Analysis Overview
SHA256
88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767
Threat Level: Known bad
The file 88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767 was found to be: Known bad.
Malicious Activity Summary
BazarBackdoor
Bazar/Team9 Backdoor payload
UPX packed file
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Writes to the Master Boot Record (MBR)
Suspicious use of NtSetInformationThreadHideFromDebugger
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-10-11 02:40
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2022-10-11 02:40
Reported
2022-10-11 02:43
Platform
win7-20220812-en
Max time kernel
78s
Max time network
44s
Command Line
Signatures
BazarBackdoor
Bazar/Team9 Backdoor payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe | N/A |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe | N/A |
| N/A | N/A | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1076 wrote to memory of 1800 | N/A | C:\Users\Admin\AppData\Local\Temp\88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767.exe | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe |
| PID 1076 wrote to memory of 1800 | N/A | C:\Users\Admin\AppData\Local\Temp\88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767.exe | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe |
| PID 1076 wrote to memory of 1800 | N/A | C:\Users\Admin\AppData\Local\Temp\88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767.exe | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767.exe
"C:\Users\Admin\AppData\Local\Temp\88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767.exe"
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe
"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe"
Network
Files
memory/1076-54-0x000007FEFC431000-0x000007FEFC433000-memory.dmp
memory/1076-55-0x0000000140000000-0x0000000140061000-memory.dmp
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe
| MD5 | 50c1645573e7b9377165d14556db4626 |
| SHA1 | cb03f8879a256bf6fa76b80d1f45992af342f752 |
| SHA256 | 315a7f7d4d58c2a1de599c7eea624fdf1077d7ae2869220b4a589e2167e120b5 |
| SHA512 | 360246191279a1b875a2afd1a59654a28e2b9dd5b569322d95e5f8839314c4cd837578c450e458a71e6f0e8e7e73575ecafb8a493fc0d50e254fcdcc5f7f2b96 |
memory/1800-57-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe
| MD5 | 50c1645573e7b9377165d14556db4626 |
| SHA1 | cb03f8879a256bf6fa76b80d1f45992af342f752 |
| SHA256 | 315a7f7d4d58c2a1de599c7eea624fdf1077d7ae2869220b4a589e2167e120b5 |
| SHA512 | 360246191279a1b875a2afd1a59654a28e2b9dd5b569322d95e5f8839314c4cd837578c450e458a71e6f0e8e7e73575ecafb8a493fc0d50e254fcdcc5f7f2b96 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\VERSION.dll
| MD5 | 16599eb8cab9b4ed39fddba1bd6ca33d |
| SHA1 | 6fd05c3e0a823810a69e8a7d119d4f4e69f9fd8c |
| SHA256 | 92c122b6e2ce9c6a5a40884d0d999da94c47e7c1b846183c137b3cd77314b647 |
| SHA512 | ec360831508ea73d977e1fb14c1ea4336d3c4a783eeb94b3be7bb5cfe241a89d349ff856c466da494a942a5616af4b6e48c51d69c8001bdd42e1cb412c6c69bb |
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\version.dll
| MD5 | 16599eb8cab9b4ed39fddba1bd6ca33d |
| SHA1 | 6fd05c3e0a823810a69e8a7d119d4f4e69f9fd8c |
| SHA256 | 92c122b6e2ce9c6a5a40884d0d999da94c47e7c1b846183c137b3cd77314b647 |
| SHA512 | ec360831508ea73d977e1fb14c1ea4336d3c4a783eeb94b3be7bb5cfe241a89d349ff856c466da494a942a5616af4b6e48c51d69c8001bdd42e1cb412c6c69bb |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\MSIMG32.dll
| MD5 | 2e111b435e8013f5aba504f903a307cf |
| SHA1 | c082e11050a6e4e28c1993a74e64816e71d6fabf |
| SHA256 | 2f55d527f6d6d41e8efacf926b4d8428abbcfa173861d526d67709bd6c4f78d2 |
| SHA512 | 34790015a1e7572cbba1a04a93427acb5c6ae164c4b81cad2fc355fd47664867eebd26f89f6d20d264461940bd95dec5091dbb1ee7c2362b38a1694b84424759 |
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\msimg32.dll
| MD5 | 2e111b435e8013f5aba504f903a307cf |
| SHA1 | c082e11050a6e4e28c1993a74e64816e71d6fabf |
| SHA256 | 2f55d527f6d6d41e8efacf926b4d8428abbcfa173861d526d67709bd6c4f78d2 |
| SHA512 | 34790015a1e7572cbba1a04a93427acb5c6ae164c4b81cad2fc355fd47664867eebd26f89f6d20d264461940bd95dec5091dbb1ee7c2362b38a1694b84424759 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe
| MD5 | 50c1645573e7b9377165d14556db4626 |
| SHA1 | cb03f8879a256bf6fa76b80d1f45992af342f752 |
| SHA256 | 315a7f7d4d58c2a1de599c7eea624fdf1077d7ae2869220b4a589e2167e120b5 |
| SHA512 | 360246191279a1b875a2afd1a59654a28e2b9dd5b569322d95e5f8839314c4cd837578c450e458a71e6f0e8e7e73575ecafb8a493fc0d50e254fcdcc5f7f2b96 |
memory/1800-65-0x000007FF7D1A0000-0x000007FF7D1A6000-memory.dmp
memory/1800-66-0x0000000037A40000-0x0000000037A50000-memory.dmp
memory/1800-67-0x0000000140000000-0x000000014402F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\Options.ini
| MD5 | c5a3694ba3529642c79fe2ccd4f00e32 |
| SHA1 | d5baf9cd8e5784cc3af58fd7a492e1381ed87514 |
| SHA256 | 60e5f3abfdf3c2f35c0caee2e0d0523191777931f95bed3f994e577950c89d61 |
| SHA512 | 7374a9747278292850f15eb5eae9fc7a198adb9a36eba0fe748cdf9bdd7875745e368c585a7ef3bd641903edd6145c1b42ad158612fe3166802131ba2723a0eb |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_arabic.lang
| MD5 | 36e6bd12713cc7ea2ed619492f3a0b36 |
| SHA1 | 4c9c7553e7b0280d4a06080a55b81d562cae967f |
| SHA256 | 88beb58ebd7ef27916eeff1c4e95886006543a9e1c0b40e3d75a0552a7a5dd4a |
| SHA512 | 583fdff02d3ecfef6604b8a6f2e60a62d067b7f9d274320e4500019cacc07762b8e606236967ddaad98727731d269b0b9ea4927cbfd412b72817f406ef9b3456 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_dutch.lang
| MD5 | 793d1512888813f57abca0c14d00e008 |
| SHA1 | 1c410cd16abc2a30cb9f9d1e76dc5562d09c8249 |
| SHA256 | d76187550ee2d2b898427e991d170892648abe65b6ce60b413b62b8e87e9b7b7 |
| SHA512 | e8277e668f565d52de09dc903a917febe792e388d4ab8df84f4a31a92da2c2446838bc4da70c141726cf8d47b4d7cb10ad04f29d4ef1bfb8b175bcfafff5e443 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_german.lang
| MD5 | 13ee86273ff93e697d6178e81d459569 |
| SHA1 | f8f489206a0ece4da3267c7848ee6c0cdd62c261 |
| SHA256 | c077a071c1d4ed3b62db0776368d3b58f825f7d460e716245770985b20662d32 |
| SHA512 | 9f7319ea9b518249a4281c8bb838892c6877d69269521bfda3aa420d69b5f1966aefca4214723f4c14edbb9e979347b3b0f1081587603214e6c31582ea6bfb8c |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_french.lang
| MD5 | db9d40bea550efb174b0b0cde8342f40 |
| SHA1 | 2fe99a4bbc23ebbccd7d1fd6db33e769e23f3fa1 |
| SHA256 | 748373d2c75c82b6e00010cef871dfd38095ec721e3551821e5b48180075214f |
| SHA512 | e8cfda67138df0c1d56362e55a6a313b7d913d016d431e43bbe6bb1950a14fa9042f277700736be687f6e3ec0ca8bfba869de06038a3fa15527f873f3f049e65 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_hungarian.lang
| MD5 | 20cb6a53db84e79c542af6cc2e4c1637 |
| SHA1 | b046477c76ae89102a2ebea0dfbfb76731b4cb98 |
| SHA256 | 98a82c56c27ae93243442b9e037d99bd33f1dab9cd85a580274d1a320616f3d4 |
| SHA512 | c6088adb738964aae91d46b90eb1c056d6df68b60ab52026518787586eec09b23cdff0a90a94e367efbfeaae69b689af29924d711626848d0ab5c7ff649643a4 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_italian.lang
| MD5 | 04587c0ff9a63ae631d562b73ec4b3a6 |
| SHA1 | e31d7b421439d1f7930fe3dc2b02cbe69b0a292d |
| SHA256 | fd3619a3ccc1ae396f9da0445b307b25cc0d0c4a063b7c026add7c76cc314179 |
| SHA512 | c7289975ad24b730c7380e3fa3040dc216d31efccd6719d58937e870ee22221f5546aeca1fa0d256ce5aaadd9047876dad08e9f12fc6fa26dbf77403bc678760 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_japanese.lang
| MD5 | 31163ce99a34fa1dd0d533670f1fcf98 |
| SHA1 | ae4955292d8496fcb22b4e22506b2bbe7370e312 |
| SHA256 | e381e174a933840ae951970c158b8442be2fc4caa9c9573eb6532440fd3b5930 |
| SHA512 | 35b4282a9fac1f1e1f7c3f50f591c3bbb572685b61b06b00afcafacb6f806a7b89fbb81d6c3fc87c1c73cb3a53bd57a16c6d29e8b5087e84dacf0c543b075a2b |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_korean.lang
| MD5 | 2b3a48778aad515d0e0428b0cc2d35ad |
| SHA1 | c04361d21cb91db3a8faeeac85947ad0cb853d11 |
| SHA256 | f92b5b909c3366220eb5847c6535a4b75f9fa51a6a475468058dd08509a01579 |
| SHA512 | 992531c5fc3c28081ac044279b9112f093dda8f4083c1c68b5a5bd9eef6f11d173a4ecb36cff37698b6097f4b8144c205fd62585f90e21b89dac6be8086f25d2 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_polish.lang
| MD5 | b18e8317c304d45704a2298dcca59e7d |
| SHA1 | d127f5daa2a6dd70f7fb0af9c048226f417b452f |
| SHA256 | c5bed4b6e4fffb864bc5314f81de1f206eadfcffedc75a0cbf0f07c81047ad3a |
| SHA512 | cda33ddd356513b7b3ae37c4483e7ee06005475967e871184079c4ba08430bbdfe0098d09ec476c4d821e7e21fd91b2622587ce70cd33df6048d7997151ca4b6 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_portuguese.lang
| MD5 | 106cfc3c40e4eeca11c4264ec120514f |
| SHA1 | 53a418b2fec3eaa171464beb674e93022c0e62f1 |
| SHA256 | 63029ad335371feefa6f38b35ebeae643efbb369251b9773f212a5b79640507d |
| SHA512 | 4ed03e90f223b951e08e3ca5d328e35b1421c40946f918274c5589029d3e80dfafc6f432755607ad269322b8ae36bf44bc59206294b647df1276316345c64c86 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_russian.lang
| MD5 | df313c0cf1629a0b8ef0155d201f1722 |
| SHA1 | 4d40f70ee5a40437a22edd29b56e178de42868fa |
| SHA256 | a12b3d675f6eff07c4331a8abf9a4cb3c806618c9c3eb4a7dded4ea39c215f80 |
| SHA512 | baa4d64868e65db30d9f5193ef29eb6ef589a0b3f78d153520c464d8dc1248a1db406ea487f762a8a63f6987d117dc8ddd1e6b0ab9f13fe908848beded2d0704 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_spanish.lang
| MD5 | 4366c4286cf305840372aad993c090ca |
| SHA1 | cb357756eca8a52d2c67ec5bf5c5de0ceffbdc47 |
| SHA256 | e1dc3882e7308ba76c9ef2887f7355e1d86dce0f2ae506f2a1c98609a4311a77 |
| SHA512 | 042af06d2c5e79c0b36851b5198cca408ce9cdbc24cbb89898cafa4d09c97b7128f6c0b14419c1570d4af96de358ff4f730c7e238969e8c91cd4abf7dc23db56 |
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe
| MD5 | 50c1645573e7b9377165d14556db4626 |
| SHA1 | cb03f8879a256bf6fa76b80d1f45992af342f752 |
| SHA256 | 315a7f7d4d58c2a1de599c7eea624fdf1077d7ae2869220b4a589e2167e120b5 |
| SHA512 | 360246191279a1b875a2afd1a59654a28e2b9dd5b569322d95e5f8839314c4cd837578c450e458a71e6f0e8e7e73575ecafb8a493fc0d50e254fcdcc5f7f2b96 |
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe
| MD5 | 50c1645573e7b9377165d14556db4626 |
| SHA1 | cb03f8879a256bf6fa76b80d1f45992af342f752 |
| SHA256 | 315a7f7d4d58c2a1de599c7eea624fdf1077d7ae2869220b4a589e2167e120b5 |
| SHA512 | 360246191279a1b875a2afd1a59654a28e2b9dd5b569322d95e5f8839314c4cd837578c450e458a71e6f0e8e7e73575ecafb8a493fc0d50e254fcdcc5f7f2b96 |
memory/1800-86-0x000007FF7D1A0000-0x000007FF7D1A6000-memory.dmp
memory/1800-87-0x0000000140000000-0x000000014402F000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-10-11 02:40
Reported
2022-10-11 02:43
Platform
win10v2004-20220812-en
Max time kernel
92s
Max time network
160s
Command Line
Signatures
BazarBackdoor
Bazar/Team9 Backdoor payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1512 wrote to memory of 4956 | N/A | C:\Users\Admin\AppData\Local\Temp\88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767.exe | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe |
| PID 1512 wrote to memory of 4956 | N/A | C:\Users\Admin\AppData\Local\Temp\88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767.exe | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767.exe
"C:\Users\Admin\AppData\Local\Temp\88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767.exe"
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe
"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.253.208.112:80 | tcp | |
| US | 52.168.117.170:443 | tcp | |
| NL | 178.79.208.1:80 | tcp | |
| NL | 178.79.208.1:80 | tcp | |
| NL | 178.79.208.1:80 | tcp |
Files
memory/1512-132-0x0000000140000000-0x0000000140061000-memory.dmp
memory/4956-133-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe
| MD5 | 50c1645573e7b9377165d14556db4626 |
| SHA1 | cb03f8879a256bf6fa76b80d1f45992af342f752 |
| SHA256 | 315a7f7d4d58c2a1de599c7eea624fdf1077d7ae2869220b4a589e2167e120b5 |
| SHA512 | 360246191279a1b875a2afd1a59654a28e2b9dd5b569322d95e5f8839314c4cd837578c450e458a71e6f0e8e7e73575ecafb8a493fc0d50e254fcdcc5f7f2b96 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\VERSION.dll
| MD5 | 16599eb8cab9b4ed39fddba1bd6ca33d |
| SHA1 | 6fd05c3e0a823810a69e8a7d119d4f4e69f9fd8c |
| SHA256 | 92c122b6e2ce9c6a5a40884d0d999da94c47e7c1b846183c137b3cd77314b647 |
| SHA512 | ec360831508ea73d977e1fb14c1ea4336d3c4a783eeb94b3be7bb5cfe241a89d349ff856c466da494a942a5616af4b6e48c51d69c8001bdd42e1cb412c6c69bb |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe
| MD5 | 50c1645573e7b9377165d14556db4626 |
| SHA1 | cb03f8879a256bf6fa76b80d1f45992af342f752 |
| SHA256 | 315a7f7d4d58c2a1de599c7eea624fdf1077d7ae2869220b4a589e2167e120b5 |
| SHA512 | 360246191279a1b875a2afd1a59654a28e2b9dd5b569322d95e5f8839314c4cd837578c450e458a71e6f0e8e7e73575ecafb8a493fc0d50e254fcdcc5f7f2b96 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\MSIMG32.dll
| MD5 | 2e111b435e8013f5aba504f903a307cf |
| SHA1 | c082e11050a6e4e28c1993a74e64816e71d6fabf |
| SHA256 | 2f55d527f6d6d41e8efacf926b4d8428abbcfa173861d526d67709bd6c4f78d2 |
| SHA512 | 34790015a1e7572cbba1a04a93427acb5c6ae164c4b81cad2fc355fd47664867eebd26f89f6d20d264461940bd95dec5091dbb1ee7c2362b38a1694b84424759 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\msimg32.dll
| MD5 | 2e111b435e8013f5aba504f903a307cf |
| SHA1 | c082e11050a6e4e28c1993a74e64816e71d6fabf |
| SHA256 | 2f55d527f6d6d41e8efacf926b4d8428abbcfa173861d526d67709bd6c4f78d2 |
| SHA512 | 34790015a1e7572cbba1a04a93427acb5c6ae164c4b81cad2fc355fd47664867eebd26f89f6d20d264461940bd95dec5091dbb1ee7c2362b38a1694b84424759 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\version.dll
| MD5 | 16599eb8cab9b4ed39fddba1bd6ca33d |
| SHA1 | 6fd05c3e0a823810a69e8a7d119d4f4e69f9fd8c |
| SHA256 | 92c122b6e2ce9c6a5a40884d0d999da94c47e7c1b846183c137b3cd77314b647 |
| SHA512 | ec360831508ea73d977e1fb14c1ea4336d3c4a783eeb94b3be7bb5cfe241a89d349ff856c466da494a942a5616af4b6e48c51d69c8001bdd42e1cb412c6c69bb |
memory/4956-140-0x000007FF7D1A0000-0x000007FF7D1A6000-memory.dmp
memory/4956-141-0x00007FF7CC650000-0x00007FF7CC660000-memory.dmp
memory/4956-143-0x0000000140000000-0x000000014402F000-memory.dmp
memory/4956-142-0x0000000140000000-0x000000014402F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_dutch.lang
| MD5 | 793d1512888813f57abca0c14d00e008 |
| SHA1 | 1c410cd16abc2a30cb9f9d1e76dc5562d09c8249 |
| SHA256 | d76187550ee2d2b898427e991d170892648abe65b6ce60b413b62b8e87e9b7b7 |
| SHA512 | e8277e668f565d52de09dc903a917febe792e388d4ab8df84f4a31a92da2c2446838bc4da70c141726cf8d47b4d7cb10ad04f29d4ef1bfb8b175bcfafff5e443 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\Options.ini
| MD5 | c5a3694ba3529642c79fe2ccd4f00e32 |
| SHA1 | d5baf9cd8e5784cc3af58fd7a492e1381ed87514 |
| SHA256 | 60e5f3abfdf3c2f35c0caee2e0d0523191777931f95bed3f994e577950c89d61 |
| SHA512 | 7374a9747278292850f15eb5eae9fc7a198adb9a36eba0fe748cdf9bdd7875745e368c585a7ef3bd641903edd6145c1b42ad158612fe3166802131ba2723a0eb |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_arabic.lang
| MD5 | 36e6bd12713cc7ea2ed619492f3a0b36 |
| SHA1 | 4c9c7553e7b0280d4a06080a55b81d562cae967f |
| SHA256 | 88beb58ebd7ef27916eeff1c4e95886006543a9e1c0b40e3d75a0552a7a5dd4a |
| SHA512 | 583fdff02d3ecfef6604b8a6f2e60a62d067b7f9d274320e4500019cacc07762b8e606236967ddaad98727731d269b0b9ea4927cbfd412b72817f406ef9b3456 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_russian.lang
| MD5 | df313c0cf1629a0b8ef0155d201f1722 |
| SHA1 | 4d40f70ee5a40437a22edd29b56e178de42868fa |
| SHA256 | a12b3d675f6eff07c4331a8abf9a4cb3c806618c9c3eb4a7dded4ea39c215f80 |
| SHA512 | baa4d64868e65db30d9f5193ef29eb6ef589a0b3f78d153520c464d8dc1248a1db406ea487f762a8a63f6987d117dc8ddd1e6b0ab9f13fe908848beded2d0704 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_spanish.lang
| MD5 | 4366c4286cf305840372aad993c090ca |
| SHA1 | cb357756eca8a52d2c67ec5bf5c5de0ceffbdc47 |
| SHA256 | e1dc3882e7308ba76c9ef2887f7355e1d86dce0f2ae506f2a1c98609a4311a77 |
| SHA512 | 042af06d2c5e79c0b36851b5198cca408ce9cdbc24cbb89898cafa4d09c97b7128f6c0b14419c1570d4af96de358ff4f730c7e238969e8c91cd4abf7dc23db56 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_portuguese.lang
| MD5 | 106cfc3c40e4eeca11c4264ec120514f |
| SHA1 | 53a418b2fec3eaa171464beb674e93022c0e62f1 |
| SHA256 | 63029ad335371feefa6f38b35ebeae643efbb369251b9773f212a5b79640507d |
| SHA512 | 4ed03e90f223b951e08e3ca5d328e35b1421c40946f918274c5589029d3e80dfafc6f432755607ad269322b8ae36bf44bc59206294b647df1276316345c64c86 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_polish.lang
| MD5 | b18e8317c304d45704a2298dcca59e7d |
| SHA1 | d127f5daa2a6dd70f7fb0af9c048226f417b452f |
| SHA256 | c5bed4b6e4fffb864bc5314f81de1f206eadfcffedc75a0cbf0f07c81047ad3a |
| SHA512 | cda33ddd356513b7b3ae37c4483e7ee06005475967e871184079c4ba08430bbdfe0098d09ec476c4d821e7e21fd91b2622587ce70cd33df6048d7997151ca4b6 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_korean.lang
| MD5 | 2b3a48778aad515d0e0428b0cc2d35ad |
| SHA1 | c04361d21cb91db3a8faeeac85947ad0cb853d11 |
| SHA256 | f92b5b909c3366220eb5847c6535a4b75f9fa51a6a475468058dd08509a01579 |
| SHA512 | 992531c5fc3c28081ac044279b9112f093dda8f4083c1c68b5a5bd9eef6f11d173a4ecb36cff37698b6097f4b8144c205fd62585f90e21b89dac6be8086f25d2 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_japanese.lang
| MD5 | 31163ce99a34fa1dd0d533670f1fcf98 |
| SHA1 | ae4955292d8496fcb22b4e22506b2bbe7370e312 |
| SHA256 | e381e174a933840ae951970c158b8442be2fc4caa9c9573eb6532440fd3b5930 |
| SHA512 | 35b4282a9fac1f1e1f7c3f50f591c3bbb572685b61b06b00afcafacb6f806a7b89fbb81d6c3fc87c1c73cb3a53bd57a16c6d29e8b5087e84dacf0c543b075a2b |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_italian.lang
| MD5 | 04587c0ff9a63ae631d562b73ec4b3a6 |
| SHA1 | e31d7b421439d1f7930fe3dc2b02cbe69b0a292d |
| SHA256 | fd3619a3ccc1ae396f9da0445b307b25cc0d0c4a063b7c026add7c76cc314179 |
| SHA512 | c7289975ad24b730c7380e3fa3040dc216d31efccd6719d58937e870ee22221f5546aeca1fa0d256ce5aaadd9047876dad08e9f12fc6fa26dbf77403bc678760 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_hungarian.lang
| MD5 | 20cb6a53db84e79c542af6cc2e4c1637 |
| SHA1 | b046477c76ae89102a2ebea0dfbfb76731b4cb98 |
| SHA256 | 98a82c56c27ae93243442b9e037d99bd33f1dab9cd85a580274d1a320616f3d4 |
| SHA512 | c6088adb738964aae91d46b90eb1c056d6df68b60ab52026518787586eec09b23cdff0a90a94e367efbfeaae69b689af29924d711626848d0ab5c7ff649643a4 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_german.lang
| MD5 | 13ee86273ff93e697d6178e81d459569 |
| SHA1 | f8f489206a0ece4da3267c7848ee6c0cdd62c261 |
| SHA256 | c077a071c1d4ed3b62db0776368d3b58f825f7d460e716245770985b20662d32 |
| SHA512 | 9f7319ea9b518249a4281c8bb838892c6877d69269521bfda3aa420d69b5f1966aefca4214723f4c14edbb9e979347b3b0f1081587603214e6c31582ea6bfb8c |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_french.lang
| MD5 | db9d40bea550efb174b0b0cde8342f40 |
| SHA1 | 2fe99a4bbc23ebbccd7d1fd6db33e769e23f3fa1 |
| SHA256 | 748373d2c75c82b6e00010cef871dfd38095ec721e3551821e5b48180075214f |
| SHA512 | e8cfda67138df0c1d56362e55a6a313b7d913d016d431e43bbe6bb1950a14fa9042f277700736be687f6e3ec0ca8bfba869de06038a3fa15527f873f3f049e65 |
memory/4956-160-0x000007FF7D1A0000-0x000007FF7D1A6000-memory.dmp
memory/4956-161-0x0000000140000000-0x000000014402F000-memory.dmp
memory/4956-162-0x0000000140000000-0x000000014402F000-memory.dmp