Overview

overview

8

Static

static

3

setup.exe

windows7-x64

8

setup.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    101s
  • max time network
    115s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    09-07-2023 08:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    setup.exe

  • Size

    3.6MB

  • MD5

    002247f32f0e872ff49e942af8c03456

  • SHA1

    7feb5b75364a96cafb33055366ea326277332383

  • SHA256

    20739f8c131cffdedb5405d6c5be6c4bc6ad6b81a8ddecfa77589cf376ddb555

  • SHA512

    2eff240f26edafbe79c561a64aeee49da777073918cef7f98d25b6768718dc6f8c710ee493c0083e5d028f7b39f750c98eb61ff0b3576f066b364c02d18f351c

  • SSDEEP

    98304:Z9u3lllb+hb1oFj6seR8NrRV4DP5tj6RRTrLs+MsfUXAaIJ/iOp1X:4FaCdva8NtgRtj6Rq1KKOpB

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 16 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 17 IoCs
  • Drops file in Windows directory 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 47 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 57 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\setup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\Users\Admin\AppData\Local\Temp\is-UT0EI.tmp\setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-UT0EI.tmp\setup.tmp" /SL5="$90122,3566837,58368,C:\Users\Admin\AppData\Local\Temp\setup.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2340
      • C:\Windows\SysWOW64\regsvr32.exe
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Automatically Free RAM (Memory) Software\Comdlg32.ocx"
        3⤵
        • Loads dropped DLL
        • Modifies registry class
        PID:1516
      • C:\Windows\SysWOW64\regsvr32.exe
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Automatically Free RAM (Memory) Software\mscomctl.ocx"
        3⤵
        • Loads dropped DLL
        • Modifies registry class
        PID:1532
      • C:\Windows\SysWOW64\regsvr32.exe
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Automatically Free RAM (Memory) Software\RICHTX32.OCX"
        3⤵
        • Loads dropped DLL
        • Modifies registry class
        PID:2168
      • C:\Windows\SysWOW64\regsvr32.exe
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Automatically Free RAM (Memory) Software\x\sbls.ocx"
        3⤵
        • Loads dropped DLL
        • Modifies registry class
        PID:1680
      • C:\Windows\SysWOW64\regsvr32.exe
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Automatically Free RAM (Memory) Software\x\sblc.ocx"
        3⤵
        • Loads dropped DLL
        • Modifies registry class
        PID:1856
      • C:\Windows\SysWOW64\msiexec.exe
        "msiexec.exe" /i "C:\Program Files (x86)\Automatically Free RAM (Memory) Software\tscc.msi" /qn
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2956
      • C:\Program Files (x86)\Automatically Free RAM (Memory) Software\Automatically Free RAM (Memory) Software.exe
        "C:\Program Files (x86)\Automatically Free RAM (Memory) Software\Automatically Free RAM (Memory) Software.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:2024
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Program Files (x86)\Automatically Free RAM (Memory) Software\Video\How To Use Automatically Free RAM (Memory) Software - Reduced.avi"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:2952
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3000
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2092

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\6d5b2e.rbs
    Filesize

    10KB

    MD5

    b489462e8afa795adcb6cf5440ef2142

    SHA1

    9463b8e3f9f9099999de62c71b3c6db56ae66c7c

    SHA256

    7a5ac6e4d581e0e16b11820996b649f681edf5ada3b0c761c4451f4b411f63f7

    SHA512

    9588d4099d2a57cc3627d863ce3170515f559f0812fa95326dfc7ed38d68280a481546f0bcac2375bff102f51f115344f4a87bc7c98a1b3304bf365562e1a84d

    Download Submit

  • C:\Program Files (x86)\Automatically Free RAM (Memory) Software\Automatically Free RAM (Memory) Software.exe
    Filesize

    816KB

    MD5

    965ca79fa2f33b64cfde8291e8137862

    SHA1

    19c939fa0e2cc41eaa08f14157bc5c8301be6a9c

    SHA256

    f8951365b9a0854a3f92766c09cc5ea73af5557f581fafa968304abdfaadd539

    SHA512

    d59ef5c3c1e7f271c3db0493ecf5c893a33ac6f96b8eb214326a0a63c30cd8aa8680ab5cbd38a4e402441f064954d1403a29eab231c069d0e35c8a7bb3c07fbc

    Download Submit

  • C:\Program Files (x86)\Automatically Free RAM (Memory) Software\Automatically Free RAM (Memory) Software.exe
    Filesize

    816KB

    MD5

    965ca79fa2f33b64cfde8291e8137862

    SHA1

    19c939fa0e2cc41eaa08f14157bc5c8301be6a9c

    SHA256

    f8951365b9a0854a3f92766c09cc5ea73af5557f581fafa968304abdfaadd539

    SHA512

    d59ef5c3c1e7f271c3db0493ecf5c893a33ac6f96b8eb214326a0a63c30cd8aa8680ab5cbd38a4e402441f064954d1403a29eab231c069d0e35c8a7bb3c07fbc

    Download Submit

  • C:\Program Files (x86)\Automatically Free RAM (Memory) Software\Automatically Free RAM (Memory) Software.exe
    Filesize

    816KB

    MD5

    965ca79fa2f33b64cfde8291e8137862

    SHA1

    19c939fa0e2cc41eaa08f14157bc5c8301be6a9c

    SHA256

    f8951365b9a0854a3f92766c09cc5ea73af5557f581fafa968304abdfaadd539

    SHA512

    d59ef5c3c1e7f271c3db0493ecf5c893a33ac6f96b8eb214326a0a63c30cd8aa8680ab5cbd38a4e402441f064954d1403a29eab231c069d0e35c8a7bb3c07fbc

    Download Submit

  • C:\Program Files (x86)\Automatically Free RAM (Memory) Software\Comdlg32.ocx
    Filesize

    137KB

    MD5

    d76f0eab36f83a31d411aeaf70da7396

    SHA1

    9bc145b54500fb6fbea9be61fbdd90f65fd1bc14

    SHA256

    46f4fdb12c30742ff4607876d2f36cf432cdc7ec3d2c99097011448fc57e997c

    SHA512

    9c22bc6b2e7dbcd344809085894b768cfa76e8512062c5bbf3caeaa2771c6b7ce128bd5a0b6e385a5da777d0d822a5b2191773cc0ddb05abe1fa935fa853d79d

    Download Submit

  • C:\Program Files (x86)\Automatically Free RAM (Memory) Software\HAND-M.CUR
    Filesize

    326B

    MD5

    36af4bd3e963bb6d681c3e043c06f504

    SHA1

    7a1c7a8646f6e47f38dfdd3874ca90c05d52507c

    SHA256

    87bfef52971132ff30f7713898a8e729e6f54976eff957e47507f14469455976

    SHA512

    6a6a4780b82b5539c6abad1dbd94c562e0e67250639649acbb2079963af8e740a6fd02e5717b61d4b21c5c06d16055e2cb55c052281be4fb706ab625ca8d21c8

    Download Submit

  • C:\Program Files (x86)\Automatically Free RAM (Memory) Software\RICHTX32.OCX
    Filesize

    207KB

    MD5

    045a16822822426c305ea7280270a3d6

    SHA1

    43075b6696bb2d2f298f263971d4d3e48aa4f561

    SHA256

    318cc48cbcfaba9592956e4298886823cc5f37626c770d6dadbcd224849680c5

    SHA512

    5a042ff0a05421fb01e0a95a8b62f3ce81f90330daed78f09c7d5d2abcb822a2fe99d00494c3ddd96226287fae51367e264b48b2831a8c080916ce18c0a675fa

    Download Submit

  • C:\Program Files (x86)\Automatically Free RAM (Memory) Software\Video\How To Use Automatically Free RAM (Memory) Software - Reduced.avi
    Filesize

    3.2MB

    MD5

    4447c353293a61cbe6ec81944339bd17

    SHA1

    e66357d11f892a62792ef25f34d504b7235716be

    SHA256

    49813a4d5d90077ed162f3cc0aa080889fcfde519be01b5457578a8e61935f2b

    SHA512

    8915d94868cf151af37124d24e225aac08e9cf5267ca67e23702b0f87e87e66e25848f619baeda082f6489c7af960ceb3655db93190d54ff9687eb4857ade88f

    Download Submit

  • C:\Program Files (x86)\Automatically Free RAM (Memory) Software\icon256.gif
    Filesize

    23KB

    MD5

    351f3273f5a130a790ba65710bb0bc16

    SHA1

    76f9851a4919adcaf1d48f2d303b7911e0bdfcc7

    SHA256

    2deac4ba663469cf05abb6f811f03bb65a778d57a572ccad0897b0b25bbbc6b1

    SHA512

    eb49ce1a119baead21d8f848cc144f6f971f4c13b2e2bfac08ffaceebb7b34810bc82df106df6e56567697b5f38913df83ff1c4eee7897c9fa705cce51e2c581

    Download Submit

  • C:\Program Files (x86)\Automatically Free RAM (Memory) Software\mscomctl.ocx
    Filesize

    1.0MB

    MD5

    ecc7d7f0d3446de36045d1d9e964fafe

    SHA1

    da6b0ec081d628c33b150327f3bd16d3b7fa4729

    SHA256

    bc58d624ceea02ab086f1cce809c992bf5a7105e88931853317a2f5aa5afd6e4

    SHA512

    443de697be9886cd97235e6468f3a7f6bf11612711e54dba31431b0d9418672e1434e839ed50cacf28107f692f0c9d9d2f57d90e3a843d81015d459c180db632

    Download Submit

  • C:\Program Files (x86)\Automatically Free RAM (Memory) Software\tscc.msi
    Filesize

    1.1MB

    MD5

    4aed7e99bb205047ff34e17789fee270

    SHA1

    5d3156bce5b2d99d29c97ed4bee416e1fa33cef5

    SHA256

    bdfff4f46c2299c4606b19243efa267d99185aaf539d9e29bf9c98c229b3f6eb

    SHA512

    c7964800c53a99ca702c724c5baa14d8f4432fa4143496d3f65f4c2e5acc8e0d45369b7d33553290990e1f5cf50139768774cdca5b75d60a3afd1b05e97d48ee

    Download Submit

  • C:\Program Files (x86)\Automatically Free RAM (Memory) Software\x\o.cjs
    Filesize

    529KB

    MD5

    663ce82c52435d68e20910f6a7252725

    SHA1

    ef6719db6ec6209dd832d0a336ddccef87343a4d

    SHA256

    b097cc6db98c456381b1c2f5e4827dde3480c2f0e9561cae81d33d5efd8104ed

    SHA512

    86be243024e0c055d13516c8568090f3fc5347fd0d6764be8c64f08c753c1f3cc4db00af5c2746e97c74e2f01292b5bcc855a2b94b8cb95cacfd53dd66b28fa0

    Download Submit

  • C:\Program Files (x86)\Automatically Free RAM (Memory) Software\x\sblc.ocx
    Filesize

    1.7MB

    MD5

    ce01a4dba630802c3b57f5c383f0c418

    SHA1

    1a6c2f58a0870d3dde64eec668404a328c135fdc

    SHA256

    0c9e0d800c941ac780c77f105b3cd5641aeed56e40aef1c6e0e26b607a7a899c

    SHA512

    479defbb1b7b2b7b389d7dc70c0b902414925243fa55c62efba8ef019459c54074d81dde183f91dc2410a52afba29fb5babf43a3585e5cc57016ec133daa1efb

    Download Submit

  • C:\Program Files (x86)\Automatically Free RAM (Memory) Software\x\sbls.ocx
    Filesize

    545KB

    MD5

    f5dc31c9f74358c3121eb3b55bc301dd

    SHA1

    752444e4c78bb1c7e9a3de0b5694e67bdeb25d7c

    SHA256

    b3d054482d112e595c19a8d10d71d231217b0ca5c209db51e8114f55ea2de8a0

    SHA512

    b9d114e5da392db735f1ba63088412c00ec722ca52d4c47f7076b3bb70d58ce394471b703ca77c8c31c7b635804a44060560cd22002c8aac55c121dfc6bed0c0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5BAA.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5E2D.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-UT0EI.tmp\setup.tmp
    Filesize

    702KB

    MD5

    1afbd25db5c9a90fe05309f7c4fbcf09

    SHA1

    baf330b5c249ca925b4ea19a52fe8b2c27e547fa

    SHA256

    3bb0ee5569fe5453c6b3fa25aa517b925d4f8d1f7ba3475e58fa09c46290658c

    SHA512

    3a448f06862c6d163fd58b68b836d866ae513e04a69774abf5a0c5b7df74f5b9ee37240083760185618c5068bf93e7fd812e76b3e530639111fb1d74f4d28419

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-UT0EI.tmp\setup.tmp
    Filesize

    702KB

    MD5

    1afbd25db5c9a90fe05309f7c4fbcf09

    SHA1

    baf330b5c249ca925b4ea19a52fe8b2c27e547fa

    SHA256

    3bb0ee5569fe5453c6b3fa25aa517b925d4f8d1f7ba3475e58fa09c46290658c

    SHA512

    3a448f06862c6d163fd58b68b836d866ae513e04a69774abf5a0c5b7df74f5b9ee37240083760185618c5068bf93e7fd812e76b3e530639111fb1d74f4d28419

    Download Submit

  • C:\Windows\Installer\6d5b2b.msi
    Filesize

    1.1MB

    MD5

    4aed7e99bb205047ff34e17789fee270

    SHA1

    5d3156bce5b2d99d29c97ed4bee416e1fa33cef5

    SHA256

    bdfff4f46c2299c4606b19243efa267d99185aaf539d9e29bf9c98c229b3f6eb

    SHA512

    c7964800c53a99ca702c724c5baa14d8f4432fa4143496d3f65f4c2e5acc8e0d45369b7d33553290990e1f5cf50139768774cdca5b75d60a3afd1b05e97d48ee

    Download Submit

  • \Program Files (x86)\Automatically Free RAM (Memory) Software\Automatically Free RAM (Memory) Software.exe
    Filesize

    816KB

    MD5

    965ca79fa2f33b64cfde8291e8137862

    SHA1

    19c939fa0e2cc41eaa08f14157bc5c8301be6a9c

    SHA256

    f8951365b9a0854a3f92766c09cc5ea73af5557f581fafa968304abdfaadd539

    SHA512

    d59ef5c3c1e7f271c3db0493ecf5c893a33ac6f96b8eb214326a0a63c30cd8aa8680ab5cbd38a4e402441f064954d1403a29eab231c069d0e35c8a7bb3c07fbc

    Download Submit

  • \Program Files (x86)\Automatically Free RAM (Memory) Software\Automatically Free RAM (Memory) Software.exe
    Filesize

    816KB

    MD5

    965ca79fa2f33b64cfde8291e8137862

    SHA1

    19c939fa0e2cc41eaa08f14157bc5c8301be6a9c

    SHA256

    f8951365b9a0854a3f92766c09cc5ea73af5557f581fafa968304abdfaadd539

    SHA512

    d59ef5c3c1e7f271c3db0493ecf5c893a33ac6f96b8eb214326a0a63c30cd8aa8680ab5cbd38a4e402441f064954d1403a29eab231c069d0e35c8a7bb3c07fbc

    Download Submit

  • \Program Files (x86)\Automatically Free RAM (Memory) Software\Automatically Free RAM (Memory) Software.exe
    Filesize

    816KB

    MD5

    965ca79fa2f33b64cfde8291e8137862

    SHA1

    19c939fa0e2cc41eaa08f14157bc5c8301be6a9c

    SHA256

    f8951365b9a0854a3f92766c09cc5ea73af5557f581fafa968304abdfaadd539

    SHA512

    d59ef5c3c1e7f271c3db0493ecf5c893a33ac6f96b8eb214326a0a63c30cd8aa8680ab5cbd38a4e402441f064954d1403a29eab231c069d0e35c8a7bb3c07fbc

    Download Submit

  • \Program Files (x86)\Automatically Free RAM (Memory) Software\Automatically Free RAM (Memory) Software.exe
    Filesize

    816KB

    MD5

    965ca79fa2f33b64cfde8291e8137862

    SHA1

    19c939fa0e2cc41eaa08f14157bc5c8301be6a9c

    SHA256

    f8951365b9a0854a3f92766c09cc5ea73af5557f581fafa968304abdfaadd539

    SHA512

    d59ef5c3c1e7f271c3db0493ecf5c893a33ac6f96b8eb214326a0a63c30cd8aa8680ab5cbd38a4e402441f064954d1403a29eab231c069d0e35c8a7bb3c07fbc

    Download Submit

  • \Program Files (x86)\Automatically Free RAM (Memory) Software\Comdlg32.ocx
    Filesize

    137KB

    MD5

    d76f0eab36f83a31d411aeaf70da7396

    SHA1

    9bc145b54500fb6fbea9be61fbdd90f65fd1bc14

    SHA256

    46f4fdb12c30742ff4607876d2f36cf432cdc7ec3d2c99097011448fc57e997c

    SHA512

    9c22bc6b2e7dbcd344809085894b768cfa76e8512062c5bbf3caeaa2771c6b7ce128bd5a0b6e385a5da777d0d822a5b2191773cc0ddb05abe1fa935fa853d79d

    Download Submit

  • \Program Files (x86)\Automatically Free RAM (Memory) Software\Comdlg32.ocx
    Filesize

    137KB

    MD5

    d76f0eab36f83a31d411aeaf70da7396

    SHA1

    9bc145b54500fb6fbea9be61fbdd90f65fd1bc14

    SHA256

    46f4fdb12c30742ff4607876d2f36cf432cdc7ec3d2c99097011448fc57e997c

    SHA512

    9c22bc6b2e7dbcd344809085894b768cfa76e8512062c5bbf3caeaa2771c6b7ce128bd5a0b6e385a5da777d0d822a5b2191773cc0ddb05abe1fa935fa853d79d

    Download Submit

  • \Program Files (x86)\Automatically Free RAM (Memory) Software\RICHTX32.OCX
    Filesize

    207KB

    MD5

    045a16822822426c305ea7280270a3d6

    SHA1

    43075b6696bb2d2f298f263971d4d3e48aa4f561

    SHA256

    318cc48cbcfaba9592956e4298886823cc5f37626c770d6dadbcd224849680c5

    SHA512

    5a042ff0a05421fb01e0a95a8b62f3ce81f90330daed78f09c7d5d2abcb822a2fe99d00494c3ddd96226287fae51367e264b48b2831a8c080916ce18c0a675fa

    Download Submit

  • \Program Files (x86)\Automatically Free RAM (Memory) Software\RICHTX32.OCX
    Filesize

    207KB

    MD5

    045a16822822426c305ea7280270a3d6

    SHA1

    43075b6696bb2d2f298f263971d4d3e48aa4f561

    SHA256

    318cc48cbcfaba9592956e4298886823cc5f37626c770d6dadbcd224849680c5

    SHA512

    5a042ff0a05421fb01e0a95a8b62f3ce81f90330daed78f09c7d5d2abcb822a2fe99d00494c3ddd96226287fae51367e264b48b2831a8c080916ce18c0a675fa

    Download Submit

  • \Program Files (x86)\Automatically Free RAM (Memory) Software\mscomctl.ocx
    Filesize

    1.0MB

    MD5

    ecc7d7f0d3446de36045d1d9e964fafe

    SHA1

    da6b0ec081d628c33b150327f3bd16d3b7fa4729

    SHA256

    bc58d624ceea02ab086f1cce809c992bf5a7105e88931853317a2f5aa5afd6e4

    SHA512

    443de697be9886cd97235e6468f3a7f6bf11612711e54dba31431b0d9418672e1434e839ed50cacf28107f692f0c9d9d2f57d90e3a843d81015d459c180db632

    Download Submit

  • \Program Files (x86)\Automatically Free RAM (Memory) Software\unins000.exe
    Filesize

    713KB

    MD5

    8fd7c01a85e2fe59a80bb9edd47d3bcb

    SHA1

    77b54aa483dd2604f33b7470b397adc7122fcb52

    SHA256

    219515da485c5d95dbd53fee92adfe8ff72c234751e816da62a492abc4dd4754

    SHA512

    91c8a1e35c683224184ee5e9f9ecee7ef4621ce5dea023d9063a0023db8e46f41d6d5f08cc5d0ba0962560b1620c25b289f528b459fe55510d45d5431b7e3342

    Download Submit

  • \Program Files (x86)\Automatically Free RAM (Memory) Software\x\o.cjs
    Filesize

    529KB

    MD5

    663ce82c52435d68e20910f6a7252725

    SHA1

    ef6719db6ec6209dd832d0a336ddccef87343a4d

    SHA256

    b097cc6db98c456381b1c2f5e4827dde3480c2f0e9561cae81d33d5efd8104ed

    SHA512

    86be243024e0c055d13516c8568090f3fc5347fd0d6764be8c64f08c753c1f3cc4db00af5c2746e97c74e2f01292b5bcc855a2b94b8cb95cacfd53dd66b28fa0

    Download Submit

  • \Program Files (x86)\Automatically Free RAM (Memory) Software\x\sblc.ocx
    Filesize

    1.7MB

    MD5

    ce01a4dba630802c3b57f5c383f0c418

    SHA1

    1a6c2f58a0870d3dde64eec668404a328c135fdc

    SHA256

    0c9e0d800c941ac780c77f105b3cd5641aeed56e40aef1c6e0e26b607a7a899c

    SHA512

    479defbb1b7b2b7b389d7dc70c0b902414925243fa55c62efba8ef019459c54074d81dde183f91dc2410a52afba29fb5babf43a3585e5cc57016ec133daa1efb

    Download Submit

  • \Program Files (x86)\Automatically Free RAM (Memory) Software\x\sblc.ocx
    Filesize

    1.7MB

    MD5

    ce01a4dba630802c3b57f5c383f0c418

    SHA1

    1a6c2f58a0870d3dde64eec668404a328c135fdc

    SHA256

    0c9e0d800c941ac780c77f105b3cd5641aeed56e40aef1c6e0e26b607a7a899c

    SHA512

    479defbb1b7b2b7b389d7dc70c0b902414925243fa55c62efba8ef019459c54074d81dde183f91dc2410a52afba29fb5babf43a3585e5cc57016ec133daa1efb

    Download Submit

  • \Program Files (x86)\Automatically Free RAM (Memory) Software\x\sbls.ocx
    Filesize

    545KB

    MD5

    f5dc31c9f74358c3121eb3b55bc301dd

    SHA1

    752444e4c78bb1c7e9a3de0b5694e67bdeb25d7c

    SHA256

    b3d054482d112e595c19a8d10d71d231217b0ca5c209db51e8114f55ea2de8a0

    SHA512

    b9d114e5da392db735f1ba63088412c00ec722ca52d4c47f7076b3bb70d58ce394471b703ca77c8c31c7b635804a44060560cd22002c8aac55c121dfc6bed0c0

    Download Submit

  • \Program Files (x86)\Automatically Free RAM (Memory) Software\x\sbls.ocx
    Filesize

    545KB

    MD5

    f5dc31c9f74358c3121eb3b55bc301dd

    SHA1

    752444e4c78bb1c7e9a3de0b5694e67bdeb25d7c

    SHA256

    b3d054482d112e595c19a8d10d71d231217b0ca5c209db51e8114f55ea2de8a0

    SHA512

    b9d114e5da392db735f1ba63088412c00ec722ca52d4c47f7076b3bb70d58ce394471b703ca77c8c31c7b635804a44060560cd22002c8aac55c121dfc6bed0c0

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-UT0EI.tmp\setup.tmp
    Filesize

    702KB

    MD5

    1afbd25db5c9a90fe05309f7c4fbcf09

    SHA1

    baf330b5c249ca925b4ea19a52fe8b2c27e547fa

    SHA256

    3bb0ee5569fe5453c6b3fa25aa517b925d4f8d1f7ba3475e58fa09c46290658c

    SHA512

    3a448f06862c6d163fd58b68b836d866ae513e04a69774abf5a0c5b7df74f5b9ee37240083760185618c5068bf93e7fd812e76b3e530639111fb1d74f4d28419

    Download Submit

  • memory/2024-194-0x00000000761A0000-0x0000000076DEA000-memory.dmp

    Filesize

    12.3MB

    Download

  • memory/2024-214-0x0000000075E20000-0x0000000075E9B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/2024-243-0x0000000076E40000-0x0000000076E97000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2024-242-0x0000000074220000-0x00000000742AC000-memory.dmp

    Filesize

    560KB

    Download

  • memory/2024-183-0x0000000072940000-0x0000000072A93000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2024-241-0x0000000075840000-0x00000000758C3000-memory.dmp

    Filesize

    524KB

    Download

  • memory/2024-186-0x0000000075F90000-0x000000007602D000-memory.dmp

    Filesize

    628KB

    Download

  • memory/2024-188-0x0000000075380000-0x0000000075420000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2024-189-0x0000000075480000-0x00000000755DC000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2024-191-0x0000000010000000-0x00000000101B4000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2024-190-0x0000000077090000-0x000000007711F000-memory.dmp

    Filesize

    572KB

    Download

  • memory/2024-192-0x00000000742B0000-0x00000000743CC000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2024-193-0x0000000074220000-0x00000000742AC000-memory.dmp

    Filesize

    560KB

    Download

  • memory/2024-238-0x00000000026D0000-0x0000000002759000-memory.dmp

    Filesize

    548KB

    Download

  • memory/2024-195-0x0000000076E40000-0x0000000076E97000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2024-196-0x00000000217A0000-0x00000000217C3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2024-197-0x0000000027580000-0x0000000027684000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2024-198-0x0000000020000000-0x0000000020032000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2024-199-0x0000000073BC0000-0x0000000073C36000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2024-200-0x0000000075010000-0x0000000075042000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2024-201-0x0000000076030000-0x000000007605A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2024-202-0x00000000026D0000-0x0000000002759000-memory.dmp

    Filesize

    548KB

    Download

  • memory/2024-203-0x0000000075380000-0x0000000075420000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2024-204-0x0000000075480000-0x00000000755DC000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2024-205-0x0000000077090000-0x000000007711F000-memory.dmp

    Filesize

    572KB

    Download

  • memory/2024-208-0x0000000074430000-0x000000007448F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/2024-209-0x0000000075840000-0x00000000758C3000-memory.dmp

    Filesize

    524KB

    Download

  • memory/2024-210-0x00000000761A0000-0x0000000076DEA000-memory.dmp

    Filesize

    12.3MB

    Download

  • memory/2024-211-0x0000000076E40000-0x0000000076E97000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2024-212-0x0000000074190000-0x0000000074214000-memory.dmp

    Filesize

    528KB

    Download

  • memory/2024-213-0x0000000074170000-0x0000000074189000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2024-179-0x00000000026D0000-0x0000000002759000-memory.dmp

    Filesize

    548KB

    Download

  • memory/2024-215-0x0000000074B30000-0x0000000074B39000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2024-216-0x0000000073E50000-0x0000000074090000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2024-217-0x0000000074B10000-0x0000000074B1D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2024-218-0x0000000074100000-0x000000007411C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2024-219-0x0000000073BC0000-0x0000000073C36000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2024-220-0x0000000074DD0000-0x0000000074F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2024-221-0x0000000075010000-0x0000000075042000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2024-224-0x0000000075F90000-0x000000007602D000-memory.dmp

    Filesize

    628KB

    Download

  • memory/2024-225-0x0000000075380000-0x0000000075420000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2024-222-0x00000000026D0000-0x0000000002759000-memory.dmp

    Filesize

    548KB

    Download

  • memory/2024-223-0x0000000072940000-0x0000000072A93000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2024-226-0x0000000077090000-0x000000007711F000-memory.dmp

    Filesize

    572KB

    Download

  • memory/2024-229-0x00000000743D0000-0x000000007440B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/2024-228-0x0000000075840000-0x00000000758C3000-memory.dmp

    Filesize

    524KB

    Download

  • memory/2024-230-0x0000000074AC0000-0x0000000074AD3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2024-231-0x0000000074220000-0x00000000742AC000-memory.dmp

    Filesize

    560KB

    Download

  • memory/2024-232-0x0000000076E40000-0x0000000076E97000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2024-233-0x0000000074190000-0x0000000074214000-memory.dmp

    Filesize

    528KB

    Download

  • memory/2024-235-0x0000000074B10000-0x0000000074B1D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2024-236-0x0000000074DD0000-0x0000000074F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2024-234-0x0000000075E20000-0x0000000075E9B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/2024-237-0x0000000075010000-0x0000000075042000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2024-239-0x0000000075380000-0x0000000075420000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2092-1458-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2092-1459-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2144-54-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2144-187-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2144-63-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2340-185-0x0000000000400000-0x00000000004BF000-memory.dmp

    Filesize

    764KB

    Download

  • memory/2340-163-0x0000000000400000-0x00000000004BF000-memory.dmp

    Filesize

    764KB

    Download

  • memory/2340-64-0x0000000000400000-0x00000000004BF000-memory.dmp

    Filesize

    764KB

    Download

  • memory/2340-62-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download