0db72722634de0167c8bcca7423b0f7fec9fa20bea66521aa051d842442432c623d440873d448af07b85914dbdf532e

        Download Submit

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\AdobeIPCBroker.exe
        Filesize

        4.6MB

        MD5

        25d5826c1136dde91cb8ed3b9319c50d

        SHA1

        627b989677c7d3d7431ca2d1c591fee095197a1e

        SHA256

        098467cdf594b08bd6643592f24745f6f37132ab794da2d0263919d5d131bc81

        SHA512

        73bf5a1b8371bd70df4fb40ed1c08e2ad0db72722634de0167c8bcca7423b0f7fec9fa20bea66521aa051d842442432c623d440873d448af07b85914dbdf532e

        Download Submit

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\CRClient.dll
        Filesize

        839KB

        MD5

        08abdf28c00df306cb339fc1324f2f43

        SHA1

        e54e1a1c009b3f6d94c0a9731ab3a1b54e8d50c6

        SHA256

        874f47e7f82114b68f443ef80a0188553dcba74356ccc579ffb41ecea606dde8

        SHA512

        e14e83356dc5f4c741d9479b33abac65dd365865605973c5b10b477bccab89b836bd41677e015c894c81c642ab582bb3f75e85374b44efde0f4acacbbb848027

        Download Submit

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\MSVCP140.dll
        Filesize

        439KB

        MD5

        5ff1fca37c466d6723ec67be93b51442

        SHA1

        34cc4e158092083b13d67d6d2bc9e57b798a303b

        SHA256

        5136a49a682ac8d7f1ce71b211de8688fce42ed57210af087a8e2dbc8a934062

        SHA512

        4802ef62630c521d83a1d333969593fb00c9b38f82b4d07f70fbd21f495fea9b3f67676064573d2c71c42bc6f701992989742213501b16087bb6110e337c7546

        Download Submit

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\StartupOptions.xml
        Filesize

        1KB

        MD5

        dcd02122ff75c24cee25500ad3a3d812

        SHA1

        76e733331554e9aaff6ccf0df22931db9ca852a4

        SHA256

        059280e2b72f31d15fe6b83b9362be359ebd2f16a5de4763a21d0885183854ba

        SHA512

        e7fb7605a3d46b302a977b21e14743a5d367ffd50a9ab339108a356894b5d75c7c2693609c9aed84cb8aeaddeb041dc018428ce20f7bc9bbc984b431db58ff21

        Download Submit

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\TmEvent.dll
        Filesize

        196KB

        MD5

        5766b7a2fd2431d5fd95e7dfe53e9059

        SHA1

        d59d571b7ea52a1cc08d734794825e19bbb8c5da

        SHA256

        58e6af41baa0b14777ee3daa03e1ed021e80c8a7b773efebb532b1225bf821b9

        SHA512

        6ddae690f205b81e58eab38a93c504ff18903bc58e10620f8a8ef2d17a862cded1f6654ffbd8803f1473a265a10b3b1f5ae2b80c39b4542fe428a914f8a5b017

        Download Submit

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\VCRUNTIME140.dll
        Filesize

        78KB

        MD5

        a37ee36b536409056a86f50e67777dd7

        SHA1

        1cafa159292aa736fc595fc04e16325b27cd6750

        SHA256

        8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825

        SHA512

        3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356

        Download Submit

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-core-file-l1-2-0.dll
        Filesize

        11KB

        MD5

        75614f411dec3bff7a4c3443fb06eebe

        SHA1

        bb77b493f3329284437f2173e5031908f080d68f

        SHA256

        196c741e12fe57d9fd3c274af8a93d95e148ac91ada451b31b78923bcea77b17

        SHA512

        f03b71cee885140edc53463132e1d736978ebb0c5e76f2db8c1f7cfd61afa1bf925109f2721cc796ffad4619ca69605c37db496d444c9d34616de5f95c7c9623

        Download Submit

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-core-file-l2-1-0.dll
        Filesize

        11KB

        MD5

        4f361342b691aedc577e1bbbd16a14ae

        SHA1

        b249050dc506fd4199bc2d6a00b2fac61e13842b

        SHA256

        2eb1e71d1112913f09cb372eaaeb19c0b849c81a50649da0e4a66b2c83ad9f32

        SHA512

        4efd2c4ca0e9a7e38c59d9ca797b0efecbf3d8f33e83f3b49b81f5a2b47fdfcc494abc88c634660783861d50087a106ffc713f19d7cc609e9be38e2250e2940a

        Download Submit

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-core-localization-l1-2-0.dll
        Filesize

        14KB

        MD5

        a5ef3ecb8ece8f31bfe429316281d64b

        SHA1

        13b0679242a262ecbda857b163c7db5a4b473c5b

        SHA256

        8678396666040b289999e82d1a0bb2175a6b5543922f05394252f7b3e986d0e7

        SHA512

        6f8da1d0c0122c10051a699cd77c1a21864ab14ba1cd485bd6d4c041e45591024254e642d0ae6310a9e1d1ad32e77183a62dab9dfc8ff050cce9e96d398e7ec2

        Download Submit

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-core-processthreads-l1-1-1.dll
        Filesize

        11KB

        MD5

        a37708eae8e652d16c4af5895cdd3a3d

        SHA1

        94e478d6568f07603e4d509e374b72a5c8b5ec7c

        SHA256

        abe2a6d988bfabb567874495f7fce79878967ccc00fea759597861f3fc73e349

        SHA512

        aa63684bc29bc4eb16a024944a02f4a55a595d7a651f56716ebc635d91474dcf1ed758a9218401ec1ea6610aa881036c3675909f14a37bcc4bd7157da44e21fc

        Download Submit

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-core-timezone-l1-1-0.dll
        Filesize

        11KB

        MD5

        14d9b19e5b801439fe7f34e195b30306

        SHA1

        8e3c156e9c2fa7054d0456ff8f7e3104fb2694fe

        SHA256

        2004a8a13c016c92b63404b882ad945f21a86e36000b9cb5ba24cf3acedb0de3

        SHA512

        1bb0d5eb3a8fd3173da0f5df1f8d9ae045ce2a21dc73bb2af4b57e537d0b8761711527fedcbc2378b8df300baa317ed2608952de0cad3eb37a9886645f6d94db

        Download Submit

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-crt-convert-l1-1-0.dll
        Filesize

        14KB

        MD5

        88f89d0f2bd5748ed1af75889e715e6a

        SHA1

        8ada489b9ff33530a3fb7161cc07b5b11dfb8909

        SHA256

        02c78781bf6cc5f22a0ecedc3847bfd20bed4065ac028c386d063dc2318c33cc

        SHA512

        1f5a00284ca1d6dc6ae2dfce306febfa6d7d71d421583e4ce6890389334c2d98291e98e992b58136f5d1a41590553e3ad42fb362247ae8adf60e33397afbb5df

        Download Submit

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-crt-environment-l1-1-0.dll
        Filesize

        11KB

        MD5

        0979785e3ef8137cdd47c797adcb96e3

        SHA1

        4051c6eb37a4c0dba47b58301e63df76bff347dd

        SHA256

        d5164aecde4523ffa2dcfd0315b49428ac220013132ad48422a8ea4ca2361257

        SHA512

        e369bc53babd327f5d1b9833c0b8d6c7e121072ad81d4ba1fb3e2679f161fb6a9fa2fca0df0bac532fd439beb0d754583582d1dbfeccf2d38cc4f3bdca39b52d

        Download Submit

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-crt-filesystem-l1-1-0.dll
        Filesize

        12KB

        MD5

        a1b6cebd3d7a8b25b9a9cbc18d03a00c

        SHA1

        5516de099c49e0e6d1224286c3dc9b4d7985e913

        SHA256

        162ccf78fa5a4a2ee380f72fbd54d17a73c929a76f6e3659f537fa8f42602362

        SHA512

        a322fb09e6faaff0daabb4f0284e4e90ccacff27161dbfd77d39a9a93dbf30069b9d86bf15a07fc2006a55af2c35cd8ea544895c93e2e1697c51f2dafad5a9d7

        Download Submit

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-crt-heap-l1-1-0.dll
        Filesize

        11KB

        MD5

        a6a9dfb31be2510f6dbfedd476c6d15a

        SHA1

        cdb6d8bd1fbd1c71d85437cff55ddeb76139dbe7

        SHA256

        150d32b77b2d7f49c8d4f44b64a90d7a0f9df0874a80fc925daf298b038a8e4c

        SHA512

        b4f0e8fa148fac8a94e04bf4b44f2a26221d943cc399e7f48745ed46e8b58c52d9126110cdf868ebb723423fb0e304983d24fe6608d3757a43ad741bddb3b7ec

        Download Submit

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-crt-locale-l1-1-0.dll
        Filesize

        11KB

        MD5

        755d68cb04411f8c6f86842484b6e38b

        SHA1

        60fc150591e644eaa14d77e6bdedf125f94c14fd

        SHA256

        7e659c94c28f575d8ac20add7cecf421136ff19ce91916d255dc98b5ba16d57b

        SHA512

        b0cc16effb8fbc26bf58e121836e1d95d25e0438b16a21001e6e61173108d206355145d7ac005fd40e40a2ae3bccf24685844322af667754e6d057ba073d5b61

        Download Submit

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-crt-math-l1-1-0.dll
        Filesize

        21KB

        MD5

        461d5af3277efb5f000b9df826581b80

        SHA1

        935b00c88c2065f98746e2b4353d4369216f1812

        SHA256

        f9ce464b89dd8ea1d5e0b852369fe3a8322b4b9860e5ae401c9a3b797aed17bf

        SHA512

        229bf31a1de1e84cf238a0dfe0c3a13fee86da94d611fbc8fdb65086dee6a8b1a6ba37c44c5826c3d8cfa120d0fba9e690d31c5b4e73f98c8362b98be1ee9600

        Download Submit

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-crt-runtime-l1-1-0.dll
        Filesize

        16KB

        MD5

        b3b04c457159e1a174eee384eb8deec7

        SHA1

        09971b91bf45ae9f84475c6565aaf1c40b34079d

        SHA256

        59d0de4eecdb196d8be3856894967f38fea60d3afdd2d42ee7dd61d4638680fd

        SHA512

        e28bdd2a889110e6235f02eb50ee7da2c49dc7dd8373077518f82bc9fd42bf915fedac9ba0dd2b702879da2e8ab99840b7c65011d66a4a296eb8afc3930531c0

        Download Submit

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-crt-stdio-l1-1-0.dll
        Filesize

        16KB

        MD5

        5765103e1f5412c43295bd752ccaea03

        SHA1

        6913bf1624599e55680a0292e22c89cab559db81

        SHA256

        8f7ace43040fa86e972cc74649d3e643d21e4cad6cb86ba78d4c059ed35d95e4

        SHA512

        5844ac30bc73b7ffba75016abefb8a339e2f2822fc6e1441f33f70b6eb7114f828167dfc34527b0fb5460768c4de7250c655bc56efd8ba03115cd2dd6f6c91c0

        Download Submit

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-crt-string-l1-1-0.dll
        Filesize

        17KB

        MD5

        a18e20d0362d9da9a4ed8038938c5d74

        SHA1

        bb07e6e5149ec644eedb850f41039c558c670e4c

        SHA256

        6f7d536bc81d5a395d8b52f4bd448e36349b8ad4854df5e90e55700487ffaf92

        SHA512

        dbf8eb5a2069d248305f0c4e61bf1d718b47dfff539cae37ceb47ad73dae431c96d705fa1b17d85cdb984de89c01e38c12e9e7454519f5723550d2af5e4110f6

        Download Submit

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-crt-time-l1-1-0.dll
        Filesize

        13KB

        MD5

        f575a0246f350985fa8f320c1fb988e4

        SHA1

        a3673d65222205372abcd05bfc1c660d704a16dd

        SHA256

        49fc5116b92695b2437c36d17ffdc5fbde99cf3e48ddc9c1a4beb0e396f0d950

        SHA512

        4b06e54d83e5b42761d16c26a6c19a8a611ae165de94d9d2b8d98915030c0512b068e5c08fcc78cea6fae71d16d29b45bb9a248adf88f5132cea6bed062ed60e

        Download Submit

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-crt-utility-l1-1-0.dll
        Filesize

        11KB

        MD5

        3dfb82541979a23a9deb5fd4dcfb6b22

        SHA1

        5da1d02b764917b38fdc34f4b41fb9a599105dd9

        SHA256

        0cd6d0ff0ff5ecf973f545e98b68ac6038db5494a8990c3b77b8a95b664b6feb

        SHA512

        f9a20b3d44d39d941fa131c3a1db37614a2f9b2af7260981a0f72c69f82a5326901f70a56b5f7ad65862630fce59b02f650a132ee7ecfe2e4fc80f694483ca82

        Download Submit

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\ground
        Filesize

        393KB

        MD5

        996c12ac07c7955fe018b68ac29ff8fb

        SHA1

        a88d9543aaa0f748a1997162b0e7e67249ba7cfa

        SHA256

        94f19678077f95de2f8200fa32dbc538cd8ec839a0513741613e35a86a2ad3e2

        SHA512

        8271c0aa844b4b5598690bb44012d3597edb347c3e171835a340d66d5874f5e6bd2d76fda0e62b0e28967fcb479e227d95d67d120ab4977ea1e029890dd1cf21

        Download Submit

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\libcui40.dll
        Filesize

        125KB

        MD5

        a43453dc3f04860653ff23db54f91f0d

        SHA1

        17877adc35e03eb2e7f7a90281a97067a839b70d

        SHA256

        55135de67a5816c6622ae671c934d5a2bfac1b8f3f09083f64a3ae5997bfbfdf

        SHA512

        8b97417f00175408eaf348cd2315f954609b98434337c2d822b9e0f11d2d249c584ef8e58fc33ffbd107ef56581964735a62801096779a9f43899e69fd8d9a66

        Download Submit

      • C:\Users\Admin\AppData\Roaming\GreatSim\Milling\ucrtbase.DLL
        Filesize

        1.1MB

        MD5

        2040cdcd779bbebad36d36035c675d99

        SHA1

        918bc19f55e656f6d6b1e4713604483eb997ea15

        SHA256

        2ad9a105a9caa24f41e7b1a6f303c07e6faeceaf3aaf43ebd644d9d5746a4359

        SHA512

        83dc3c7e35f0f83e1224505d04cdbaee12b7ea37a2c3367cb4fccc4fff3e5923cf8a79dd513c33a667d8231b1cc6cfb1e33f957d92e195892060a22f53c7532f

        Download Submit

      • \Users\Admin\AppData\Local\Temp\pbC6693540\PB3Dll.dll
        Filesize

        202KB

        MD5

        142bc2bb269b896cc0f11f9021dcbc52

        SHA1

        75b09b25f8f6b3b0fc94fcdcc61d932f303ac418

        SHA256

        5da7da9abb77790ddbb87d86b9ea4b01a4f375035827e30fa879dab8c2a737db

        SHA512

        150ffd4e66ee126912c6a5071bec750e4b5e603af9cc79b26c63e482f7d5d0aafcae1c995f10b60ba2da138effb19c668e1515f35db3b8b7a508ef34f59d134a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\pbC6693540\PBCore.dll
        Filesize

        444KB

        MD5

        bf34ceda78a3ff4016e8eca82337ec06

        SHA1

        38966df0f48da3ee15e2a44545c982693d6f552a

        SHA256

        3b4e89de9ccb5b1beba22030e29e921460b375bcbe5364115cc093f329596889

        SHA512

        b5d4af43a78e8c061c823778786fa53db2736543ed2513a033b93302328f4af10d565a7ce4116ee6580400a02e23694eb2183ccfbc9c3d8132fef3e63ae58cae

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\AdobeIPCBroker.exe
        Filesize

        4.6MB

        MD5

        25d5826c1136dde91cb8ed3b9319c50d

        SHA1

        627b989677c7d3d7431ca2d1c591fee095197a1e

        SHA256

        098467cdf594b08bd6643592f24745f6f37132ab794da2d0263919d5d131bc81

        SHA512

        73bf5a1b8371bd70df4fb40ed1c08e2ad0db72722634de0167c8bcca7423b0f7fec9fa20bea66521aa051d842442432c623d440873d448af07b85914dbdf532e

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\CRClient.dll
        Filesize

        839KB

        MD5

        08abdf28c00df306cb339fc1324f2f43

        SHA1

        e54e1a1c009b3f6d94c0a9731ab3a1b54e8d50c6

        SHA256

        874f47e7f82114b68f443ef80a0188553dcba74356ccc579ffb41ecea606dde8

        SHA512

        e14e83356dc5f4c741d9479b33abac65dd365865605973c5b10b477bccab89b836bd41677e015c894c81c642ab582bb3f75e85374b44efde0f4acacbbb848027

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\CRClient.dll
        Filesize

        839KB

        MD5

        08abdf28c00df306cb339fc1324f2f43

        SHA1

        e54e1a1c009b3f6d94c0a9731ab3a1b54e8d50c6

        SHA256

        874f47e7f82114b68f443ef80a0188553dcba74356ccc579ffb41ecea606dde8

        SHA512

        e14e83356dc5f4c741d9479b33abac65dd365865605973c5b10b477bccab89b836bd41677e015c894c81c642ab582bb3f75e85374b44efde0f4acacbbb848027

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\TmEvent.dll
        Filesize

        196KB

        MD5

        5766b7a2fd2431d5fd95e7dfe53e9059

        SHA1

        d59d571b7ea52a1cc08d734794825e19bbb8c5da

        SHA256

        58e6af41baa0b14777ee3daa03e1ed021e80c8a7b773efebb532b1225bf821b9

        SHA512

        6ddae690f205b81e58eab38a93c504ff18903bc58e10620f8a8ef2d17a862cded1f6654ffbd8803f1473a265a10b3b1f5ae2b80c39b4542fe428a914f8a5b017

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\TmEvent.dll
        Filesize

        196KB

        MD5

        5766b7a2fd2431d5fd95e7dfe53e9059

        SHA1

        d59d571b7ea52a1cc08d734794825e19bbb8c5da

        SHA256

        58e6af41baa0b14777ee3daa03e1ed021e80c8a7b773efebb532b1225bf821b9

        SHA512

        6ddae690f205b81e58eab38a93c504ff18903bc58e10620f8a8ef2d17a862cded1f6654ffbd8803f1473a265a10b3b1f5ae2b80c39b4542fe428a914f8a5b017

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-core-file-l1-2-0.dll
        Filesize

        11KB

        MD5

        75614f411dec3bff7a4c3443fb06eebe

        SHA1

        bb77b493f3329284437f2173e5031908f080d68f

        SHA256

        196c741e12fe57d9fd3c274af8a93d95e148ac91ada451b31b78923bcea77b17

        SHA512

        f03b71cee885140edc53463132e1d736978ebb0c5e76f2db8c1f7cfd61afa1bf925109f2721cc796ffad4619ca69605c37db496d444c9d34616de5f95c7c9623

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-core-file-l1-2-0.dll
        Filesize

        11KB

        MD5

        75614f411dec3bff7a4c3443fb06eebe

        SHA1

        bb77b493f3329284437f2173e5031908f080d68f

        SHA256

        196c741e12fe57d9fd3c274af8a93d95e148ac91ada451b31b78923bcea77b17

        SHA512

        f03b71cee885140edc53463132e1d736978ebb0c5e76f2db8c1f7cfd61afa1bf925109f2721cc796ffad4619ca69605c37db496d444c9d34616de5f95c7c9623

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-core-file-l2-1-0.dll
        Filesize

        11KB

        MD5

        4f361342b691aedc577e1bbbd16a14ae

        SHA1

        b249050dc506fd4199bc2d6a00b2fac61e13842b

        SHA256

        2eb1e71d1112913f09cb372eaaeb19c0b849c81a50649da0e4a66b2c83ad9f32

        SHA512

        4efd2c4ca0e9a7e38c59d9ca797b0efecbf3d8f33e83f3b49b81f5a2b47fdfcc494abc88c634660783861d50087a106ffc713f19d7cc609e9be38e2250e2940a

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-core-file-l2-1-0.dll
        Filesize

        11KB

        MD5

        4f361342b691aedc577e1bbbd16a14ae

        SHA1

        b249050dc506fd4199bc2d6a00b2fac61e13842b

        SHA256

        2eb1e71d1112913f09cb372eaaeb19c0b849c81a50649da0e4a66b2c83ad9f32

        SHA512

        4efd2c4ca0e9a7e38c59d9ca797b0efecbf3d8f33e83f3b49b81f5a2b47fdfcc494abc88c634660783861d50087a106ffc713f19d7cc609e9be38e2250e2940a

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-core-localization-l1-2-0.dll
        Filesize

        14KB

        MD5

        a5ef3ecb8ece8f31bfe429316281d64b

        SHA1

        13b0679242a262ecbda857b163c7db5a4b473c5b

        SHA256

        8678396666040b289999e82d1a0bb2175a6b5543922f05394252f7b3e986d0e7

        SHA512

        6f8da1d0c0122c10051a699cd77c1a21864ab14ba1cd485bd6d4c041e45591024254e642d0ae6310a9e1d1ad32e77183a62dab9dfc8ff050cce9e96d398e7ec2

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-core-localization-l1-2-0.dll
        Filesize

        14KB

        MD5

        a5ef3ecb8ece8f31bfe429316281d64b

        SHA1

        13b0679242a262ecbda857b163c7db5a4b473c5b

        SHA256

        8678396666040b289999e82d1a0bb2175a6b5543922f05394252f7b3e986d0e7

        SHA512

        6f8da1d0c0122c10051a699cd77c1a21864ab14ba1cd485bd6d4c041e45591024254e642d0ae6310a9e1d1ad32e77183a62dab9dfc8ff050cce9e96d398e7ec2

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-core-processthreads-l1-1-1.dll
        Filesize

        11KB

        MD5

        a37708eae8e652d16c4af5895cdd3a3d

        SHA1

        94e478d6568f07603e4d509e374b72a5c8b5ec7c

        SHA256

        abe2a6d988bfabb567874495f7fce79878967ccc00fea759597861f3fc73e349

        SHA512

        aa63684bc29bc4eb16a024944a02f4a55a595d7a651f56716ebc635d91474dcf1ed758a9218401ec1ea6610aa881036c3675909f14a37bcc4bd7157da44e21fc

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-core-processthreads-l1-1-1.dll
        Filesize

        11KB

        MD5

        a37708eae8e652d16c4af5895cdd3a3d

        SHA1

        94e478d6568f07603e4d509e374b72a5c8b5ec7c

        SHA256

        abe2a6d988bfabb567874495f7fce79878967ccc00fea759597861f3fc73e349

        SHA512

        aa63684bc29bc4eb16a024944a02f4a55a595d7a651f56716ebc635d91474dcf1ed758a9218401ec1ea6610aa881036c3675909f14a37bcc4bd7157da44e21fc

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-core-timezone-l1-1-0.dll
        Filesize

        11KB

        MD5

        14d9b19e5b801439fe7f34e195b30306

        SHA1

        8e3c156e9c2fa7054d0456ff8f7e3104fb2694fe

        SHA256

        2004a8a13c016c92b63404b882ad945f21a86e36000b9cb5ba24cf3acedb0de3

        SHA512

        1bb0d5eb3a8fd3173da0f5df1f8d9ae045ce2a21dc73bb2af4b57e537d0b8761711527fedcbc2378b8df300baa317ed2608952de0cad3eb37a9886645f6d94db

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-core-timezone-l1-1-0.dll
        Filesize

        11KB

        MD5

        14d9b19e5b801439fe7f34e195b30306

        SHA1

        8e3c156e9c2fa7054d0456ff8f7e3104fb2694fe

        SHA256

        2004a8a13c016c92b63404b882ad945f21a86e36000b9cb5ba24cf3acedb0de3

        SHA512

        1bb0d5eb3a8fd3173da0f5df1f8d9ae045ce2a21dc73bb2af4b57e537d0b8761711527fedcbc2378b8df300baa317ed2608952de0cad3eb37a9886645f6d94db

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-crt-convert-l1-1-0.dll
        Filesize

        14KB

        MD5

        88f89d0f2bd5748ed1af75889e715e6a

        SHA1

        8ada489b9ff33530a3fb7161cc07b5b11dfb8909

        SHA256

        02c78781bf6cc5f22a0ecedc3847bfd20bed4065ac028c386d063dc2318c33cc

        SHA512

        1f5a00284ca1d6dc6ae2dfce306febfa6d7d71d421583e4ce6890389334c2d98291e98e992b58136f5d1a41590553e3ad42fb362247ae8adf60e33397afbb5df

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-crt-environment-l1-1-0.dll
        Filesize

        11KB

        MD5

        0979785e3ef8137cdd47c797adcb96e3

        SHA1

        4051c6eb37a4c0dba47b58301e63df76bff347dd

        SHA256

        d5164aecde4523ffa2dcfd0315b49428ac220013132ad48422a8ea4ca2361257

        SHA512

        e369bc53babd327f5d1b9833c0b8d6c7e121072ad81d4ba1fb3e2679f161fb6a9fa2fca0df0bac532fd439beb0d754583582d1dbfeccf2d38cc4f3bdca39b52d

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-crt-filesystem-l1-1-0.dll
        Filesize

        12KB

        MD5

        a1b6cebd3d7a8b25b9a9cbc18d03a00c

        SHA1

        5516de099c49e0e6d1224286c3dc9b4d7985e913

        SHA256

        162ccf78fa5a4a2ee380f72fbd54d17a73c929a76f6e3659f537fa8f42602362

        SHA512

        a322fb09e6faaff0daabb4f0284e4e90ccacff27161dbfd77d39a9a93dbf30069b9d86bf15a07fc2006a55af2c35cd8ea544895c93e2e1697c51f2dafad5a9d7

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-crt-heap-l1-1-0.dll
        Filesize

        11KB

        MD5

        a6a9dfb31be2510f6dbfedd476c6d15a

        SHA1

        cdb6d8bd1fbd1c71d85437cff55ddeb76139dbe7

        SHA256

        150d32b77b2d7f49c8d4f44b64a90d7a0f9df0874a80fc925daf298b038a8e4c

        SHA512

        b4f0e8fa148fac8a94e04bf4b44f2a26221d943cc399e7f48745ed46e8b58c52d9126110cdf868ebb723423fb0e304983d24fe6608d3757a43ad741bddb3b7ec

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-crt-heap-l1-1-0.dll
        Filesize

        11KB

        MD5

        a6a9dfb31be2510f6dbfedd476c6d15a

        SHA1

        cdb6d8bd1fbd1c71d85437cff55ddeb76139dbe7

        SHA256

        150d32b77b2d7f49c8d4f44b64a90d7a0f9df0874a80fc925daf298b038a8e4c

        SHA512

        b4f0e8fa148fac8a94e04bf4b44f2a26221d943cc399e7f48745ed46e8b58c52d9126110cdf868ebb723423fb0e304983d24fe6608d3757a43ad741bddb3b7ec

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-crt-locale-l1-1-0.dll
        Filesize

        11KB

        MD5

        755d68cb04411f8c6f86842484b6e38b

        SHA1

        60fc150591e644eaa14d77e6bdedf125f94c14fd

        SHA256

        7e659c94c28f575d8ac20add7cecf421136ff19ce91916d255dc98b5ba16d57b

        SHA512

        b0cc16effb8fbc26bf58e121836e1d95d25e0438b16a21001e6e61173108d206355145d7ac005fd40e40a2ae3bccf24685844322af667754e6d057ba073d5b61

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-crt-math-l1-1-0.dll
        Filesize

        21KB

        MD5

        461d5af3277efb5f000b9df826581b80

        SHA1

        935b00c88c2065f98746e2b4353d4369216f1812

        SHA256

        f9ce464b89dd8ea1d5e0b852369fe3a8322b4b9860e5ae401c9a3b797aed17bf

        SHA512

        229bf31a1de1e84cf238a0dfe0c3a13fee86da94d611fbc8fdb65086dee6a8b1a6ba37c44c5826c3d8cfa120d0fba9e690d31c5b4e73f98c8362b98be1ee9600

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-crt-runtime-l1-1-0.dll
        Filesize

        16KB

        MD5

        b3b04c457159e1a174eee384eb8deec7

        SHA1

        09971b91bf45ae9f84475c6565aaf1c40b34079d

        SHA256

        59d0de4eecdb196d8be3856894967f38fea60d3afdd2d42ee7dd61d4638680fd

        SHA512

        e28bdd2a889110e6235f02eb50ee7da2c49dc7dd8373077518f82bc9fd42bf915fedac9ba0dd2b702879da2e8ab99840b7c65011d66a4a296eb8afc3930531c0

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-crt-runtime-l1-1-0.dll
        Filesize

        16KB

        MD5

        b3b04c457159e1a174eee384eb8deec7

        SHA1

        09971b91bf45ae9f84475c6565aaf1c40b34079d

        SHA256

        59d0de4eecdb196d8be3856894967f38fea60d3afdd2d42ee7dd61d4638680fd

        SHA512

        e28bdd2a889110e6235f02eb50ee7da2c49dc7dd8373077518f82bc9fd42bf915fedac9ba0dd2b702879da2e8ab99840b7c65011d66a4a296eb8afc3930531c0

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-crt-stdio-l1-1-0.dll
        Filesize

        16KB

        MD5

        5765103e1f5412c43295bd752ccaea03

        SHA1

        6913bf1624599e55680a0292e22c89cab559db81

        SHA256

        8f7ace43040fa86e972cc74649d3e643d21e4cad6cb86ba78d4c059ed35d95e4

        SHA512

        5844ac30bc73b7ffba75016abefb8a339e2f2822fc6e1441f33f70b6eb7114f828167dfc34527b0fb5460768c4de7250c655bc56efd8ba03115cd2dd6f6c91c0

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-crt-string-l1-1-0.dll
        Filesize

        17KB

        MD5

        a18e20d0362d9da9a4ed8038938c5d74

        SHA1

        bb07e6e5149ec644eedb850f41039c558c670e4c

        SHA256

        6f7d536bc81d5a395d8b52f4bd448e36349b8ad4854df5e90e55700487ffaf92

        SHA512

        dbf8eb5a2069d248305f0c4e61bf1d718b47dfff539cae37ceb47ad73dae431c96d705fa1b17d85cdb984de89c01e38c12e9e7454519f5723550d2af5e4110f6

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-crt-time-l1-1-0.dll
        Filesize

        13KB

        MD5

        f575a0246f350985fa8f320c1fb988e4

        SHA1

        a3673d65222205372abcd05bfc1c660d704a16dd

        SHA256

        49fc5116b92695b2437c36d17ffdc5fbde99cf3e48ddc9c1a4beb0e396f0d950

        SHA512

        4b06e54d83e5b42761d16c26a6c19a8a611ae165de94d9d2b8d98915030c0512b068e5c08fcc78cea6fae71d16d29b45bb9a248adf88f5132cea6bed062ed60e

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\api-ms-win-crt-utility-l1-1-0.dll
        Filesize

        11KB

        MD5

        3dfb82541979a23a9deb5fd4dcfb6b22

        SHA1

        5da1d02b764917b38fdc34f4b41fb9a599105dd9

        SHA256

        0cd6d0ff0ff5ecf973f545e98b68ac6038db5494a8990c3b77b8a95b664b6feb

        SHA512

        f9a20b3d44d39d941fa131c3a1db37614a2f9b2af7260981a0f72c69f82a5326901f70a56b5f7ad65862630fce59b02f650a132ee7ecfe2e4fc80f694483ca82

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\libcui40.dll
        Filesize

        125KB

        MD5

        a43453dc3f04860653ff23db54f91f0d

        SHA1

        17877adc35e03eb2e7f7a90281a97067a839b70d

        SHA256

        55135de67a5816c6622ae671c934d5a2bfac1b8f3f09083f64a3ae5997bfbfdf

        SHA512

        8b97417f00175408eaf348cd2315f954609b98434337c2d822b9e0f11d2d249c584ef8e58fc33ffbd107ef56581964735a62801096779a9f43899e69fd8d9a66

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\libcui40.dll
        Filesize

        125KB

        MD5

        a43453dc3f04860653ff23db54f91f0d

        SHA1

        17877adc35e03eb2e7f7a90281a97067a839b70d

        SHA256

        55135de67a5816c6622ae671c934d5a2bfac1b8f3f09083f64a3ae5997bfbfdf

        SHA512

        8b97417f00175408eaf348cd2315f954609b98434337c2d822b9e0f11d2d249c584ef8e58fc33ffbd107ef56581964735a62801096779a9f43899e69fd8d9a66

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\msvcp140.dll
        Filesize

        439KB

        MD5

        5ff1fca37c466d6723ec67be93b51442

        SHA1

        34cc4e158092083b13d67d6d2bc9e57b798a303b

        SHA256

        5136a49a682ac8d7f1ce71b211de8688fce42ed57210af087a8e2dbc8a934062

        SHA512

        4802ef62630c521d83a1d333969593fb00c9b38f82b4d07f70fbd21f495fea9b3f67676064573d2c71c42bc6f701992989742213501b16087bb6110e337c7546

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\msvcp140.dll
        Filesize

        439KB

        MD5

        5ff1fca37c466d6723ec67be93b51442

        SHA1

        34cc4e158092083b13d67d6d2bc9e57b798a303b

        SHA256

        5136a49a682ac8d7f1ce71b211de8688fce42ed57210af087a8e2dbc8a934062

        SHA512

        4802ef62630c521d83a1d333969593fb00c9b38f82b4d07f70fbd21f495fea9b3f67676064573d2c71c42bc6f701992989742213501b16087bb6110e337c7546

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\ucrtbase.dll
        Filesize

        1.1MB

        MD5

        2040cdcd779bbebad36d36035c675d99

        SHA1

        918bc19f55e656f6d6b1e4713604483eb997ea15

        SHA256

        2ad9a105a9caa24f41e7b1a6f303c07e6faeceaf3aaf43ebd644d9d5746a4359

        SHA512

        83dc3c7e35f0f83e1224505d04cdbaee12b7ea37a2c3367cb4fccc4fff3e5923cf8a79dd513c33a667d8231b1cc6cfb1e33f957d92e195892060a22f53c7532f

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\ucrtbase.dll
        Filesize

        1.1MB

        MD5

        2040cdcd779bbebad36d36035c675d99

        SHA1

        918bc19f55e656f6d6b1e4713604483eb997ea15

        SHA256

        2ad9a105a9caa24f41e7b1a6f303c07e6faeceaf3aaf43ebd644d9d5746a4359

        SHA512

        83dc3c7e35f0f83e1224505d04cdbaee12b7ea37a2c3367cb4fccc4fff3e5923cf8a79dd513c33a667d8231b1cc6cfb1e33f957d92e195892060a22f53c7532f

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\vcruntime140.dll
        Filesize

        78KB

        MD5

        a37ee36b536409056a86f50e67777dd7

        SHA1

        1cafa159292aa736fc595fc04e16325b27cd6750

        SHA256

        8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825

        SHA512

        3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356

        Download Submit

      • \Users\Admin\AppData\Roaming\GreatSim\Milling\vcruntime140.dll
        Filesize

        78KB

        MD5

        a37ee36b536409056a86f50e67777dd7

        SHA1

        1cafa159292aa736fc595fc04e16325b27cd6750

        SHA256

        8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825

        SHA512

        3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356

        Download Submit

      • memory/656-123-0x0000000002E60000-0x0000000006060000-memory.dmp

        Filesize

        50.0MB

        Download

      • memory/656-124-0x0000000000830000-0x0000000000843000-memory.dmp

        Filesize

        76KB

        Download

      • memory/1344-54-0x00000000759C1000-0x00000000759C3000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1448-108-0x0000000002EC0000-0x00000000060C0000-memory.dmp

        Filesize

        50.0MB

        Download

      • memory/1700-134-0x000007FEFC4C1000-0x000007FEFC4C3000-memory.dmp

        Filesize

        8KB

        Download