7eae2737c72a73443f9f473c6eacd12b63e1a48acc37a4ab94c2b12a121620bf

Analysis

max time kernel
49s
max time network
58s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2023, 01:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AOMEI Partition Assistant 9.13.1 TE.exe
Size

31.4MB
MD5

2d32ebb9ed396390d62ead074ea08b35
SHA1

0b9ef7f639bf26d8c14b03ed87cd0d69a308916c
SHA256

7eae2737c72a73443f9f473c6eacd12b63e1a48acc37a4ab94c2b12a121620bf
SHA512

1fb7018fd4d994e7943ddaa8619d23b33b30716053cb63710df1e13c491a3f76637e4f750089eca0f22d50a06c456782bfd306cc37a8a2ca0a7ae57f63089b48
SSDEEP

786432:oSOKZJymumtv/Z+D8U+r98dfZBGvjx1sRkdn:pZJ8uZI0uZBG7iKn

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 6 IoCs

pid	Process
444	AOMEI Partition Assistant 9.13.1 TE.tmp
4864	loaddrv.exe
4276	loaddrv.exe
2848	loaddrv.exe
2256	loaddrv.exe
4628	path.exe

Loads dropped DLL 4 IoCs

pid	Process
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x0008000000022e43-197.dat	autoit_exe
behavioral1/files/0x0008000000022e43-198.dat	autoit_exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\is-IBSSM.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Windows\system32\is-970MH.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\AOMEI Partition Assistant\x64\html\img\is-R7JT0.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\doc\is-U6LM2.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\html\img\is-V127S.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\x64\html\img\is-U447D.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\x64\html\img\is-JIAQG.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\Image\is-CDANO.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\x64\html\img\is-8OITA.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\x64\html\img\is-QEKIT.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\x64\is-G8HQ2.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File opened for modification	C:\Program Files (x86)\AOMEI Partition Assistant\x64\UpgradeShow.dll	AOMEI Partition Assistant 9.13.1 TE.tmp
File opened for modification	C:\Program Files (x86)\AOMEI Partition Assistant\ddm\DDM.exe	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\doc\is-LFE0M.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\html\img\is-FM4IA.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\is-MJVC8.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\doc\is-D73F9.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\x64\is-5HLAI.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\x64\lang\is-J0HF2.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\x64\html\img\is-LF1OQ.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\x64\is-69F7H.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\is-UASKT.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\html\img\is-RLC59.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\html\img\is-J14PI.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\x64\lang\is-39HG0.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\x64\html\img\is-IDE0Q.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\ddm\doc\images\is-3PODB.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File opened for modification	C:\Program Files (x86)\AOMEI Partition Assistant\UninstallFB.exe	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\html\img\is-CAR41.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\x64\html\img\is-VHOIF.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\x64\html\img\is-HRE73.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File opened for modification	C:\Program Files (x86)\AOMEI Partition Assistant\WimMgr.dll	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\x64\html\img\is-3I2G4.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\x64\html\is-GEHQL.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\ddm\doc\is-3VFCU.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\doc\is-NG4IC.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\html\img\is-93KCC.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\html\img\is-CAURN.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\lang\is-C1M0L.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\is-1QJ21.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\x64\html\img\is-R1MK6.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\x64\html\img\is-LUJE6.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File opened for modification	C:\Program Files (x86)\AOMEI Partition Assistant\x64\wimgapi.dll	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\doc\is-ONV90.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\html\img\is-LBVQO.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\lang\is-E7FH7.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\is-R0CKM.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\html\.idea\is-BER5T.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\html\img\is-41IKA.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File opened for modification	C:\Program Files (x86)\AOMEI Partition Assistant\DiskInfo.dll	AOMEI Partition Assistant 9.13.1 TE.tmp
File opened for modification	C:\Program Files (x86)\AOMEI Partition Assistant\DTF.exe	AOMEI Partition Assistant 9.13.1 TE.tmp
File opened for modification	C:\Program Files (x86)\AOMEI Partition Assistant\GaHlp.exe	AOMEI Partition Assistant 9.13.1 TE.tmp
File opened for modification	C:\Program Files (x86)\AOMEI Partition Assistant\x64\GptBcd.dll	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\is-M7NBA.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\html\img\is-7HOLA.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\x64\html\img\is-IQU4P.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\x64\html\img\is-FTVHU.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\x64\html\is-4NUSC.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\x64\is-O4F50.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\ddm\doc\is-47VMM.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\doc\is-A0OP4.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\doc\is-MI4P2.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\doc\is-JD2EU.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\html\img\is-0APD8.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File opened for modification	C:\Program Files (x86)\AOMEI Partition Assistant\SnapshotMgr.dll	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Program Files (x86)\AOMEI Partition Assistant\html\img\is-D703Q.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\ampa.exe	AOMEI Partition Assistant 9.13.1 TE.tmp
File opened for modification	C:\Windows\ddmmain.exe	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Windows\is-83TCQ.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp
File created	C:\Windows\is-SUKI2.tmp	AOMEI Partition Assistant 9.13.1 TE.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Runs .reg file with regedit 1 IoCs

pid	Process
4772	regedit.exe

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
652	Process not Found
652	Process not Found

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
444	AOMEI Partition Assistant 9.13.1 TE.tmp
4628	path.exe
4628	path.exe
4628	path.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4628	path.exe
4628	path.exe
4628	path.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp
444	AOMEI Partition Assistant 9.13.1 TE.tmp

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 444	2100	AOMEI Partition Assistant 9.13.1 TE.exe	82
PID 2100 wrote to memory of 444	2100	AOMEI Partition Assistant 9.13.1 TE.exe	82
PID 2100 wrote to memory of 444	2100	AOMEI Partition Assistant 9.13.1 TE.exe	82
PID 444 wrote to memory of 4864	444	AOMEI Partition Assistant 9.13.1 TE.tmp	91
PID 444 wrote to memory of 4864	444	AOMEI Partition Assistant 9.13.1 TE.tmp	91
PID 444 wrote to memory of 4276	444	AOMEI Partition Assistant 9.13.1 TE.tmp	92
PID 444 wrote to memory of 4276	444	AOMEI Partition Assistant 9.13.1 TE.tmp	92
PID 444 wrote to memory of 2848	444	AOMEI Partition Assistant 9.13.1 TE.tmp	93
PID 444 wrote to memory of 2848	444	AOMEI Partition Assistant 9.13.1 TE.tmp	93
PID 444 wrote to memory of 2256	444	AOMEI Partition Assistant 9.13.1 TE.tmp	94
PID 444 wrote to memory of 2256	444	AOMEI Partition Assistant 9.13.1 TE.tmp	94
PID 444 wrote to memory of 4772	444	AOMEI Partition Assistant 9.13.1 TE.tmp	95
PID 444 wrote to memory of 4772	444	AOMEI Partition Assistant 9.13.1 TE.tmp	95
PID 444 wrote to memory of 4772	444	AOMEI Partition Assistant 9.13.1 TE.tmp	95
PID 444 wrote to memory of 4628	444	AOMEI Partition Assistant 9.13.1 TE.tmp	96
PID 444 wrote to memory of 4628	444	AOMEI Partition Assistant 9.13.1 TE.tmp	96
PID 444 wrote to memory of 4628	444	AOMEI Partition Assistant 9.13.1 TE.tmp	96

C:\Users\Admin\AppData\Local\Temp\AOMEI Partition Assistant 9.13.1 TE.exe
"C:\Users\Admin\AppData\Local\Temp\AOMEI Partition Assistant 9.13.1 TE.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Users\Admin\AppData\Local\Temp\is-1GFT0.tmp\AOMEI Partition Assistant 9.13.1 TE.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-1GFT0.tmp\AOMEI Partition Assistant 9.13.1 TE.tmp" /SL5="$10004A,32561984,67072,C:\Users\Admin\AppData\Local\Temp\AOMEI Partition Assistant 9.13.1 TE.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:444
- - C:\Program Files (x86)\AOMEI Partition Assistant\loaddrv.exe
    "C:\Program Files (x86)\AOMEI Partition Assistant\loaddrv.exe" -u
    3⤵
    - Executes dropped EXE
    PID:4864
- - C:\Program Files (x86)\AOMEI Partition Assistant\loaddrv.exe
    "C:\Program Files (x86)\AOMEI Partition Assistant\loaddrv.exe"
    3⤵
    - Executes dropped EXE
    PID:4276
- - C:\Program Files (x86)\AOMEI Partition Assistant\ddm\loaddrv.exe
    "C:\Program Files (x86)\AOMEI Partition Assistant\ddm\loaddrv.exe" -u
    3⤵
    - Executes dropped EXE
    PID:2848
- - C:\Program Files (x86)\AOMEI Partition Assistant\ddm\loaddrv.exe
    "C:\Program Files (x86)\AOMEI Partition Assistant\ddm\loaddrv.exe"
    3⤵
    - Executes dropped EXE
    PID:2256
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\settings.reg"
    3⤵
    - Runs .reg file with regedit
    PID:4772
- - C:\Users\Admin\AppData\Local\Temp\is-A08F6.tmp\path.exe
    "C:\Users\Admin\AppData\Local\Temp\is-A08F6.tmp\path.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:4628

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\AOMEI Partition Assistant\ddm\loaddrv.exe

Filesize
81KB

MD5
82bd642630764da26dc936a7b55717e9

SHA1
32dc58cfc5c2188d93bba1282c5053c20696774b

SHA256
7bbdc868ae2044ec18d3e3ed921dbee08aef2a46b0b5ca61511041620b7bd1a8

SHA512
df600acef2dce6cb2e496736d567ef1de89cd9fdc0b461a36a11ba1212dd6b245b81193512fa6ee2e6b69f8231a0cf8e5f85c712ecc4929dbc5a4f240f9e786d

Download Submit
C:\Program Files (x86)\AOMEI Partition Assistant\ddm\loaddrv.exe

Filesize
81KB

MD5
82bd642630764da26dc936a7b55717e9

SHA1
32dc58cfc5c2188d93bba1282c5053c20696774b

SHA256
7bbdc868ae2044ec18d3e3ed921dbee08aef2a46b0b5ca61511041620b7bd1a8

SHA512
df600acef2dce6cb2e496736d567ef1de89cd9fdc0b461a36a11ba1212dd6b245b81193512fa6ee2e6b69f8231a0cf8e5f85c712ecc4929dbc5a4f240f9e786d

Download Submit
C:\Program Files (x86)\AOMEI Partition Assistant\ddm\loaddrv.exe

Filesize
81KB

MD5
82bd642630764da26dc936a7b55717e9

SHA1
32dc58cfc5c2188d93bba1282c5053c20696774b

SHA256
7bbdc868ae2044ec18d3e3ed921dbee08aef2a46b0b5ca61511041620b7bd1a8

SHA512
df600acef2dce6cb2e496736d567ef1de89cd9fdc0b461a36a11ba1212dd6b245b81193512fa6ee2e6b69f8231a0cf8e5f85c712ecc4929dbc5a4f240f9e786d

Download Submit
C:\Program Files (x86)\AOMEI Partition Assistant\loaddrv.exe

Filesize
81KB

MD5
2580b3451f13144d9d1c77f9c90733a3

SHA1
e68c7ea8017b501a37d4095556161263bc0fd0ef

SHA256
d90631fec9db3b16c62567fe50ca14422e41b8e4d9af78a0c4129750230787f0

SHA512
a973e580043edf562ab099a986a8d38ee4839216758435fb52dfaa0c3f1eee60f85a2063ac6ebefcef4d2bc21c2f5c7d1b624912ebe1f2c3ca6cec1082c3a3ab

Download Submit
C:\Program Files (x86)\AOMEI Partition Assistant\loaddrv.exe

Filesize
81KB

MD5
2580b3451f13144d9d1c77f9c90733a3

SHA1
e68c7ea8017b501a37d4095556161263bc0fd0ef

SHA256
d90631fec9db3b16c62567fe50ca14422e41b8e4d9af78a0c4129750230787f0

SHA512
a973e580043edf562ab099a986a8d38ee4839216758435fb52dfaa0c3f1eee60f85a2063ac6ebefcef4d2bc21c2f5c7d1b624912ebe1f2c3ca6cec1082c3a3ab

Download Submit
C:\Program Files (x86)\AOMEI Partition Assistant\loaddrv.exe

Filesize
81KB

MD5
2580b3451f13144d9d1c77f9c90733a3

SHA1
e68c7ea8017b501a37d4095556161263bc0fd0ef

SHA256
d90631fec9db3b16c62567fe50ca14422e41b8e4d9af78a0c4129750230787f0

SHA512
a973e580043edf562ab099a986a8d38ee4839216758435fb52dfaa0c3f1eee60f85a2063ac6ebefcef4d2bc21c2f5c7d1b624912ebe1f2c3ca6cec1082c3a3ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1GFT0.tmp\AOMEI Partition Assistant 9.13.1 TE.tmp

Filesize
913KB

MD5
dcf32d9a37d724112fa6203804404b73

SHA1
291f264d8ead21086c47815c546abba0390c7a41

SHA256
90a899b40d73a12d5991c7a66fec55d5b284e295cb921a8dc5a964eb0eda836d

SHA512
bfd24ad9a11c2caa65c1629d1d9a5b00e10dd5b0f88776ffc18041f521b1ab853df4975fac11695f60a1e12b19f9b8c4de04dba82bdbbdcd83e0587aa2f9e518

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1GFT0.tmp\AOMEI Partition Assistant 9.13.1 TE.tmp

Filesize
913KB

MD5
dcf32d9a37d724112fa6203804404b73

SHA1
291f264d8ead21086c47815c546abba0390c7a41

SHA256
90a899b40d73a12d5991c7a66fec55d5b284e295cb921a8dc5a964eb0eda836d

SHA512
bfd24ad9a11c2caa65c1629d1d9a5b00e10dd5b0f88776ffc18041f521b1ab853df4975fac11695f60a1e12b19f9b8c4de04dba82bdbbdcd83e0587aa2f9e518

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-A08F6.tmp\ISTask.dll

Filesize
66KB

MD5
86a1311d51c00b278cb7f27796ea442e

SHA1
ac08ac9d08f8f5380e2a9a65f4117862aa861a19

SHA256
e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d

SHA512
129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-A08F6.tmp\ISTask.dll

Filesize
66KB

MD5
86a1311d51c00b278cb7f27796ea442e

SHA1
ac08ac9d08f8f5380e2a9a65f4117862aa861a19

SHA256
e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d

SHA512
129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-A08F6.tmp\VclStylesInno.dll

Filesize
3.0MB

MD5
b0ca93ceb050a2feff0b19e65072bbb5

SHA1
7ebbbbe2d2acd8fd516f824338d254a33b69f08d

SHA256
0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246

SHA512
37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-A08F6.tmp\VclStylesInno.dll

Filesize
3.0MB

MD5
b0ca93ceb050a2feff0b19e65072bbb5

SHA1
7ebbbbe2d2acd8fd516f824338d254a33b69f08d

SHA256
0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246

SHA512
37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-A08F6.tmp\path.exe

Filesize
631KB

MD5
ce4576388e44cd74c3590fbbc988ba94

SHA1
cd949eae19f8dd941b9842426bb70d855467c10f

SHA256
bc86571f16f95450dea2fd9c74d3576308627d0336d5b4d600ed96671077c062

SHA512
53d537376c295b12479abb6f312973eb137b3cc825403986ce70dbab1f72fd8bdf85c2c626c3e5c2558103510feda18acc55c282a9eb44255d07bc3c6112e63b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-A08F6.tmp\path.exe

Filesize
631KB

MD5
ce4576388e44cd74c3590fbbc988ba94

SHA1
cd949eae19f8dd941b9842426bb70d855467c10f

SHA256
bc86571f16f95450dea2fd9c74d3576308627d0336d5b4d600ed96671077c062

SHA512
53d537376c295b12479abb6f312973eb137b3cc825403986ce70dbab1f72fd8bdf85c2c626c3e5c2558103510feda18acc55c282a9eb44255d07bc3c6112e63b

Download Submit
memory/444-150-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-175-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-149-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-199-0x0000000007481000-0x000000000770F000-memory.dmp

Filesize
2.6MB

Download
memory/444-151-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-152-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-153-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-154-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-155-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-156-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-157-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-158-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-159-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-160-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-161-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-162-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-163-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-164-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-165-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-166-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-167-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-168-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-170-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-171-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-172-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-169-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-174-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-148-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-173-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-176-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-178-0x0000000007481000-0x000000000770F000-memory.dmp

Filesize
2.6MB

Download
memory/444-177-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-179-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-180-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-181-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-182-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-183-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-147-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-146-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-145-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-138-0x0000000007250000-0x0000000007266000-memory.dmp

Filesize
88KB

Download
memory/444-143-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/444-142-0x0000000007480000-0x000000000779A000-memory.dmp

Filesize
3.1MB

Download
memory/444-144-0x00000000077A0000-0x00000000078E0000-memory.dmp

Filesize
1.2MB

Download
memory/2100-141-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2100-132-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2100-200-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download