Analysis Overview
SHA256
d4d4aa7d621379645d28f3a16b3ba41b971216869f5448ea5c1fc2e78cfecb26
Threat Level: Known bad
The file d4d4aa7d621379645d28f3a16b3ba41b971216869f5448ea5c1fc2e78cfecb26 was found to be: Known bad.
Malicious Activity Summary
OutSteel
Babadeda Crypter
Babadeda
Checks computer location settings
Reads user/profile data of web browsers
Loads dropped DLL
Executes dropped EXE
Enumerates connected drives
Blocklisted process makes network request
AutoIT Executable
Drops file in Windows directory
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Modifies system certificate store
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-04-10 14:21
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-10 14:21
Reported
2024-04-10 14:24
Platform
win10v2004-20240226-en
Max time kernel
175s
Max time network
188s
Command Line
Signatures
Babadeda
Babadeda Crypter
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
OutSteel
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit\mathparser.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit\mathparser.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d4d4aa7d621379645d28f3a16b3ba41b971216869f5448ea5c1fc2e78cfecb26.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d4d4aa7d621379645d28f3a16b3ba41b971216869f5448ea5c1fc2e78cfecb26.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d4d4aa7d621379645d28f3a16b3ba41b971216869f5448ea5c1fc2e78cfecb26.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit\mathparser.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit\mathparser.exe | N/A |
Reads user/profile data of web browsers
Enumerates connected drives
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI31E8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3307.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{425BB945-9C92-4B02-8A29-3C8B61D886E2} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e583033.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI32A7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI32D7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4CD9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3247.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3267.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e583033.msi | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit\mathparser.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\d4d4aa7d621379645d28f3a16b3ba41b971216869f5448ea5c1fc2e78cfecb26.exe
"C:\Users\Admin\AppData\Local\Temp\d4d4aa7d621379645d28f3a16b3ba41b971216869f5448ea5c1fc2e78cfecb26.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding D624B4192DE0E36578FB81FB5DFB31C2 C
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\adv.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\d4d4aa7d621379645d28f3a16b3ba41b971216869f5448ea5c1fc2e78cfecb26.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1712518290 " AI_EUIMSI=""
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 128C93BD6B06BCDA9EE622B52BDFB285
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit\mathparser.exe
"C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit\mathparser.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.doc" /S /B /A
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.pdf" /S /B /A
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.ppt" /S /B /A
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.dot" /S /B /A
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.xl" /S /B /A
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.csv" /S /B /A
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.rtf" /S /B /A
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.dot" /S /B /A
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.mdb" /S /B /A
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.accdb" /S /B /A
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.pot" /S /B /A
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.pps" /S /B /A
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.ppa" /S /B /A
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.rar" /S /B /A
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.zip" /S /B /A
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.tar" /S /B /A
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.7z" /S /B /A
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.txt" /S /B /A
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| N/A | 127.0.0.1:51549 | udp | |
| N/A | 127.0.0.1:51550 | udp | |
| N/A | 10.127.0.182:51550 | udp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | smm2021.net | udp |
| US | 50.2.155.18:80 | smm2021.net | tcp |
| RU | 185.244.41.109:8080 | tcp | |
| US | 8.8.8.8:53 | 18.155.2.50.in-addr.arpa | udp |
| RU | 185.244.41.109:8080 | tcp | |
| US | 8.8.8.8:53 | 24.173.189.20.in-addr.arpa | udp |
| RU | 185.244.41.109:8080 | tcp | |
| RU | 185.244.41.109:8080 | tcp |
Files
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\decoder.dll
| MD5 | 831e0b597db11a6eb6f3f797105f7be8 |
| SHA1 | d89154670218f9fba4515b0c1c634ae0900ca6d4 |
| SHA256 | e3404d4af16702a67dcaa4da4c5a8776ef350343b179ae6e7f2d347e7e1d1fb7 |
| SHA512 | e5e71a62c937e7d1c2cf7698bc80fa42732ddd82735ba0ccaee28aee7a7ea7b2132650dfd2c483eb6fb93f447b59643e1a3d6d077a50f0cd42b6f3fc78c1ad8f |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\adv.msi
| MD5 | 7448dc006a545059ba1258d4091b94c4 |
| SHA1 | a3da9ebfce37cc127307fc22a9cf247d93337c94 |
| SHA256 | b8860bc6b7e6581ce137e1ed1f65dcaaa74854ae02f6c7ce596d11ed803cc60c |
| SHA512 | cbb9da1ca3a8d7df98b995fef9b8a6cf50e0497326b4dc38a4a8d973c2a662fd9fece6bbde7418427cd735d22fde3debd935433dd54143c12e2286a582627563 |
C:\Users\Admin\AppData\Local\Temp\MSI1FB9.tmp
| MD5 | a32decee57c661563b038d4f324e2b42 |
| SHA1 | 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2 |
| SHA256 | fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04 |
| SHA512 | e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9 |
C:\Users\Admin\AppData\Local\Temp\MSI21CD.tmp
| MD5 | 4e2e67fc241ab6e440ad2789f705fc69 |
| SHA1 | bda5f46c1f51656d3cbad481fa2c76a553f03aba |
| SHA256 | 98f4ebaa6ea1083e98ea0dd5c74c2cb22b1375c55b6a12cfdc5d877f716de392 |
| SHA512 | 452df66dd2b09485bf92d92b72b3ad2638cbf0a570741b80309056d1e67e68a18cbd0ad3616a2943bb29de62a057848a7382b6c64c3821335a51b0a03131564c |
C:\Windows\Installer\MSI3307.tmp
| MD5 | 0be7cdee6c5103c740539d18a94acbd0 |
| SHA1 | a364c342ff150f69b471b922c0d065630a0989bb |
| SHA256 | 41abe8eb54a1910e6fc97fcea4de37a67058b7527badae8f39fba3788c46de14 |
| SHA512 | f96ef5458fdc985501e0dca9cac3c912b3f2308be29eb8e6a305a3b02a3c61b129c4db2c98980b32fd01779566fa5173b2d841755d3cb30885e2f130e4ad6e2c |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\libics4.0.dll
| MD5 | 28267ea322e3975f1e98c64a1c77f509 |
| SHA1 | e1d92e085df142d703ed9fd9c65ed92562a759fa |
| SHA256 | 18f24841651461bd84a5eac08be9bce9eab54b133b0e837d5298dac44e199d5f |
| SHA512 | 2c0bd061a51e48c057fdd0b05dc959c48e79ef3df3ca1abec105b8be2aa53f416f92c109c23029a11d4d3e7e75529215877d41b5bfe5d462d844b3bae29c1a42 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\mathparser.exe
| MD5 | dd9439b5cb3b1fc91181092f9da5aa69 |
| SHA1 | f2b8ab6f531621ab355912de64385410c39c1909 |
| SHA256 | db03917ca3cb91cdebcb681fa2733c1a2a9679e5201beeba21aee911de05973e |
| SHA512 | 6bf565095d1dee5acc4f05ff0c66adec3069e72ad371f517f7a763d273679f15eaa2c8f15b3dcce23f237786a014f9384f2d6c7e352b079c39707364f5c8ef25 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\JxCnv40.dll
| MD5 | 7052d63610b063c859af7f128a0c05cd |
| SHA1 | 7d44391b76368b8331c4f468f8ddbaf6ee5a6793 |
| SHA256 | 6e3917257f9239ff1c0ec0c17a7d9b6b01dead526c56218a11b0676174440112 |
| SHA512 | 8d34fdd4a48835b6db7ceda48716959e8c50bee04d10aa66044a880a78c13760cf314781f8e347644c5a2d71ff467577e431c70beaafcd52db72cb8044c9bc05 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\manual.pdf
| MD5 | 079766094541035de5f115a9bbb4f583 |
| SHA1 | 8423b25054aa78535c49042295558f33d34deae1 |
| SHA256 | 6434913278186cb5b12ca38580a4e94b2ce2af83a836f7e50ab9c5ea8e265a59 |
| SHA512 | 35b56c24d0b8aa2fec31ab9f329a1bfee15d97eb4fcce795e08bd15c5fd31726aae91c16bce0e1956cc2bbc2b529ace18212b09f47668e540f72079398dd3426 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\README.txt
| MD5 | 1b715b15bd03b3c4f39273c051951a4b |
| SHA1 | 925f3b7dc176f7db479b99114df6dfd0e1053cca |
| SHA256 | fec5a295a6f3289f1504c94d71a7e06777f36e35605059d15a425a9ae6d253c8 |
| SHA512 | dc017819b236b89c64171f5d69796e3a83333f5264d2c332376338a9955790b958b002658a3fa462c95cba9c01ff2e65674c440969fd9a79da11c3d7b3fc8e12 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | a7147f2739655be5dd74ebc06b4d3944 |
| SHA1 | 5d9790738c589d3708a5d9509bad0307cdb33080 |
| SHA256 | c5666b5643544b110b8b68929369a16c7cf20c9dfa586f56c97f60f87bd513e8 |
| SHA512 | 72265cba652298a13c3cab813d0bf93164b3cf7208380dd6eee5a8c168cdb59740f004bd0de3145072b6404ad6c532ee0e75c0527f4a205cbbef3ba635a5ace9 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | ff0997ae7d85ed6ba077d1b89ce65003 |
| SHA1 | c53f00d39c550d4e78166d155c9e70b2dbf7011b |
| SHA256 | 792436b5d993f4bb2c885a9eb781038849c38c5d369289d941f889496d0289b4 |
| SHA512 | 65089182c4ca9cf460d57c7010a9a8c7335a4a6d114437ec0cf43db4e26c2feee3c43d61074fff5e0831abeed16f9a5105e10722a67b83ea061ff15b107ca13a |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\eula.txt
| MD5 | b255e01ecedad3f7a600109b01943074 |
| SHA1 | 0896cbd77645152c4c867e585ba2475af9e9819c |
| SHA256 | 5b756a48762ad896de58b973e4b87d4e76ff25023a727f0a08aad9ea66e7b843 |
| SHA512 | 0e809e567c7aca6bd1a3b59a879864cc091bf24021da0f125a02a2881832a54bc2f9472cb4b9c80db7c44031dd11959ddf2988e359c6f855fce954aef7da982d |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\LICENSE.TXT
| MD5 | e861259956300fda84ba540e2a63e391 |
| SHA1 | 5a842455b3d18d9371054bde9cfbad15f9a2aa95 |
| SHA256 | 6a35ce1eb7da4598b066d2ec3663ab272b28c9bc83ec0ea2319c5708397fdcef |
| SHA512 | c7c8514b4f79abcac214c998d9952048449876cd375d0cb55ee2efb8d2a19afec6dca4519bab4297dd0acf21155d90b849019c23f28fe82692f826488d12eade |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | f81b0ade573c74d35cb2c3323f961387 |
| SHA1 | 9c00c76dab48a6de7cfd57b1988d8a8447b27902 |
| SHA256 | 8c893e14b95cfd0ee58bd1e5c288dfa8516f263955e3bece794e73cf36dcfe80 |
| SHA512 | 025888c2fd7744e792cf0a14ef7c24a3fdac690f849593d1576b1129f6bda70a9013a7a59245d32f1f401653dd1debdb97ca6a263ccbeb9e4254466acd05c5a9 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\down.png
| MD5 | 9c0dba6fd26d332f95cfeb3183ee0b4a |
| SHA1 | de3b3f47f0c0d0f632f22ac7467867cc1d1e0e5f |
| SHA256 | 9c66ede3736ecc0b26ea1fd3181f12da8cb7e456da1e066b3eb4fed5a91f18b8 |
| SHA512 | ac2d355e56d16db53850dc99994002f682c4be0216a14529cf65e14529ac6d49ad7c1b3fb4fe8a680daf62061e67824164286650c861d7d30b1385dfe94005e4 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\tool_menu_bk_l.bmp
| MD5 | c59017873cda8851111a0248eb98ab25 |
| SHA1 | e10c4b6b9a7c21afbb70cd1d8b3b97c3b6d9b805 |
| SHA256 | e329a76b3d787652264d1d1306dfc41660dbdc43780ae0933514539c0de4e88b |
| SHA512 | b14af6e5554ff579311550534b91755c80f07aa9aabab032b2fbe793866a2ce75e5d2c10cc58aab6d49f98db9ed5f689e3190aad108c33ccbe013c1f13cd221b |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\view_pos_dis.png
| MD5 | 0de37b5d1f8e800561a45ce1270b5203 |
| SHA1 | d9d6c64bd15b5961070ef1a3483ceb6737a07102 |
| SHA256 | 430fbd57a38cfe1d7bdda3be9c4a508b749b899663ce8b336566772accc6b6a6 |
| SHA512 | 3852cebf7718bce8e8f9399ac57ac07b4592a09966818225619af8b1e1f27a0e9455a878e4c4183db3c3270067ac55de970a893e3a7a0da351194ce923407954 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | c48e5a35301f4d4cf0424189a4aa69af |
| SHA1 | d5aa219e74ac97696016cadd320015bf28e12f7b |
| SHA256 | 1c3471860056bf7baf2ac697655956c6565913cf0cdae92bfe709784a948471d |
| SHA512 | 5b2ca8287d030bfe52e8d6d6e14ce03889afa042c87e1deb8f62ab21598067bc600a821b56084cde1e33bf38db24c8642169ddfd91c21c426d395186e3385453 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\tool_bk_eye.bmp
| MD5 | 110491a69f4863babe994e482417ce63 |
| SHA1 | 69d6d6cccf059119c07d53c77abd03b66b4c4ad3 |
| SHA256 | 3d44922bddc5f46f635e61d5022ca925f125a703153ecc5e4786d16df27a4a83 |
| SHA512 | 6b87510413028ecc30cea6ecf6061a5d29376ea67ac22713abbdbe44451a44127d88a71182a41cd3929ac6099d53d390f3d1a451df6bbee192299c2683e32976 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\view_pos.png
| MD5 | b9f9a3dc2f52f4018994e1412af7765d |
| SHA1 | 647861fad3cf60f8c6f0ba508862f6eab18ee2f6 |
| SHA256 | 97208dd6652c0f7cb00624731d849d3e78d04bad394751aae6a52772d09d309e |
| SHA512 | 934055460b060c2fb6494a1c455fd5e6c892fcb7ea7c9a12b0d8eb7c3501a9ddf52c3c2af9599dbb2c9f25bcae5d9e7fe59968243b33ce37afcab628b6a73f88 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | b5bfc099ae356fc96059c19e3bc190a8 |
| SHA1 | a29a630a3ef97add564f217b0f3d9cebce3edbe0 |
| SHA256 | 4b4c37b2b038023bdebf961dec9f20a1f99ea67e591b74ed595d528873daa665 |
| SHA512 | da38c177e6c0e00957a62a30442f4f3e9ad62d8017bdeea4696d79a31763ac1b12f401be9664d50077c6ed598396ac4deff3cf7d07a3c0fec94ecf12a8e94eb0 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | e167fb197b5932b5c60ac56aef01a34d |
| SHA1 | e15cb4c8a4fbd6d80ba944728aa1d67675ce80ad |
| SHA256 | a99237fcbc43b9834ccb4e8375c9b81a2508734035059d678c08d9c7b6b3ce05 |
| SHA512 | d817197cf64d7dc5d1a1551364cb4f5c1e29f4abf8ae6ebdbcd431e165746e04bb1fbc5af2927c46b09b802ac7e40196dcef88d3aeaaed2df351949e02ca95a0 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\icons\Classic\d6.ico
| MD5 | 26136c3bb47ccd00d75afb9744802cfb |
| SHA1 | 405628d0f0055f63817370ac86d5031728a6e65b |
| SHA256 | c6ab8de9eaf981abded4e2a3f9cadd15deb7629a26d229f87b4f8e2722a8acfc |
| SHA512 | e9268752673a03d5323421e863c802e05364e517dcbf368f61abdb9f8d864439e09f0f7a5e738b197e06d69ebafe9073e1ef5364baec3ad2eca3de7f7a16e0e0 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\icons\New Blue\d6.ico
| MD5 | d3e9b0d74054fc985e4837c160ae4d44 |
| SHA1 | 9fc49ac03fa2885acab1d9a6f9e2b90515c831a4 |
| SHA256 | 42330bd5334fe3fb1ffbc3b1b88f2f17befd256c83fb827e4fc34e3791b65174 |
| SHA512 | fa946d3669be1b3fc3a990a23085b226683f480e94fab9e988eb9350fb9e811453a883cd33a5f783e2acf54432a1bf35f496d1deecc67651de28344f7508d4b2 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\icons\Classic\d11.ico
| MD5 | f0466f29d958605c3415f2c7b18d3b62 |
| SHA1 | 9e47c4d3ff5a904148be631a6e254da00e3beb7b |
| SHA256 | f5b72bf1dea715bce3a322ec4b53e516fb330034f3460d3a1983eefd30bd9c0f |
| SHA512 | b53998f6753706902d6507086204978b7c0042706f41e33b15b03d678264d3791cd5651b24badafbbdaee99ecf23fea90456f9ecda803ff760556d7d647e4bc3 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | 5164cfdd2f56249dbd42a7b85ed63a76 |
| SHA1 | c2660917e479f7eefe1c015e88b36e96b3819db3 |
| SHA256 | 1b0f40b0b03cf5bb82c00b78126f4cdb3339a360964e27bc9f4e2b03517d79a2 |
| SHA512 | 69e32e46ac06e24337b6861c192638d5debbbb844fd74f533f50a15719bae1354a9b6b41fe27aa97ed7b310477f403e0e181a76c3f55c3eabde1899b4b7bc0de |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\erase.png
| MD5 | 00786f0f3fb7705d81c018199412d814 |
| SHA1 | cb194c855dbc41063d5e1f488dc4c443e9329898 |
| SHA256 | 313f14e773f93d470bcff9e42887d8672838cc64dc4682dc3a36cd3e4ade574f |
| SHA512 | 1cbdd14be8457582411fd6e1a18346bdbdddb7da7efe835f86058634d8bdb4a0ee92269b9efe7d4da8ea9f9689bfb03f0950dfc35036d2bf649a0e79d5125940 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\Templates\CommandHandler.dat
| MD5 | bf2b6fd3796a5a485185b15ba39241e0 |
| SHA1 | 438ed478342d22622a1ecfc519113e99afb57518 |
| SHA256 | 585b0ac725ef370124243c99b766dd5d25e63e9c6bc09a6f05cdf0e573a3bf41 |
| SHA512 | 07485b0a64ad6f039105a9acc9df82f8b6964f3f3978600a1a581121b7ec34b53b45317311d58cf48d4f4eeffeba0d35b5d0cd79a6826eafeace43f5f034b8da |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\imageformats\qgif4.dll
| MD5 | b690fdd8fcd1c2700f35388e9b1e5974 |
| SHA1 | 51669dd917b3f81b7d4526af36938dcf8c0aa7d9 |
| SHA256 | 3d5a5623cdea823a14102a43cac78902a73840434ba0fe9447aa8f37f887af4a |
| SHA512 | d8f63a1893211d958a47eddc9cfc5de7f8fdf7f530662722d2176c8caf4b8d0791f43bb59048fb075c7f820fb86bd8c79fe96696392a7e336860638a3cee6b9e |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\gio-modules\libgiognutls.dll
| MD5 | 23b5f97cbe4d3689ee08d0ae6abaf679 |
| SHA1 | 80d7cd7ab23dcc3388531b42b0ee31fcaac16f88 |
| SHA256 | 3b8faeaac389abd97198569f5e0ffa567e495be01e9a24311d128bd76f1dcc6e |
| SHA512 | a7e4b8e75768e9d3b44b8b48beb5e57dd33a8ad83a8f49bd3adef5bd9a2c25c9832f4f95c13a604a20311a7ed7a74ede4bd6b34662a30e246fbbc2c93fceec98 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\icons\New Blue\d1.ico
| MD5 | d100902fd3e4ea4b91fb16b5220f700f |
| SHA1 | 5797cd6b66c5ce6ac572313a45202a252214b2c5 |
| SHA256 | 4febd01d738ec425d0c13f96f2a2f3239af29bf21dfd7de8019e701e99ee6d71 |
| SHA512 | bc0d7255adef6d3901664c5ce4865ff83112f75f48624af4f47bd9d2b84fdc3c2660adf8a61fea886866f973a88dda7738df628092a0b00f035bd5636cc36f2b |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\icons\Classic\d1.ico
| MD5 | 0b9387ff14a11123a992fa5b5a015c67 |
| SHA1 | 3b704d5b706de6b7d33ae21317963c95efe9eb1f |
| SHA256 | 5aa1990906323fc78efe40db661bb58305b8c021b197b90ce3291534d38381f3 |
| SHA512 | eb4c95fd60d90c68cb98b565c9a47b6da13d7c1f467b490203177a3746637e34111f0e81cebab4dc150d071c22d75af7a35c17cc6549276f878ea80068f33819 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\sprache\chinesesimp.dxs
| MD5 | 443698f47d051ff3ccda305b6f4b4b45 |
| SHA1 | 2b31a019ad05a85d53397cb3fe7b08946b951e5c |
| SHA256 | 4e01b6ccb668ab1e548ffa72c2ef69c9088d7e910a170cc6a820f7fef08b7d81 |
| SHA512 | 687eec2c606e09e09ed70cce8532017a8850832e8038d8db4710f81fef69aacbd8040d102bfdf46e5fc9d154664af435a36c7569e6497bf4c566a7b1a00a93e8 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\Layouts\Bottom.fencelayout
| MD5 | c0969fdbaae430f6c0f53731e86d8bd8 |
| SHA1 | 9dbe36aa40adb1543569564be6451c0a44d5d11c |
| SHA256 | ae38e8325d0ad1fcbc90e5a67e9867c6c98fc11223cbaea19627fb0a04d79c33 |
| SHA512 | d0eb2fb168e3169a432282188c9098c5c7541bb19035c85b22264055110a71a145a153e7d0327a210ac972d686e38020add9f8a1dc33af06336ad43dc052929e |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\add.png
| MD5 | 0128ad7e04e9a25c9ab4316c13d8deff |
| SHA1 | 55068a4cc67a2fe94ec15ee46be67ad367d31117 |
| SHA256 | 3386cab5cf90d40db4f15e34c6bd15cb832848c6b61fa1ca5fa3ad60ae7d9b04 |
| SHA512 | 93baa7a401192059fbd95bd82449e9461ef5124bf748d8a9226e3df9a7194fc5eebb105146258e2629f0b139d00e6d2a30eec09510215fd69b9f788f18784fcd |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\zlibwapi.dll
| MD5 | 54789344b07bed58e43851eca47e2b12 |
| SHA1 | 93c561365bc7f1cbb5385d0323ed81044a6ec276 |
| SHA256 | 9f8729ac49e0ccea86fe3b1a9b2c3fae9986ecd09db92853e7a588dbda85bf90 |
| SHA512 | 54d4af3de4b12ff8f25a4596cdb97bb32fd739217f99849bdebe5ca92d801cb5564d4407193bcbfaf8118e5d3391543a80ff08371e28c35c2c091d9ff90a3692 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\VistaBridgeLibrary.dll
| MD5 | 66010aedea55e9a4bbd300e089110193 |
| SHA1 | 6f1333d62367dfc5ffead6b8ff822310709f1a83 |
| SHA256 | c9d1a4715b0982a8bda6eb2d69f5a17656880a43875146a6beee02b00fbede4e |
| SHA512 | ffe4a419487b9e4eab8eded57cfbe3b9f46f12bf9c7e02e7dff79d14c33fc7ed0a346ca2a2624f033fe962309fa87d0ac6ba31e4fdaff4d9968cb8b0444bb712 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\pthreadGC2.dll
| MD5 | 928c9eea653311af8efc155da5a1d6a5 |
| SHA1 | 27300fcd5c22245573f5595ecbd64fce89c53750 |
| SHA256 | 6dc4bee625a2c5e3499e36fe7c6ff8ead92adf6aae40c4099fdc8ef82e85b387 |
| SHA512 | 0541d706bb53f8a04c78fcf327c4557553fa901d645ad2fd446e79753b4729f1e36793f42fbdd9b5e92073a30ed9a3dd853773a06ebea8e9302ece91a6c5362c |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\mingwm10.dll
| MD5 | a5a239c980d6791086b7fe0e2ca38974 |
| SHA1 | dbd8e70db07ac78e007b13cc8ae80c9a3885a592 |
| SHA256 | fb33c708c2f83c188dc024b65cb620d7e2c3939c155bc1c15dc73dccebe256b7 |
| SHA512 | 8667904dda77c994f646083ef39b1f69c2961758c3da60cecadfe6d349dd99934c4d8784f8e38ae8b8c9eb9762edd546f2a7b579f02612578f8049e9d10e8da7 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\libgthread-2.0-0.dll
| MD5 | cf2571c125fa1d2ec55b9977054f380a |
| SHA1 | 91014dd50f0eeb0d3d1faed77541c76a05b712b8 |
| SHA256 | 02b817b6db18db2dfccefdd08eed64a696e2bf326f4120ee7e93ae6aa73bccb3 |
| SHA512 | a95bf3436ea2fac443924c5fc31fcd4337a44702ef38ca82d744474301e53f14721eaeb0f21e515ccff8569e7b7d81107fb5a4cf2ae485cd4a5d2dc95dae8f9b |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\libgmodule-2.0-0.dll
| MD5 | 4d233a220f91de3b1510d017b5481942 |
| SHA1 | c59f449b0d09127d18268e7b07da3f7d749b2720 |
| SHA256 | 08336089e280805c8ac89f7476526f944b5868c014748b6dc29f65167e9e3ab0 |
| SHA512 | a86a1f9b5d160813c6e2f771962f303428604057b9613021bf7844c1204cfca0a18571a28d950d7999acc4ecde0605095f9a460a9b79fe2bbe02f080c2683923 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\libffi-6.dll
| MD5 | c4059a8eec8ad3abc6432238f7491a2b |
| SHA1 | f1c6cf3fa216f73ba44bd481c685ef30cfd3d284 |
| SHA256 | a9d3f2056f8e888edc5abfa18178fc0b3ef99880c9c410e2c7d6a64386fb57da |
| SHA512 | 0bb582a9a02cbd29c007e9cfed9dabe53ef087814c7aa8195c82d4b15302f95408a15710a3f83a970c35db26f77a9a34549d6906a7440fa7d0127aeca9bc8efc |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\liborc-test-0.4-0.dll
| MD5 | 00d68e20169f763376095705c1520c4f |
| SHA1 | 75ec5e1974654613c9eeeff047f1eb58694fd656 |
| SHA256 | 3c12f0a9f43cf88d82f5cc482627237f51a63a293ef95f2342222ebde1fb909f |
| SHA512 | 4e180a8ce0e30cfc82883d05d8708fe82442541a4c522055d00f381bf47a0a4f269bc1f5e1ebbfec888edbe455ce145e24cb4c734e682e830322e13479a62c34 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\libogg-0.dll
| MD5 | 84e8e72572d53558d52403011fa0d388 |
| SHA1 | 865160da7dbfaaea224541eb44e9430e1a7b7b20 |
| SHA256 | ca717b5cf2a7b0e047aabad985c631278941c58f16e2e9650ca12c3a331fcd4f |
| SHA512 | 47ee932bfa4ee3c51c3828ef8c6923e5b946966ad8e255bc2c53a60443aa2d4ab17521f21912a6f0469c7898d6543dc4b1783a86ddb5a84568818a7b37ec3992 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\MixPanel.dll
| MD5 | abab72ed49b141ad05841d92ffbb425a |
| SHA1 | 058b173204910d6299e8adeba9b1e530502f238f |
| SHA256 | eb8f046e2404e91748976f409814ffc862c40835d080c06d4b83088515851927 |
| SHA512 | 9d2a81851b0bf2f65771e29726c2b58e1b07af0c840deb71283d19693d4a2ad00020aad3fdbecdc920dfdcbcb3f4ca4e7efe09ed0bbfa273738ad0fb7599ced7 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\SdCrashReporter.dll
| MD5 | f55d8ae20f049265aebe704e9df97fc8 |
| SHA1 | 401534ad6a34b99929bfff3621d1de8777aa3d5b |
| SHA256 | ce8ac2e3fee5ef0c3f0959f11220d061d41998ae973d9f9efb88c220c41598c3 |
| SHA512 | d867f722ca477766116233d9ddee06391829ee877c424d58e37cf06f4c8e3c4618a7c67d0804d382f4fbf216a2a27d87911bfba2b453ebecc37202d6fb95188e |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\ssleay32.dll
| MD5 | cb48c0854cf3264c3baa3c2da76ec014 |
| SHA1 | 01152fecaf127f9874ce8c9978bf570aa6309beb |
| SHA256 | dc1684abc539f789791ad1518557d5ad654816dee904eaa5021556419ae5325b |
| SHA512 | dd67a556a7c20e51129640eb1ab590c4da5fbbff9ae965adb56bdbc5079f9f468473728c60d229c1a1bc70a872da2ac250b080df1ad55534b88a1d61bd3b5e10 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\lua5.1.dll
| MD5 | 05ceb6d2e88a896d6ada0ab3f0dc40aa |
| SHA1 | 2b62cc437f5b3268acb3f569b43fd6c0a08e4e47 |
| SHA256 | b574d89422afcaae5446d8fd88d3b7cb48d608cf5411db761916b35c9999b41a |
| SHA512 | fd9a03167c70ddd156d6942e503f7d9528e4748e9613cfba69181eb8b50fcaea9f6d3b9e1398da21d4e4c8bf47c99fe2becc88b98107a4fdcb80697510c1860f |
C:\Config.Msi\e583036.rbs
| MD5 | 5eb8ccd64c05d9c204850fb3e7220388 |
| SHA1 | fd6e5e6a2f42f158ea9565476ddc99240a5c0899 |
| SHA256 | 169bff717078376462f66444d851f6e805a945162ce5e98702bbabd762ccece5 |
| SHA512 | 3f791b19969526ca17b77b94a1b9db1c3d8252153317807a62620c3a1e7985e18a57b883d43121a02517dd2a48ff7fed70bd3da14bb958c4ec69f65b7fe714a9 |
memory/4644-675-0x0000000000600000-0x0000000000EBB000-memory.dmp
memory/4644-680-0x0000000000600000-0x0000000000EBB000-memory.dmp
memory/4644-682-0x0000000000600000-0x0000000000EBB000-memory.dmp
C:\Users\Admin\Downloads\installation.exe
| MD5 | 345e3700c5b584ca43a6748670480864 |
| SHA1 | 90802b6139b4ad5c8b218e137af9e5466ad4d0fa |
| SHA256 | e952eeacb54e0d9c07da6db899c7012b49cfd19b19ec46b99321ebe831b53a7c |
| SHA512 | 0c17385d336dd25b36e06c2c323694ec43683bf6c179985989eadd680df190bda220ddbd4afa548d6827877fdcfde06f67fd692ebe37653b574d00f5e377a566 |
memory/4644-695-0x0000000000600000-0x0000000000EBB000-memory.dmp
memory/4644-697-0x0000000000600000-0x0000000000EBB000-memory.dmp
memory/4644-699-0x0000000000600000-0x0000000000EBB000-memory.dmp
memory/4644-701-0x0000000000600000-0x0000000000EBB000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-10 14:21
Reported
2024-04-10 14:24
Platform
win7-20240221-en
Max time kernel
119s
Max time network
125s
Command Line
Signatures
Babadeda
Babadeda Crypter
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit\mathparser.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d4d4aa7d621379645d28f3a16b3ba41b971216869f5448ea5c1fc2e78cfecb26.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d4d4aa7d621379645d28f3a16b3ba41b971216869f5448ea5c1fc2e78cfecb26.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d4d4aa7d621379645d28f3a16b3ba41b971216869f5448ea5c1fc2e78cfecb26.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit\mathparser.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\f769e90.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA0C6.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA24E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA404.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA58B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f769e93.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f769e90.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA182.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB3DE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f769e93.ipi | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\d4d4aa7d621379645d28f3a16b3ba41b971216869f5448ea5c1fc2e78cfecb26.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Users\Admin\AppData\Local\Temp\d4d4aa7d621379645d28f3a16b3ba41b971216869f5448ea5c1fc2e78cfecb26.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\d4d4aa7d621379645d28f3a16b3ba41b971216869f5448ea5c1fc2e78cfecb26.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\d4d4aa7d621379645d28f3a16b3ba41b971216869f5448ea5c1fc2e78cfecb26.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\d4d4aa7d621379645d28f3a16b3ba41b971216869f5448ea5c1fc2e78cfecb26.exe
"C:\Users\Admin\AppData\Local\Temp\d4d4aa7d621379645d28f3a16b3ba41b971216869f5448ea5c1fc2e78cfecb26.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 331BA7E9325C31209300DEB2BB153422 C
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\adv.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\d4d4aa7d621379645d28f3a16b3ba41b971216869f5448ea5c1fc2e78cfecb26.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1712499478 " AI_EUIMSI=""
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding C78EDDA4CEAA38F312290FFC5FC1B24D
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit\mathparser.exe
"C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit\mathparser.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:64052 | udp | |
| N/A | 127.0.0.1:64053 | udp |
Files
\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\decoder.dll
| MD5 | 831e0b597db11a6eb6f3f797105f7be8 |
| SHA1 | d89154670218f9fba4515b0c1c634ae0900ca6d4 |
| SHA256 | e3404d4af16702a67dcaa4da4c5a8776ef350343b179ae6e7f2d347e7e1d1fb7 |
| SHA512 | e5e71a62c937e7d1c2cf7698bc80fa42732ddd82735ba0ccaee28aee7a7ea7b2132650dfd2c483eb6fb93f447b59643e1a3d6d077a50f0cd42b6f3fc78c1ad8f |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\adv.msi
| MD5 | 7448dc006a545059ba1258d4091b94c4 |
| SHA1 | a3da9ebfce37cc127307fc22a9cf247d93337c94 |
| SHA256 | b8860bc6b7e6581ce137e1ed1f65dcaaa74854ae02f6c7ce596d11ed803cc60c |
| SHA512 | cbb9da1ca3a8d7df98b995fef9b8a6cf50e0497326b4dc38a4a8d973c2a662fd9fece6bbde7418427cd735d22fde3debd935433dd54143c12e2286a582627563 |
C:\Users\Admin\AppData\Local\Temp\Cab957E.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar95B0.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\MSI99F9.tmp
| MD5 | a32decee57c661563b038d4f324e2b42 |
| SHA1 | 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2 |
| SHA256 | fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04 |
| SHA512 | e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9 |
C:\Users\Admin\AppData\Local\Temp\MSI9B22.tmp
| MD5 | 4e2e67fc241ab6e440ad2789f705fc69 |
| SHA1 | bda5f46c1f51656d3cbad481fa2c76a553f03aba |
| SHA256 | 98f4ebaa6ea1083e98ea0dd5c74c2cb22b1375c55b6a12cfdc5d877f716de392 |
| SHA512 | 452df66dd2b09485bf92d92b72b3ad2638cbf0a570741b80309056d1e67e68a18cbd0ad3616a2943bb29de62a057848a7382b6c64c3821335a51b0a03131564c |
C:\Users\Admin\AppData\Local\Temp\Cab9D1A.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b8bf2e4ba7255fead9db410623a5948 |
| SHA1 | 2cda268c99881fd45e76d8151dfc2ab0c31fa3de |
| SHA256 | b79c6986b4d01e4884d18327f450f91ada18c245654897d00a338d3f45d895ad |
| SHA512 | 8acfa7aec3428c4e2b9b83acb807972af9706f0ac7ab5650be311fede5621ff689e7c122a2eab0b00101a403bfa0b4669a51ef9fa50254e7b075b9ad54ab7783 |
C:\Users\Admin\AppData\Local\Temp\Tar9D9A.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18247544ba9f887546936ab694eda8d7 |
| SHA1 | 408adac99308738fce1f91472bd4e923f17f0e5c |
| SHA256 | 8440d1b881b8b6097b16d95cffd39dd383c0e97f4479b2f7ca3f77ff0405fd62 |
| SHA512 | 5de21ceeb88e099ed530e73b0ee20de34d3c4d40b368db86c8c1773218d090c588c1f13c8c241e68e2187fe74641e60b0025956b7a2251c266918ca5cd59090d |
C:\Windows\Installer\MSIA58B.tmp
| MD5 | 0be7cdee6c5103c740539d18a94acbd0 |
| SHA1 | a364c342ff150f69b471b922c0d065630a0989bb |
| SHA256 | 41abe8eb54a1910e6fc97fcea4de37a67058b7527badae8f39fba3788c46de14 |
| SHA512 | f96ef5458fdc985501e0dca9cac3c912b3f2308be29eb8e6a305a3b02a3c61b129c4db2c98980b32fd01779566fa5173b2d841755d3cb30885e2f130e4ad6e2c |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\libics4.0.dll
| MD5 | 28267ea322e3975f1e98c64a1c77f509 |
| SHA1 | e1d92e085df142d703ed9fd9c65ed92562a759fa |
| SHA256 | 18f24841651461bd84a5eac08be9bce9eab54b133b0e837d5298dac44e199d5f |
| SHA512 | 2c0bd061a51e48c057fdd0b05dc959c48e79ef3df3ca1abec105b8be2aa53f416f92c109c23029a11d4d3e7e75529215877d41b5bfe5d462d844b3bae29c1a42 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\JxCnv40.dll
| MD5 | 7052d63610b063c859af7f128a0c05cd |
| SHA1 | 7d44391b76368b8331c4f468f8ddbaf6ee5a6793 |
| SHA256 | 6e3917257f9239ff1c0ec0c17a7d9b6b01dead526c56218a11b0676174440112 |
| SHA512 | 8d34fdd4a48835b6db7ceda48716959e8c50bee04d10aa66044a880a78c13760cf314781f8e347644c5a2d71ff467577e431c70beaafcd52db72cb8044c9bc05 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\mathparser.exe
| MD5 | dd9439b5cb3b1fc91181092f9da5aa69 |
| SHA1 | f2b8ab6f531621ab355912de64385410c39c1909 |
| SHA256 | db03917ca3cb91cdebcb681fa2733c1a2a9679e5201beeba21aee911de05973e |
| SHA512 | 6bf565095d1dee5acc4f05ff0c66adec3069e72ad371f517f7a763d273679f15eaa2c8f15b3dcce23f237786a014f9384f2d6c7e352b079c39707364f5c8ef25 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\manual.pdf
| MD5 | 079766094541035de5f115a9bbb4f583 |
| SHA1 | 8423b25054aa78535c49042295558f33d34deae1 |
| SHA256 | 6434913278186cb5b12ca38580a4e94b2ce2af83a836f7e50ab9c5ea8e265a59 |
| SHA512 | 35b56c24d0b8aa2fec31ab9f329a1bfee15d97eb4fcce795e08bd15c5fd31726aae91c16bce0e1956cc2bbc2b529ace18212b09f47668e540f72079398dd3426 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\ssleay32.dll
| MD5 | cb48c0854cf3264c3baa3c2da76ec014 |
| SHA1 | 01152fecaf127f9874ce8c9978bf570aa6309beb |
| SHA256 | dc1684abc539f789791ad1518557d5ad654816dee904eaa5021556419ae5325b |
| SHA512 | dd67a556a7c20e51129640eb1ab590c4da5fbbff9ae965adb56bdbc5079f9f468473728c60d229c1a1bc70a872da2ac250b080df1ad55534b88a1d61bd3b5e10 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\lua5.1.dll
| MD5 | 05ceb6d2e88a896d6ada0ab3f0dc40aa |
| SHA1 | 2b62cc437f5b3268acb3f569b43fd6c0a08e4e47 |
| SHA256 | b574d89422afcaae5446d8fd88d3b7cb48d608cf5411db761916b35c9999b41a |
| SHA512 | fd9a03167c70ddd156d6942e503f7d9528e4748e9613cfba69181eb8b50fcaea9f6d3b9e1398da21d4e4c8bf47c99fe2becc88b98107a4fdcb80697510c1860f |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\LICENSE.TXT
| MD5 | e861259956300fda84ba540e2a63e391 |
| SHA1 | 5a842455b3d18d9371054bde9cfbad15f9a2aa95 |
| SHA256 | 6a35ce1eb7da4598b066d2ec3663ab272b28c9bc83ec0ea2319c5708397fdcef |
| SHA512 | c7c8514b4f79abcac214c998d9952048449876cd375d0cb55ee2efb8d2a19afec6dca4519bab4297dd0acf21155d90b849019c23f28fe82692f826488d12eade |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\SdCrashReporter.dll
| MD5 | f55d8ae20f049265aebe704e9df97fc8 |
| SHA1 | 401534ad6a34b99929bfff3621d1de8777aa3d5b |
| SHA256 | ce8ac2e3fee5ef0c3f0959f11220d061d41998ae973d9f9efb88c220c41598c3 |
| SHA512 | d867f722ca477766116233d9ddee06391829ee877c424d58e37cf06f4c8e3c4618a7c67d0804d382f4fbf216a2a27d87911bfba2b453ebecc37202d6fb95188e |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\README.txt
| MD5 | 1b715b15bd03b3c4f39273c051951a4b |
| SHA1 | 925f3b7dc176f7db479b99114df6dfd0e1053cca |
| SHA256 | fec5a295a6f3289f1504c94d71a7e06777f36e35605059d15a425a9ae6d253c8 |
| SHA512 | dc017819b236b89c64171f5d69796e3a83333f5264d2c332376338a9955790b958b002658a3fa462c95cba9c01ff2e65674c440969fd9a79da11c3d7b3fc8e12 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\eula.txt
| MD5 | b255e01ecedad3f7a600109b01943074 |
| SHA1 | 0896cbd77645152c4c867e585ba2475af9e9819c |
| SHA256 | 5b756a48762ad896de58b973e4b87d4e76ff25023a727f0a08aad9ea66e7b843 |
| SHA512 | 0e809e567c7aca6bd1a3b59a879864cc091bf24021da0f125a02a2881832a54bc2f9472cb4b9c80db7c44031dd11959ddf2988e359c6f855fce954aef7da982d |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\MixPanel.dll
| MD5 | abab72ed49b141ad05841d92ffbb425a |
| SHA1 | 058b173204910d6299e8adeba9b1e530502f238f |
| SHA256 | eb8f046e2404e91748976f409814ffc862c40835d080c06d4b83088515851927 |
| SHA512 | 9d2a81851b0bf2f65771e29726c2b58e1b07af0c840deb71283d19693d4a2ad00020aad3fdbecdc920dfdcbcb3f4ca4e7efe09ed0bbfa273738ad0fb7599ced7 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\liborc-test-0.4-0.dll
| MD5 | 00d68e20169f763376095705c1520c4f |
| SHA1 | 75ec5e1974654613c9eeeff047f1eb58694fd656 |
| SHA256 | 3c12f0a9f43cf88d82f5cc482627237f51a63a293ef95f2342222ebde1fb909f |
| SHA512 | 4e180a8ce0e30cfc82883d05d8708fe82442541a4c522055d00f381bf47a0a4f269bc1f5e1ebbfec888edbe455ce145e24cb4c734e682e830322e13479a62c34 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\libffi-6.dll
| MD5 | c4059a8eec8ad3abc6432238f7491a2b |
| SHA1 | f1c6cf3fa216f73ba44bd481c685ef30cfd3d284 |
| SHA256 | a9d3f2056f8e888edc5abfa18178fc0b3ef99880c9c410e2c7d6a64386fb57da |
| SHA512 | 0bb582a9a02cbd29c007e9cfed9dabe53ef087814c7aa8195c82d4b15302f95408a15710a3f83a970c35db26f77a9a34549d6906a7440fa7d0127aeca9bc8efc |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\libogg-0.dll
| MD5 | 84e8e72572d53558d52403011fa0d388 |
| SHA1 | 865160da7dbfaaea224541eb44e9430e1a7b7b20 |
| SHA256 | ca717b5cf2a7b0e047aabad985c631278941c58f16e2e9650ca12c3a331fcd4f |
| SHA512 | 47ee932bfa4ee3c51c3828ef8c6923e5b946966ad8e255bc2c53a60443aa2d4ab17521f21912a6f0469c7898d6543dc4b1783a86ddb5a84568818a7b37ec3992 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\VistaBridgeLibrary.dll
| MD5 | 66010aedea55e9a4bbd300e089110193 |
| SHA1 | 6f1333d62367dfc5ffead6b8ff822310709f1a83 |
| SHA256 | c9d1a4715b0982a8bda6eb2d69f5a17656880a43875146a6beee02b00fbede4e |
| SHA512 | ffe4a419487b9e4eab8eded57cfbe3b9f46f12bf9c7e02e7dff79d14c33fc7ed0a346ca2a2624f033fe962309fa87d0ac6ba31e4fdaff4d9968cb8b0444bb712 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\pthreadGC2.dll
| MD5 | 928c9eea653311af8efc155da5a1d6a5 |
| SHA1 | 27300fcd5c22245573f5595ecbd64fce89c53750 |
| SHA256 | 6dc4bee625a2c5e3499e36fe7c6ff8ead92adf6aae40c4099fdc8ef82e85b387 |
| SHA512 | 0541d706bb53f8a04c78fcf327c4557553fa901d645ad2fd446e79753b4729f1e36793f42fbdd9b5e92073a30ed9a3dd853773a06ebea8e9302ece91a6c5362c |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\mingwm10.dll
| MD5 | a5a239c980d6791086b7fe0e2ca38974 |
| SHA1 | dbd8e70db07ac78e007b13cc8ae80c9a3885a592 |
| SHA256 | fb33c708c2f83c188dc024b65cb620d7e2c3939c155bc1c15dc73dccebe256b7 |
| SHA512 | 8667904dda77c994f646083ef39b1f69c2961758c3da60cecadfe6d349dd99934c4d8784f8e38ae8b8c9eb9762edd546f2a7b579f02612578f8049e9d10e8da7 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\zlibwapi.dll
| MD5 | 54789344b07bed58e43851eca47e2b12 |
| SHA1 | 93c561365bc7f1cbb5385d0323ed81044a6ec276 |
| SHA256 | 9f8729ac49e0ccea86fe3b1a9b2c3fae9986ecd09db92853e7a588dbda85bf90 |
| SHA512 | 54d4af3de4b12ff8f25a4596cdb97bb32fd739217f99849bdebe5ca92d801cb5564d4407193bcbfaf8118e5d3391543a80ff08371e28c35c2c091d9ff90a3692 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\libgthread-2.0-0.dll
| MD5 | cf2571c125fa1d2ec55b9977054f380a |
| SHA1 | 91014dd50f0eeb0d3d1faed77541c76a05b712b8 |
| SHA256 | 02b817b6db18db2dfccefdd08eed64a696e2bf326f4120ee7e93ae6aa73bccb3 |
| SHA512 | a95bf3436ea2fac443924c5fc31fcd4337a44702ef38ca82d744474301e53f14721eaeb0f21e515ccff8569e7b7d81107fb5a4cf2ae485cd4a5d2dc95dae8f9b |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\add.png
| MD5 | 0128ad7e04e9a25c9ab4316c13d8deff |
| SHA1 | 55068a4cc67a2fe94ec15ee46be67ad367d31117 |
| SHA256 | 3386cab5cf90d40db4f15e34c6bd15cb832848c6b61fa1ca5fa3ad60ae7d9b04 |
| SHA512 | 93baa7a401192059fbd95bd82449e9461ef5124bf748d8a9226e3df9a7194fc5eebb105146258e2629f0b139d00e6d2a30eec09510215fd69b9f788f18784fcd |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\libgmodule-2.0-0.dll
| MD5 | 4d233a220f91de3b1510d017b5481942 |
| SHA1 | c59f449b0d09127d18268e7b07da3f7d749b2720 |
| SHA256 | 08336089e280805c8ac89f7476526f944b5868c014748b6dc29f65167e9e3ab0 |
| SHA512 | a86a1f9b5d160813c6e2f771962f303428604057b9613021bf7844c1204cfca0a18571a28d950d7999acc4ecde0605095f9a460a9b79fe2bbe02f080c2683923 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\check_sel.bmp
| MD5 | 380057851231099f05da502cec65e694 |
| SHA1 | 45730f3ecf9e51206a152d4a822ebdc45bd96369 |
| SHA256 | 9b2ebafa403c72e5a5baf02b9a49d91d73577ec3e6716de3c6a0b1d6d0682246 |
| SHA512 | 3e3b36a4e84fb7198cbc467f94eef232cc57074436c7469c0c4f12796e355f69bdda7b054e0d9747031809aeaf23783cf4c1e0d0ab9d7ddceeba1ef8ff4372e8 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | 862e7c478602f3bd7c1ad8ca710e2ef1 |
| SHA1 | ca22694cc6fc1caa96ca37135050ed967753b0bc |
| SHA256 | 1b89214126aacc175421aa0e288f6ccab860f5306f95aa1db145f0d22f7a512b |
| SHA512 | ff774ee71c8db98ea074144ffa657a99d21944259ae607c36c19d7f3f79497d2eef1ef826905ee0095322fb5d317e1d5826a3edd309565a8afa0bbc160f6b198 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\check.bmp
| MD5 | 613f8a5427662e9fc08805a6ccfdf596 |
| SHA1 | 7b4bccd143d286f455e98ddb04f36dd5e9f2f09b |
| SHA256 | f6e2cc8eb2a197421fbb112383a7424d27ae66c26a423f2a2b446fd248e0cec0 |
| SHA512 | a218645a1bc0ede5b9c4ad4f87df3544fe43d88564e36a077a4b6dc0cf7fa3459c5ff85f2720085d170f00be7247f2696da9c1daf8d2979022bc52a3fb4b714d |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | d42ec3b301acfcda039530ee5914bf69 |
| SHA1 | dc705e5985443446e4c44f9f6588f08e28e8e330 |
| SHA256 | aee398a7d3a6bbc5204aed10c467725545355e2f264bf01b2712ef9c757b6d9b |
| SHA512 | e5122a6f56b5f817fc40a0c67b6c6df68609fffeeb6c80718bf990dea829d4c1115614b82de1025b2075e7333c0cce7b327396613e0bd6db91a91b45b629fc5d |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | 1ee3e85f8257830697304e3bc93bface |
| SHA1 | 92486c4b9768fa14b146540ff072881a4de20c46 |
| SHA256 | 97020c7255bc11b12e64c8f18d30a7d0bc51f907c7b78fca8d52fbc39cf75c1a |
| SHA512 | c7949058dae0b045dd8605eb64a197dfeee54399fa24c3bc904bae6db2bd600076c352b2147b29df6f9916d07800c3f4c1e251eca76569e84a54f2b28045cf9d |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | cc7f410250697d82bdd5d01baf6f9d83 |
| SHA1 | c29a67f5735bedb4e790230e686fd590c6ed00e2 |
| SHA256 | 133d046a4fe796f8d9d218c93db7b9dafe430af41eae37235a32c4f074463438 |
| SHA512 | 12ddf8471582bf9ead0bbe66c699be3c3b99e0947ebe600262155705c19b4889fabd9677e5c62304d92f2a9226fd09181d54fd5396e1c9d28e955beade8055e9 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | e167fb197b5932b5c60ac56aef01a34d |
| SHA1 | e15cb4c8a4fbd6d80ba944728aa1d67675ce80ad |
| SHA256 | a99237fcbc43b9834ccb4e8375c9b81a2508734035059d678c08d9c7b6b3ce05 |
| SHA512 | d817197cf64d7dc5d1a1551364cb4f5c1e29f4abf8ae6ebdbcd431e165746e04bb1fbc5af2927c46b09b802ac7e40196dcef88d3aeaaed2df351949e02ca95a0 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | b5fbc6d861264c2cd1893159516ca619 |
| SHA1 | 1abdeec3d766937a0743c83aeb3300c670377ded |
| SHA256 | 46fc69a51d3a6482a7a99f18f31dc1f3b361e1a58f4e4edf0f01610e9b599442 |
| SHA512 | 383c6d0c204f70add0eff15fbba66c7e70e4b107834e1ea36645122b7a0a75703d94917f21e0da56fe9b5796c5812d038f43b552d2e54a16c93b2b2711b0a4ae |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | 5f07cf4b314e6e85bfb821b5ce85b5a7 |
| SHA1 | 9cb06700e8503949b145f20e6a3dbfda727b70eb |
| SHA256 | 7482d6d528532f8afa81c83c01237b63a90caa029c649a47356438c6869ca8ff |
| SHA512 | 0574463b34353e5da88349661eef9209984e448201615df727a3f747c0954254881da0d06fdb165369e26ffa1ccae9e44e0a66e43c6c9e41d914c9c4dba893a3 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | b26dec1a2e40b83920fb139e8dcdd7d8 |
| SHA1 | 138ac87485192cef25f033c18cb72413cd9d6120 |
| SHA256 | 333307048a93f4fa05d55525751f297df8451feee3c7149864d40bf95748c09a |
| SHA512 | 37c7717a5fd3b6d13003327eb15d3653d75271ff5cb96d0d14b01221e485080508c67c2c059d804004dc770f62f50c16f548b31e506976d75e7d011ed00537c0 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | 23d34cfd73e18438d7a352fc58008a67 |
| SHA1 | 38c6158ed085dcfa9144a3f8ff3fcb801a10ba1f |
| SHA256 | e8178172cb8280545c3e115b09e14cd42b04910018758f7d46959469f11c2ade |
| SHA512 | b73d7de71189ea0fedc014b5ab53317237d4f7becb29af6d9b26e1a76b8297b9d0ffb6dde52a39410d057ed750345b2da1fd19cfc4c67890e55a529124ab4190 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | 7ff957407851bb63beccf2a9aeec387e |
| SHA1 | 669bf4dc949c3558679084b8a2c057bf7ac036ad |
| SHA256 | f6456315250f7c9a216a9d8b4c4e2bebedd4b364ab88f560744a0e460bcb262f |
| SHA512 | 7b57273b7d4096a8080300dfa1ed4388694b27abff165969dd59fabe7fd7a24ca4d98cfcda1fbf6d5cc6303bf5c57acc6345b6c0e78f1b87deef1ba3c05a516e |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | b72322c495daed471e4ffc9338d11388 |
| SHA1 | 56e3ed76cdd923c6a6297f999a109d170c2aa511 |
| SHA256 | a8b18c966a299ece5b2332f29e60ad78ef4f54b5ff449d2f7539dfb9b39f0b1c |
| SHA512 | fd085fd8ed0643d3a100e2f7f417e0717823f41a1f0c5f2fc5ffe198904bc8a3e84e6e44879231c61a39dc252ddf2a3e3a1f28deb16532c18e423ec58208c6ef |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | 54b4f86374ed83c3f4871f386273ded2 |
| SHA1 | 96d0440fb5d57c314c5f87248d57768007a67808 |
| SHA256 | b861f21258e40495e03ca369e78759d26611a1fdd814d8b55aa05937b6d7e0c6 |
| SHA512 | c716213fb91608d39f4d1ca1a62b26fc02dce02f5fe8fb9f1e0615210a56bb60da1e8a71ae0e94ce64c71c2d90cc57d2451cd98e90eee9bb264c3abbeb8cada3 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | e8eedb9962ec4e13890a85dfe6300736 |
| SHA1 | 72daed37d275a0ab13fd544db204fed308967ef5 |
| SHA256 | f3c0f3190836bb96e289d0df83b4a94a5aa9223e230775db5dec8c98afc7f949 |
| SHA512 | 8957c598588d468850c1d1f82bc14a117575eb73f08349e2ba704e0e2e725e33918b6c5238dd5e1307c813b137f3dd216f75dd80400781108f2bfd514fd85f0f |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | f81b0ade573c74d35cb2c3323f961387 |
| SHA1 | 9c00c76dab48a6de7cfd57b1988d8a8447b27902 |
| SHA256 | 8c893e14b95cfd0ee58bd1e5c288dfa8516f263955e3bece794e73cf36dcfe80 |
| SHA512 | 025888c2fd7744e792cf0a14ef7c24a3fdac690f849593d1576b1129f6bda70a9013a7a59245d32f1f401653dd1debdb97ca6a263ccbeb9e4254466acd05c5a9 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | 6d786d0492052cbed9073c342dcc3388 |
| SHA1 | e8fc3b8379318cafa2a8d6606633e17c8935467f |
| SHA256 | f7b711849623eb1cf52c644dbc27f45c0bead848d3158b15915809af0ba887f7 |
| SHA512 | 6ca7bd4363f2f65f9da4ad5a10b9119437b07c05b75bfc16030dec2fc018a426883db30cfbeb4ecef561146394de1f590562cfe12abd76994485622c25dcf1d0 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | ad76b31e75197975af306528a8f73d4a |
| SHA1 | aa17254bae04e1fe52c823e7eaff302528fe2744 |
| SHA256 | 03e1f20dc96309e51fe3b2314aac6bf0da1ceb68bbd3e03f5a388dd480503a3c |
| SHA512 | d6deb03bd5957b407f50703cd119851742dfbd884e2a8268190c7f332d482fe11829cf73b5bb9df9850440ebf538bf1cf8affcf9f200167042e226d8ab9dc23b |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | c0bef6146e2e48b4c69b9a5d739ed394 |
| SHA1 | 49da14f062edfcd65f848db2697a16d24c5710a9 |
| SHA256 | 61bb84c7a31ee9e82378e27103a49ebef8afda47b10318e8d34ec243f90fbf74 |
| SHA512 | 6173725e4eb7901bb31513c42713d2ecc3d9d74deb0c3ed64174690ec1efaef977b842e6bd20643688ab0467dcc4d6b5f62c7e218b494e180966dadfd64722dc |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | cd65d392e4f6b26f9e74df077fdf6ac1 |
| SHA1 | 7f6be789bdeff09dcb51621030dfc142f3bc0c72 |
| SHA256 | fbcfd285f0fa868f27b7d661e724dbe4db8176b15c357ca2d09107810763711c |
| SHA512 | 0208c5734b5a12aa4295e87808a65ca9cc5b4e76e78359b12fd737b140b5069f0272ca962fe52f0088377b79b7a19e1ea96453de0b1d0ef81736010df9e8c63e |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | cf3d216360fec663cc0e97166058f192 |
| SHA1 | 5d73fdff0f87ee4dc3dfc26737ea2c5958678d41 |
| SHA256 | a70ca03c172770577c217302087bd5fb1e495a009627c984fa896d276bf770a7 |
| SHA512 | 58f11ab4715bbfe8f311042f10e932fb2242df96a40b0472618abcd66d4836b503970d8b5f65e1c99deeda7cd9254f99e329faa45b2f1a4b16b79511e8956d36 |
C:\Users\Admin\AppData\Roaming\3delite\Memory Test Toolkit 6.2.4.7\install\1D886E2\images\[email protected]
| MD5 | a417b1ebe3d8c4bdbf63ab7235cfc005 |
| SHA1 | a88c4f44c801dba9621697ec0dba2b8b0d7025b0 |
| SHA256 | ef9b9ab5433c85b8bcc013fa53003a5adce144fb2ef35b74e312be400181b3e4 |
| SHA512 | 7fcf7780ece651ef1d9021d6b61fc050fb7c30fd0681c3dd163a76d9e9cf1f7e22adff6b5bad002a29b4b06d5e234722d406afcc0e880c0bc613d62d5e259139 |
C:\Config.Msi\f769e94.rbs
| MD5 | 461b6c531840a0757ecc373e4923eaf5 |
| SHA1 | b84d77cb742c807b8c0d697db7c7dd5e8a5ebf1d |
| SHA256 | fec6be6604de873d1dfd7acd8451ff2ddb344218d786edc12d1286480908a422 |
| SHA512 | 3516aac180c8ac96d468de83f37843525a8982ee74315826787ea1d3c7d26b89bbfa9be7a976c52775c8285b602de20529ad9dc4bd31f2483e82fc286b9aa881 |
memory/840-739-0x0000000000AA0000-0x000000000135B000-memory.dmp
memory/840-744-0x0000000000AA0000-0x000000000135B000-memory.dmp