Malware Analysis Report

2025-01-02 12:03

Sample ID 221011-c5xeeabecn
Target 88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767
SHA256 88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767
Tags
upx bazarbackdoor backdoor bootkit persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767

Threat Level: Known bad

The file 88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767 was found to be: Known bad.

Malicious Activity Summary

upx bazarbackdoor backdoor bootkit persistence

BazarBackdoor

Bazar/Team9 Backdoor payload

UPX packed file

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Writes to the Master Boot Record (MBR)

Suspicious use of NtSetInformationThreadHideFromDebugger

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-10-11 02:40

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-10-11 02:40

Reported

2022-10-11 02:43

Platform

win7-20220812-en

Max time kernel

78s

Max time network

44s

Command Line

"C:\Users\Admin\AppData\Local\Temp\88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767.exe"

Signatures

BazarBackdoor

backdoor bazarbackdoor

Bazar/Team9 Backdoor payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767.exe

"C:\Users\Admin\AppData\Local\Temp\88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767.exe"

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe

"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe"

Network

N/A

Files

memory/1076-54-0x000007FEFC431000-0x000007FEFC433000-memory.dmp

memory/1076-55-0x0000000140000000-0x0000000140061000-memory.dmp

\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe

MD5 50c1645573e7b9377165d14556db4626
SHA1 cb03f8879a256bf6fa76b80d1f45992af342f752
SHA256 315a7f7d4d58c2a1de599c7eea624fdf1077d7ae2869220b4a589e2167e120b5
SHA512 360246191279a1b875a2afd1a59654a28e2b9dd5b569322d95e5f8839314c4cd837578c450e458a71e6f0e8e7e73575ecafb8a493fc0d50e254fcdcc5f7f2b96

memory/1800-57-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe

MD5 50c1645573e7b9377165d14556db4626
SHA1 cb03f8879a256bf6fa76b80d1f45992af342f752
SHA256 315a7f7d4d58c2a1de599c7eea624fdf1077d7ae2869220b4a589e2167e120b5
SHA512 360246191279a1b875a2afd1a59654a28e2b9dd5b569322d95e5f8839314c4cd837578c450e458a71e6f0e8e7e73575ecafb8a493fc0d50e254fcdcc5f7f2b96

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\VERSION.dll

MD5 16599eb8cab9b4ed39fddba1bd6ca33d
SHA1 6fd05c3e0a823810a69e8a7d119d4f4e69f9fd8c
SHA256 92c122b6e2ce9c6a5a40884d0d999da94c47e7c1b846183c137b3cd77314b647
SHA512 ec360831508ea73d977e1fb14c1ea4336d3c4a783eeb94b3be7bb5cfe241a89d349ff856c466da494a942a5616af4b6e48c51d69c8001bdd42e1cb412c6c69bb

\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\version.dll

MD5 16599eb8cab9b4ed39fddba1bd6ca33d
SHA1 6fd05c3e0a823810a69e8a7d119d4f4e69f9fd8c
SHA256 92c122b6e2ce9c6a5a40884d0d999da94c47e7c1b846183c137b3cd77314b647
SHA512 ec360831508ea73d977e1fb14c1ea4336d3c4a783eeb94b3be7bb5cfe241a89d349ff856c466da494a942a5616af4b6e48c51d69c8001bdd42e1cb412c6c69bb

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\MSIMG32.dll

MD5 2e111b435e8013f5aba504f903a307cf
SHA1 c082e11050a6e4e28c1993a74e64816e71d6fabf
SHA256 2f55d527f6d6d41e8efacf926b4d8428abbcfa173861d526d67709bd6c4f78d2
SHA512 34790015a1e7572cbba1a04a93427acb5c6ae164c4b81cad2fc355fd47664867eebd26f89f6d20d264461940bd95dec5091dbb1ee7c2362b38a1694b84424759

\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\msimg32.dll

MD5 2e111b435e8013f5aba504f903a307cf
SHA1 c082e11050a6e4e28c1993a74e64816e71d6fabf
SHA256 2f55d527f6d6d41e8efacf926b4d8428abbcfa173861d526d67709bd6c4f78d2
SHA512 34790015a1e7572cbba1a04a93427acb5c6ae164c4b81cad2fc355fd47664867eebd26f89f6d20d264461940bd95dec5091dbb1ee7c2362b38a1694b84424759

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe

MD5 50c1645573e7b9377165d14556db4626
SHA1 cb03f8879a256bf6fa76b80d1f45992af342f752
SHA256 315a7f7d4d58c2a1de599c7eea624fdf1077d7ae2869220b4a589e2167e120b5
SHA512 360246191279a1b875a2afd1a59654a28e2b9dd5b569322d95e5f8839314c4cd837578c450e458a71e6f0e8e7e73575ecafb8a493fc0d50e254fcdcc5f7f2b96

memory/1800-65-0x000007FF7D1A0000-0x000007FF7D1A6000-memory.dmp

memory/1800-66-0x0000000037A40000-0x0000000037A50000-memory.dmp

memory/1800-67-0x0000000140000000-0x000000014402F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\Options.ini

MD5 c5a3694ba3529642c79fe2ccd4f00e32
SHA1 d5baf9cd8e5784cc3af58fd7a492e1381ed87514
SHA256 60e5f3abfdf3c2f35c0caee2e0d0523191777931f95bed3f994e577950c89d61
SHA512 7374a9747278292850f15eb5eae9fc7a198adb9a36eba0fe748cdf9bdd7875745e368c585a7ef3bd641903edd6145c1b42ad158612fe3166802131ba2723a0eb

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_arabic.lang

MD5 36e6bd12713cc7ea2ed619492f3a0b36
SHA1 4c9c7553e7b0280d4a06080a55b81d562cae967f
SHA256 88beb58ebd7ef27916eeff1c4e95886006543a9e1c0b40e3d75a0552a7a5dd4a
SHA512 583fdff02d3ecfef6604b8a6f2e60a62d067b7f9d274320e4500019cacc07762b8e606236967ddaad98727731d269b0b9ea4927cbfd412b72817f406ef9b3456

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_dutch.lang

MD5 793d1512888813f57abca0c14d00e008
SHA1 1c410cd16abc2a30cb9f9d1e76dc5562d09c8249
SHA256 d76187550ee2d2b898427e991d170892648abe65b6ce60b413b62b8e87e9b7b7
SHA512 e8277e668f565d52de09dc903a917febe792e388d4ab8df84f4a31a92da2c2446838bc4da70c141726cf8d47b4d7cb10ad04f29d4ef1bfb8b175bcfafff5e443

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_german.lang

MD5 13ee86273ff93e697d6178e81d459569
SHA1 f8f489206a0ece4da3267c7848ee6c0cdd62c261
SHA256 c077a071c1d4ed3b62db0776368d3b58f825f7d460e716245770985b20662d32
SHA512 9f7319ea9b518249a4281c8bb838892c6877d69269521bfda3aa420d69b5f1966aefca4214723f4c14edbb9e979347b3b0f1081587603214e6c31582ea6bfb8c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_french.lang

MD5 db9d40bea550efb174b0b0cde8342f40
SHA1 2fe99a4bbc23ebbccd7d1fd6db33e769e23f3fa1
SHA256 748373d2c75c82b6e00010cef871dfd38095ec721e3551821e5b48180075214f
SHA512 e8cfda67138df0c1d56362e55a6a313b7d913d016d431e43bbe6bb1950a14fa9042f277700736be687f6e3ec0ca8bfba869de06038a3fa15527f873f3f049e65

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_hungarian.lang

MD5 20cb6a53db84e79c542af6cc2e4c1637
SHA1 b046477c76ae89102a2ebea0dfbfb76731b4cb98
SHA256 98a82c56c27ae93243442b9e037d99bd33f1dab9cd85a580274d1a320616f3d4
SHA512 c6088adb738964aae91d46b90eb1c056d6df68b60ab52026518787586eec09b23cdff0a90a94e367efbfeaae69b689af29924d711626848d0ab5c7ff649643a4

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_italian.lang

MD5 04587c0ff9a63ae631d562b73ec4b3a6
SHA1 e31d7b421439d1f7930fe3dc2b02cbe69b0a292d
SHA256 fd3619a3ccc1ae396f9da0445b307b25cc0d0c4a063b7c026add7c76cc314179
SHA512 c7289975ad24b730c7380e3fa3040dc216d31efccd6719d58937e870ee22221f5546aeca1fa0d256ce5aaadd9047876dad08e9f12fc6fa26dbf77403bc678760

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_japanese.lang

MD5 31163ce99a34fa1dd0d533670f1fcf98
SHA1 ae4955292d8496fcb22b4e22506b2bbe7370e312
SHA256 e381e174a933840ae951970c158b8442be2fc4caa9c9573eb6532440fd3b5930
SHA512 35b4282a9fac1f1e1f7c3f50f591c3bbb572685b61b06b00afcafacb6f806a7b89fbb81d6c3fc87c1c73cb3a53bd57a16c6d29e8b5087e84dacf0c543b075a2b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_korean.lang

MD5 2b3a48778aad515d0e0428b0cc2d35ad
SHA1 c04361d21cb91db3a8faeeac85947ad0cb853d11
SHA256 f92b5b909c3366220eb5847c6535a4b75f9fa51a6a475468058dd08509a01579
SHA512 992531c5fc3c28081ac044279b9112f093dda8f4083c1c68b5a5bd9eef6f11d173a4ecb36cff37698b6097f4b8144c205fd62585f90e21b89dac6be8086f25d2

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_polish.lang

MD5 b18e8317c304d45704a2298dcca59e7d
SHA1 d127f5daa2a6dd70f7fb0af9c048226f417b452f
SHA256 c5bed4b6e4fffb864bc5314f81de1f206eadfcffedc75a0cbf0f07c81047ad3a
SHA512 cda33ddd356513b7b3ae37c4483e7ee06005475967e871184079c4ba08430bbdfe0098d09ec476c4d821e7e21fd91b2622587ce70cd33df6048d7997151ca4b6

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_portuguese.lang

MD5 106cfc3c40e4eeca11c4264ec120514f
SHA1 53a418b2fec3eaa171464beb674e93022c0e62f1
SHA256 63029ad335371feefa6f38b35ebeae643efbb369251b9773f212a5b79640507d
SHA512 4ed03e90f223b951e08e3ca5d328e35b1421c40946f918274c5589029d3e80dfafc6f432755607ad269322b8ae36bf44bc59206294b647df1276316345c64c86

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_russian.lang

MD5 df313c0cf1629a0b8ef0155d201f1722
SHA1 4d40f70ee5a40437a22edd29b56e178de42868fa
SHA256 a12b3d675f6eff07c4331a8abf9a4cb3c806618c9c3eb4a7dded4ea39c215f80
SHA512 baa4d64868e65db30d9f5193ef29eb6ef589a0b3f78d153520c464d8dc1248a1db406ea487f762a8a63f6987d117dc8ddd1e6b0ab9f13fe908848beded2d0704

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_spanish.lang

MD5 4366c4286cf305840372aad993c090ca
SHA1 cb357756eca8a52d2c67ec5bf5c5de0ceffbdc47
SHA256 e1dc3882e7308ba76c9ef2887f7355e1d86dce0f2ae506f2a1c98609a4311a77
SHA512 042af06d2c5e79c0b36851b5198cca408ce9cdbc24cbb89898cafa4d09c97b7128f6c0b14419c1570d4af96de358ff4f730c7e238969e8c91cd4abf7dc23db56

\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe

MD5 50c1645573e7b9377165d14556db4626
SHA1 cb03f8879a256bf6fa76b80d1f45992af342f752
SHA256 315a7f7d4d58c2a1de599c7eea624fdf1077d7ae2869220b4a589e2167e120b5
SHA512 360246191279a1b875a2afd1a59654a28e2b9dd5b569322d95e5f8839314c4cd837578c450e458a71e6f0e8e7e73575ecafb8a493fc0d50e254fcdcc5f7f2b96

\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe

MD5 50c1645573e7b9377165d14556db4626
SHA1 cb03f8879a256bf6fa76b80d1f45992af342f752
SHA256 315a7f7d4d58c2a1de599c7eea624fdf1077d7ae2869220b4a589e2167e120b5
SHA512 360246191279a1b875a2afd1a59654a28e2b9dd5b569322d95e5f8839314c4cd837578c450e458a71e6f0e8e7e73575ecafb8a493fc0d50e254fcdcc5f7f2b96

memory/1800-86-0x000007FF7D1A0000-0x000007FF7D1A6000-memory.dmp

memory/1800-87-0x0000000140000000-0x000000014402F000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-10-11 02:40

Reported

2022-10-11 02:43

Platform

win10v2004-20220812-en

Max time kernel

92s

Max time network

160s

Command Line

"C:\Users\Admin\AppData\Local\Temp\88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767.exe"

Signatures

BazarBackdoor

backdoor bazarbackdoor

Bazar/Team9 Backdoor payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767.exe

"C:\Users\Admin\AppData\Local\Temp\88a66e7115caa4c1e11822248a64d8a6da70934dafd382627adde693fd918767.exe"

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe

"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe"

Network

Country Destination Domain Proto
US 8.253.208.112:80 tcp
US 52.168.117.170:443 tcp
NL 178.79.208.1:80 tcp
NL 178.79.208.1:80 tcp
NL 178.79.208.1:80 tcp

Files

memory/1512-132-0x0000000140000000-0x0000000140061000-memory.dmp

memory/4956-133-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe

MD5 50c1645573e7b9377165d14556db4626
SHA1 cb03f8879a256bf6fa76b80d1f45992af342f752
SHA256 315a7f7d4d58c2a1de599c7eea624fdf1077d7ae2869220b4a589e2167e120b5
SHA512 360246191279a1b875a2afd1a59654a28e2b9dd5b569322d95e5f8839314c4cd837578c450e458a71e6f0e8e7e73575ecafb8a493fc0d50e254fcdcc5f7f2b96

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\VERSION.dll

MD5 16599eb8cab9b4ed39fddba1bd6ca33d
SHA1 6fd05c3e0a823810a69e8a7d119d4f4e69f9fd8c
SHA256 92c122b6e2ce9c6a5a40884d0d999da94c47e7c1b846183c137b3cd77314b647
SHA512 ec360831508ea73d977e1fb14c1ea4336d3c4a783eeb94b3be7bb5cfe241a89d349ff856c466da494a942a5616af4b6e48c51d69c8001bdd42e1cb412c6c69bb

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\DiskGenius.exe

MD5 50c1645573e7b9377165d14556db4626
SHA1 cb03f8879a256bf6fa76b80d1f45992af342f752
SHA256 315a7f7d4d58c2a1de599c7eea624fdf1077d7ae2869220b4a589e2167e120b5
SHA512 360246191279a1b875a2afd1a59654a28e2b9dd5b569322d95e5f8839314c4cd837578c450e458a71e6f0e8e7e73575ecafb8a493fc0d50e254fcdcc5f7f2b96

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\MSIMG32.dll

MD5 2e111b435e8013f5aba504f903a307cf
SHA1 c082e11050a6e4e28c1993a74e64816e71d6fabf
SHA256 2f55d527f6d6d41e8efacf926b4d8428abbcfa173861d526d67709bd6c4f78d2
SHA512 34790015a1e7572cbba1a04a93427acb5c6ae164c4b81cad2fc355fd47664867eebd26f89f6d20d264461940bd95dec5091dbb1ee7c2362b38a1694b84424759

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\msimg32.dll

MD5 2e111b435e8013f5aba504f903a307cf
SHA1 c082e11050a6e4e28c1993a74e64816e71d6fabf
SHA256 2f55d527f6d6d41e8efacf926b4d8428abbcfa173861d526d67709bd6c4f78d2
SHA512 34790015a1e7572cbba1a04a93427acb5c6ae164c4b81cad2fc355fd47664867eebd26f89f6d20d264461940bd95dec5091dbb1ee7c2362b38a1694b84424759

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\version.dll

MD5 16599eb8cab9b4ed39fddba1bd6ca33d
SHA1 6fd05c3e0a823810a69e8a7d119d4f4e69f9fd8c
SHA256 92c122b6e2ce9c6a5a40884d0d999da94c47e7c1b846183c137b3cd77314b647
SHA512 ec360831508ea73d977e1fb14c1ea4336d3c4a783eeb94b3be7bb5cfe241a89d349ff856c466da494a942a5616af4b6e48c51d69c8001bdd42e1cb412c6c69bb

memory/4956-140-0x000007FF7D1A0000-0x000007FF7D1A6000-memory.dmp

memory/4956-141-0x00007FF7CC650000-0x00007FF7CC660000-memory.dmp

memory/4956-143-0x0000000140000000-0x000000014402F000-memory.dmp

memory/4956-142-0x0000000140000000-0x000000014402F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_dutch.lang

MD5 793d1512888813f57abca0c14d00e008
SHA1 1c410cd16abc2a30cb9f9d1e76dc5562d09c8249
SHA256 d76187550ee2d2b898427e991d170892648abe65b6ce60b413b62b8e87e9b7b7
SHA512 e8277e668f565d52de09dc903a917febe792e388d4ab8df84f4a31a92da2c2446838bc4da70c141726cf8d47b4d7cb10ad04f29d4ef1bfb8b175bcfafff5e443

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\Options.ini

MD5 c5a3694ba3529642c79fe2ccd4f00e32
SHA1 d5baf9cd8e5784cc3af58fd7a492e1381ed87514
SHA256 60e5f3abfdf3c2f35c0caee2e0d0523191777931f95bed3f994e577950c89d61
SHA512 7374a9747278292850f15eb5eae9fc7a198adb9a36eba0fe748cdf9bdd7875745e368c585a7ef3bd641903edd6145c1b42ad158612fe3166802131ba2723a0eb

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_arabic.lang

MD5 36e6bd12713cc7ea2ed619492f3a0b36
SHA1 4c9c7553e7b0280d4a06080a55b81d562cae967f
SHA256 88beb58ebd7ef27916eeff1c4e95886006543a9e1c0b40e3d75a0552a7a5dd4a
SHA512 583fdff02d3ecfef6604b8a6f2e60a62d067b7f9d274320e4500019cacc07762b8e606236967ddaad98727731d269b0b9ea4927cbfd412b72817f406ef9b3456

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_russian.lang

MD5 df313c0cf1629a0b8ef0155d201f1722
SHA1 4d40f70ee5a40437a22edd29b56e178de42868fa
SHA256 a12b3d675f6eff07c4331a8abf9a4cb3c806618c9c3eb4a7dded4ea39c215f80
SHA512 baa4d64868e65db30d9f5193ef29eb6ef589a0b3f78d153520c464d8dc1248a1db406ea487f762a8a63f6987d117dc8ddd1e6b0ab9f13fe908848beded2d0704

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_spanish.lang

MD5 4366c4286cf305840372aad993c090ca
SHA1 cb357756eca8a52d2c67ec5bf5c5de0ceffbdc47
SHA256 e1dc3882e7308ba76c9ef2887f7355e1d86dce0f2ae506f2a1c98609a4311a77
SHA512 042af06d2c5e79c0b36851b5198cca408ce9cdbc24cbb89898cafa4d09c97b7128f6c0b14419c1570d4af96de358ff4f730c7e238969e8c91cd4abf7dc23db56

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_portuguese.lang

MD5 106cfc3c40e4eeca11c4264ec120514f
SHA1 53a418b2fec3eaa171464beb674e93022c0e62f1
SHA256 63029ad335371feefa6f38b35ebeae643efbb369251b9773f212a5b79640507d
SHA512 4ed03e90f223b951e08e3ca5d328e35b1421c40946f918274c5589029d3e80dfafc6f432755607ad269322b8ae36bf44bc59206294b647df1276316345c64c86

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_polish.lang

MD5 b18e8317c304d45704a2298dcca59e7d
SHA1 d127f5daa2a6dd70f7fb0af9c048226f417b452f
SHA256 c5bed4b6e4fffb864bc5314f81de1f206eadfcffedc75a0cbf0f07c81047ad3a
SHA512 cda33ddd356513b7b3ae37c4483e7ee06005475967e871184079c4ba08430bbdfe0098d09ec476c4d821e7e21fd91b2622587ce70cd33df6048d7997151ca4b6

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_korean.lang

MD5 2b3a48778aad515d0e0428b0cc2d35ad
SHA1 c04361d21cb91db3a8faeeac85947ad0cb853d11
SHA256 f92b5b909c3366220eb5847c6535a4b75f9fa51a6a475468058dd08509a01579
SHA512 992531c5fc3c28081ac044279b9112f093dda8f4083c1c68b5a5bd9eef6f11d173a4ecb36cff37698b6097f4b8144c205fd62585f90e21b89dac6be8086f25d2

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_japanese.lang

MD5 31163ce99a34fa1dd0d533670f1fcf98
SHA1 ae4955292d8496fcb22b4e22506b2bbe7370e312
SHA256 e381e174a933840ae951970c158b8442be2fc4caa9c9573eb6532440fd3b5930
SHA512 35b4282a9fac1f1e1f7c3f50f591c3bbb572685b61b06b00afcafacb6f806a7b89fbb81d6c3fc87c1c73cb3a53bd57a16c6d29e8b5087e84dacf0c543b075a2b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_italian.lang

MD5 04587c0ff9a63ae631d562b73ec4b3a6
SHA1 e31d7b421439d1f7930fe3dc2b02cbe69b0a292d
SHA256 fd3619a3ccc1ae396f9da0445b307b25cc0d0c4a063b7c026add7c76cc314179
SHA512 c7289975ad24b730c7380e3fa3040dc216d31efccd6719d58937e870ee22221f5546aeca1fa0d256ce5aaadd9047876dad08e9f12fc6fa26dbf77403bc678760

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_hungarian.lang

MD5 20cb6a53db84e79c542af6cc2e4c1637
SHA1 b046477c76ae89102a2ebea0dfbfb76731b4cb98
SHA256 98a82c56c27ae93243442b9e037d99bd33f1dab9cd85a580274d1a320616f3d4
SHA512 c6088adb738964aae91d46b90eb1c056d6df68b60ab52026518787586eec09b23cdff0a90a94e367efbfeaae69b689af29924d711626848d0ab5c7ff649643a4

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_german.lang

MD5 13ee86273ff93e697d6178e81d459569
SHA1 f8f489206a0ece4da3267c7848ee6c0cdd62c261
SHA256 c077a071c1d4ed3b62db0776368d3b58f825f7d460e716245770985b20662d32
SHA512 9f7319ea9b518249a4281c8bb838892c6877d69269521bfda3aa420d69b5f1966aefca4214723f4c14edbb9e979347b3b0f1081587603214e6c31582ea6bfb8c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\DiskGenius\lang\Language_french.lang

MD5 db9d40bea550efb174b0b0cde8342f40
SHA1 2fe99a4bbc23ebbccd7d1fd6db33e769e23f3fa1
SHA256 748373d2c75c82b6e00010cef871dfd38095ec721e3551821e5b48180075214f
SHA512 e8cfda67138df0c1d56362e55a6a313b7d913d016d431e43bbe6bb1950a14fa9042f277700736be687f6e3ec0ca8bfba869de06038a3fa15527f873f3f049e65

memory/4956-160-0x000007FF7D1A0000-0x000007FF7D1A6000-memory.dmp

memory/4956-161-0x0000000140000000-0x000000014402F000-memory.dmp

memory/4956-162-0x0000000140000000-0x000000014402F000-memory.dmp