dcrat | a7f19f8d65bfd54fe1f8a5eb8c1a4a960361234046a56c176cd58c56919eec2c

Analysis

max time kernel
118s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
23-03-2023 05:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

minitool_partition_wizard_12.6_full.exe
Size

130.4MB
MD5

debc5f5b71f637030872b33caab64c0a
SHA1

25a8f4f53e9ec1123d62427c6740e3250dae9282
SHA256

a7f19f8d65bfd54fe1f8a5eb8c1a4a960361234046a56c176cd58c56919eec2c
SHA512

3e6a4755de6353fff3b0dce1c9fc308df701acd0e5d5e9bcc6f5abc2c444edb85a3ba0bf5a1878e2b76b292b889538eda1e3f855fe7fad70b550c18939279821
SSDEEP

3145728:uwYi3ZoPxT77M0XZeiYWe6LdSP5TKLc+S6k:ug3ZoZT7aWeGdu5T0Vk

Score

10^/10

dcrat discovery infostealer rat

Malware Config

Signatures

DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
rat infostealer dcrat

DCRat payload 6 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

rat

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\RarSFX0\MiniTool Partition Wizard 12.6.exe	dcrat
C:\Users\Admin\AppData\Local\Temp\RarSFX0\MiniTool Partition Wizard 12.6.exe	dcrat
C:\Users\Admin\AppData\Local\Temp\RarSFX0\MiniTool Partition Wizard 12.6.exe	dcrat
C:\Temp\Runtime Broker.exe	dcrat
C:\Temp\Runtime Broker.exe	dcrat
behavioral2/memory/2236-164-0x0000000000E70000-0x0000000001078000-memory.dmp	dcrat

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

partitionwizard.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	partitionwizard.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	partitionwizard.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

minitool_partition_wizard_12.6_full.exeMiniTool Partition Wizard 12.6.exeWScript.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	minitool_partition_wizard_12.6_full.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	MiniTool Partition Wizard 12.6.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	WScript.exe

Executes dropped EXE 5 IoCs

Processes:

MiniTool Partition Wizard 12.6.exeRuntime Broker.exeMiniTool Partition Wizard 12.6_LICENSE.exeMiniTool Partition Wizard 12.6_LICENSE.tmppartitionwizard.exe

pid	process
384	MiniTool Partition Wizard 12.6.exe
2236	Runtime Broker.exe
1276	MiniTool Partition Wizard 12.6_LICENSE.exe
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
872	partitionwizard.exe

Loads dropped DLL 31 IoCs

Processes:

MiniTool Partition Wizard 12.6_LICENSE.tmppartitionwizard.exe

pid	process
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
872	partitionwizard.exe
872	partitionwizard.exe
872	partitionwizard.exe
872	partitionwizard.exe
872	partitionwizard.exe
872	partitionwizard.exe
872	partitionwizard.exe
872	partitionwizard.exe
872	partitionwizard.exe
872	partitionwizard.exe
872	partitionwizard.exe
872	partitionwizard.exe
872	partitionwizard.exe
872	partitionwizard.exe
872	partitionwizard.exe
872	partitionwizard.exe
872	partitionwizard.exe
872	partitionwizard.exe
872	partitionwizard.exe
872	partitionwizard.exe
872	partitionwizard.exe
872	partitionwizard.exe
872	partitionwizard.exe
872	partitionwizard.exe
872	partitionwizard.exe
872	partitionwizard.exe
872	partitionwizard.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 3 IoCs

Processes:

partitionwizard.exe

description	ioc	process
File created	C:\Windows\system32\pwdrvio.sys	partitionwizard.exe
File created	C:\Windows\system32\pwdspio.sys	partitionwizard.exe
File opened for modification	C:\Windows\system32\pwdspio.sys	partitionwizard.exe

Drops file in Program Files directory 64 IoCs

Processes:

MiniTool Partition Wizard 12.6_LICENSE.tmppartitionwizard.exe

description	ioc	process
File opened for modification	C:\Program Files\MiniTool Partition Wizard 12\Dism.exe	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\en-us\x64\is-KCFGI.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\PEDrivers\x86\f6flpy-x86\is-N3ARR.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\is-GE0R6.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\platforms\is-D2K6D.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File opened for modification	C:\Program Files\MiniTool Partition Wizard 12\dbghelp.dll	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\is-LTBSI.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\en-us\win8_x64\is-D0C58.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File opened for modification	C:\Program Files\MiniTool Partition Wizard 12\imageformats\qgif.dll	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\is-B40QD.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\is-IFCM8.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\iconengines\is-TS5TG.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\x64\is-IEDS1.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File opened for modification	C:\Program Files\MiniTool Partition Wizard 12\iconengines\qsvgicon.dll	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\is-6CB8H.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\is-L7AK6.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File opened for modification	C:\Program Files\MiniTool Partition Wizard 12\fvresources\Aspose.Words.dll	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\is-UCLD3.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\en-us\x86\is-753JP.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\is-GODBQ.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\imageformats\is-C6EQN.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\is-5F7EA.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File opened for modification	C:\Program Files\MiniTool Partition Wizard 12\fvresources\Aspose.Slides.dll	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\is-SKRO9.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\is-69B8T.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\fvresources\is-273M7.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\is-BME9B.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\is-MN51V.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\is-HUSP6.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\fvresources\is-E5R42.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File opened for modification	C:\Program Files\MiniTool Partition Wizard 12\idriver.dll	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\is-PO98T.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\fvresources\ko-KR\is-IUAOV.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\is-AGMVE.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File opened for modification	C:\Program Files\MiniTool Partition Wizard 12\fvresources\es-ES\fileviewer.resources.dll	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\PEDrivers\x64\f6flpy-x64\is-TMCTV.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\PETools\x86\boot\is-GN69R.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\is-IREN8.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\is-P3QR6.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\fvresources\is-S5IRQ.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File opened for modification	C:\Program Files\MiniTool Partition Wizard 12\fvresources\Aspose.EPS.dll	MiniTool Partition Wizard 12.6_LICENSE.tmp
File opened for modification	C:\Program Files\MiniTool Partition Wizard 12\x64\wimserv.exe	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\PETools\x86\efi\Microsoft\Boot\is-EDHDR.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\fvresources\is-OR5QC.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File opened for modification	C:\Program Files\MiniTool Partition Wizard 12\libcurl.dll	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\is-Q904L.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\PEDrivers\x86\f6flpy-x86\is-59DGU.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\imageformats\is-TB3UK.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\fvresources\it-IT\is-PQ79S.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File opened for modification	C:\Program Files\MiniTool Partition Wizard 12\log.txt	partitionwizard.exe
File opened for modification	C:\Program Files\MiniTool Partition Wizard 12\partitionwizard.dll	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\PETools\x86\boot\is-RTBTJ.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\is-ODF26.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\x64\is-Q2KN1.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\fvresources\is-8C0U9.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\is-K1V0K.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File opened for modification	C:\Program Files\MiniTool Partition Wizard 12\Qt5Gui.dll	MiniTool Partition Wizard 12.6_LICENSE.tmp
File opened for modification	C:\Program Files\MiniTool Partition Wizard 12\fvresources\Aspose.CAD.dll	MiniTool Partition Wizard 12.6_LICENSE.tmp
File opened for modification	C:\Program Files\MiniTool Partition Wizard 12\fvresources\Aspose.Imaging.dll	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\is-7UT0F.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\is-9SOG5.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File created	C:\Program Files\MiniTool Partition Wizard 12\PETools\amd64\boot\is-JP7SD.tmp	MiniTool Partition Wizard 12.6_LICENSE.tmp
File opened for modification	C:\Program Files\MiniTool Partition Wizard 12\Qt5Charts.dll	MiniTool Partition Wizard 12.6_LICENSE.tmp
File opened for modification	C:\Program Files\MiniTool Partition Wizard 12\Qt5Widgets.dll	MiniTool Partition Wizard 12.6_LICENSE.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

vds.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	vds.exe

Checks processor information in registry 2 TTPs 64 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

partitionwizard.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\44	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\10	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\17	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\23	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\59	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\28	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\51	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\54	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\35	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\40	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\47	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\8	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\27	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\34	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\24	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\46	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\48	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\57	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\13	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\18	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\55	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\49	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\56	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\12	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\39	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\41	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\36	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\45	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\63	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\21	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\25	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\26	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\9	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\30	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\52	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\4	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\11	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\20	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\53	partitionwizard.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\7	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\32	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\14	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\19	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\6	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\15	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\16	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\33	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\60	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\3	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\5	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\61	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\62	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\37	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\38	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\42	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\43	partitionwizard.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\22	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\29	partitionwizard.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\31	partitionwizard.exe

Modifies registry class 1 IoCs

Processes:

MiniTool Partition Wizard 12.6.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	MiniTool Partition Wizard 12.6.exe

Runs .reg file with regedit 1 IoCs

Processes:

regedit.exe

pid process

4136 regedit.exe
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

partitionwizard.exe

pid process

872 partitionwizard.exe

pid	process
4136	regedit.exe

pid	process
872	partitionwizard.exe

Suspicious behavior: EnumeratesProcesses 62 IoCs

Processes:

MiniTool Partition Wizard 12.6_LICENSE.tmp

pid	process
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp

Suspicious behavior: LoadsDriver 2 IoCs

Processes:

pid process

648
648
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

Runtime Broker.exeAUDIODG.EXE

description pid process

Token: SeDebugPrivilege 2236 Runtime Broker.exe
Token: 33 2796 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 2796 AUDIODG.EXE
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

MiniTool Partition Wizard 12.6_LICENSE.tmp

pid process

5060 MiniTool Partition Wizard 12.6_LICENSE.tmp

pid	process
648
648

description	pid	process
Token: SeDebugPrivilege	2236	Runtime Broker.exe
Token: 33	2796	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2796	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

MiniTool Partition Wizard 12.6.exeMiniTool Partition Wizard 12.6_LICENSE.exeMiniTool Partition Wizard 12.6_LICENSE.tmppartitionwizard.exe

pid	process
384	MiniTool Partition Wizard 12.6.exe
1276	MiniTool Partition Wizard 12.6_LICENSE.exe
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
5060	MiniTool Partition Wizard 12.6_LICENSE.tmp
872	partitionwizard.exe
872	partitionwizard.exe

Suspicious use of WriteProcessMemory 21 IoCs

Processes:

minitool_partition_wizard_12.6_full.exeMiniTool Partition Wizard 12.6.exeWScript.execmd.exeMiniTool Partition Wizard 12.6_LICENSE.exeMiniTool Partition Wizard 12.6_LICENSE.tmp

description	pid	process	target process
PID 3088 wrote to memory of 384	3088	minitool_partition_wizard_12.6_full.exe	MiniTool Partition Wizard 12.6.exe
PID 3088 wrote to memory of 384	3088	minitool_partition_wizard_12.6_full.exe	MiniTool Partition Wizard 12.6.exe
PID 3088 wrote to memory of 384	3088	minitool_partition_wizard_12.6_full.exe	MiniTool Partition Wizard 12.6.exe
PID 384 wrote to memory of 2632	384	MiniTool Partition Wizard 12.6.exe	WScript.exe
PID 384 wrote to memory of 2632	384	MiniTool Partition Wizard 12.6.exe	WScript.exe
PID 384 wrote to memory of 2632	384	MiniTool Partition Wizard 12.6.exe	WScript.exe
PID 2632 wrote to memory of 5048	2632	WScript.exe	cmd.exe
PID 2632 wrote to memory of 5048	2632	WScript.exe	cmd.exe
PID 2632 wrote to memory of 5048	2632	WScript.exe	cmd.exe
PID 5048 wrote to memory of 2236	5048	cmd.exe	Runtime Broker.exe
PID 5048 wrote to memory of 2236	5048	cmd.exe	Runtime Broker.exe
PID 3088 wrote to memory of 1276	3088	minitool_partition_wizard_12.6_full.exe	MiniTool Partition Wizard 12.6_LICENSE.exe
PID 3088 wrote to memory of 1276	3088	minitool_partition_wizard_12.6_full.exe	MiniTool Partition Wizard 12.6_LICENSE.exe
PID 3088 wrote to memory of 1276	3088	minitool_partition_wizard_12.6_full.exe	MiniTool Partition Wizard 12.6_LICENSE.exe
PID 1276 wrote to memory of 5060	1276	MiniTool Partition Wizard 12.6_LICENSE.exe	MiniTool Partition Wizard 12.6_LICENSE.tmp
PID 1276 wrote to memory of 5060	1276	MiniTool Partition Wizard 12.6_LICENSE.exe	MiniTool Partition Wizard 12.6_LICENSE.tmp
PID 1276 wrote to memory of 5060	1276	MiniTool Partition Wizard 12.6_LICENSE.exe	MiniTool Partition Wizard 12.6_LICENSE.tmp
PID 5060 wrote to memory of 4136	5060	MiniTool Partition Wizard 12.6_LICENSE.tmp	regedit.exe
PID 5060 wrote to memory of 4136	5060	MiniTool Partition Wizard 12.6_LICENSE.tmp	regedit.exe
PID 5060 wrote to memory of 872	5060	MiniTool Partition Wizard 12.6_LICENSE.tmp	partitionwizard.exe
PID 5060 wrote to memory of 872	5060	MiniTool Partition Wizard 12.6_LICENSE.tmp	partitionwizard.exe

C:\Users\Admin\AppData\Local\Temp\minitool_partition_wizard_12.6_full.exe
"C:\Users\Admin\AppData\Local\Temp\minitool_partition_wizard_12.6_full.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3088

C:\Users\Admin\AppData\Local\Temp\RarSFX0\MiniTool Partition Wizard 12.6.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\MiniTool Partition Wizard 12.6.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:384

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Temp\8mGSyTUtVfuMkV8vtHuW9UFpBdYFm.vbe"
3⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2632

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Temp\oX3JL1WEizcdnPmVyjer7.bat" "
4⤵
- Suspicious use of WriteProcessMemory
PID:5048

C:\Temp\Runtime Broker.exe
"C:\Temp\Runtime Broker.exe"
5⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2236

C:\Users\Admin\AppData\Local\Temp\RarSFX0\MiniTool Partition Wizard 12.6_LICENSE.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\MiniTool Partition Wizard 12.6_LICENSE.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1276

C:\Users\Admin\AppData\Local\Temp\is-4QOOO.tmp\MiniTool Partition Wizard 12.6_LICENSE.tmp
"C:\Users\Admin\AppData\Local\Temp\is-4QOOO.tmp\MiniTool Partition Wizard 12.6_LICENSE.tmp" /SL5="$401A4,134097334,67072,C:\Users\Admin\AppData\Local\Temp\RarSFX0\MiniTool Partition Wizard 12.6_LICENSE.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5060

C:\Windows\regedit.exe
"C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\RarSFX0\settings.reg"
4⤵
- Runs .reg file with regedit
PID:4136

C:\Program Files\MiniTool Partition Wizard 12\partitionwizard.exe
"C:\Program Files\MiniTool Partition Wizard 12\partitionwizard.exe"
4⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:872

C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
1⤵
PID:2420

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Checks SCSI registry key(s)
PID:5032

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x4e8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2796

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5096

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\MiniTool Partition Wizard 12\LIBEAY32.dll
Filesize
1.6MB

MD5
aaae8fe70e4c9da4acf5b6445fe7d9a3

SHA1
9916fdcbca4584cfd2e5fb86d187df1bdfae40ef

SHA256
e0297bc3b64d0f39fa0fbf751216dc150ecd1cf403440d5b533d132c9b185cae

SHA512
dc8ddcf3fbf71b85ccdab0d2c20fc002033ceb96370e0f034f4c35ec8588b2a52de63678461b8fe9c516e76420a4a3f39881b1fcd46e2b9563b1928f6cf21f66

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\MSVCP120.dll
Filesize
644KB

MD5
edef53778eaafe476ee523be5c2ab67f

SHA1
58c416508913045f99cdf559f31e71f88626f6de

SHA256
92faedd18a29e1bd2dd27a1d805ea5aa3e73b954a625af45a74f49d49506d20f

SHA512
7fc931c69aca6a09924c84f57a4a2bcf506859ab02f622d858e9e13d5917c5d3bdd475ba88f7a7e537bdae84ca3df9c3a7c56b2b0ca3c2d463bd7e9b905e2ef8

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\MSVCR120.dll
Filesize
940KB

MD5
aeb29ccc27e16c4fd223a00189b44524

SHA1
45a6671c64f353c79c0060bdafea0ceb5ad889be

SHA256
d28c7ab34842b6149609bd4e6b566ddab8b891f0d5062480a253ef20a6a2caaa

SHA512
2ec4d768a07cfa19d7a30cbd1a94d97ba4f296194b9c725cef8e50a2078e9e593a460e4296e033a05b191dc863acf6879d50c2242e82fe00054ca1952628e006

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\PowerDataRecoveryCore.dll
Filesize
1.3MB

MD5
4ab6338463fbeafd4b4edb7aff66495f

SHA1
4475d03a741f47fc6a2bff0c8363ec8660e47b4a

SHA256
ad0fd476a81136ae4047b23fa94ff30eb0f56feddb19ce3305e86e3fb4450aff

SHA512
b79b1719d60dfe17253076ae979b1c2550f579d7083ddd9871c80cbcd55c7587c39c527755d6b0bfa64e1504688485e7eb2e647b00c0b6e0cd85d423afe79c37

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\PowerDataRecoveryCore.dll
Filesize
1.3MB

MD5
4ab6338463fbeafd4b4edb7aff66495f

SHA1
4475d03a741f47fc6a2bff0c8363ec8660e47b4a

SHA256
ad0fd476a81136ae4047b23fa94ff30eb0f56feddb19ce3305e86e3fb4450aff

SHA512
b79b1719d60dfe17253076ae979b1c2550f579d7083ddd9871c80cbcd55c7587c39c527755d6b0bfa64e1504688485e7eb2e647b00c0b6e0cd85d423afe79c37

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\PowerDataRecoveryUI.dll
Filesize
5.3MB

MD5
86461a78c6a24789f7220f494b48552f

SHA1
46af4c448a18201966d36991c5944612b8287ef3

SHA256
0cdbad6d79addd3b3b6e2fb59150405acf4a8eca5d5b2aef819660942b7050da

SHA512
be5e41b32ebfa83db44428c0a741b02acb6ffd4927b27b4e9fd91d23bbaf35f49dfe9da69c3f0847848df0319514b55a1dd59349638c3041692abc554de1bc0c

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\PowerDataRecoveryUI.dll
Filesize
5.3MB

MD5
86461a78c6a24789f7220f494b48552f

SHA1
46af4c448a18201966d36991c5944612b8287ef3

SHA256
0cdbad6d79addd3b3b6e2fb59150405acf4a8eca5d5b2aef819660942b7050da

SHA512
be5e41b32ebfa83db44428c0a741b02acb6ffd4927b27b4e9fd91d23bbaf35f49dfe9da69c3f0847848df0319514b55a1dd59349638c3041692abc554de1bc0c

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\Qt5Charts.dll
Filesize
1.3MB

MD5
07e4bd7c3a018d39206e9a30c35d9320

SHA1
f1cf5dd2e45bf2d9020855d469c60fcee7f22046

SHA256
f22551ef3c8628430749a04189d5ae15ebcd74779ad2157a2ef2b7fc12249cec

SHA512
00c5d0a0fd623d1657ff91b8b6ab118a01eca837227a234af34aeccab678feac2cb0cb76ff768eae68bbf150432ef7bd549c57d0665f62f80a71866df67d875a

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\Qt5Charts.dll
Filesize
1.3MB

MD5
07e4bd7c3a018d39206e9a30c35d9320

SHA1
f1cf5dd2e45bf2d9020855d469c60fcee7f22046

SHA256
f22551ef3c8628430749a04189d5ae15ebcd74779ad2157a2ef2b7fc12249cec

SHA512
00c5d0a0fd623d1657ff91b8b6ab118a01eca837227a234af34aeccab678feac2cb0cb76ff768eae68bbf150432ef7bd549c57d0665f62f80a71866df67d875a

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\Qt5Core.dll
Filesize
5.3MB

MD5
a7e479e3fb8c45b4b572a301588c0de0

SHA1
a254d7e90a27196a6e40b9daacc1f72748ccc155

SHA256
a71c5a226fbb4334353cc1d0f4abacba8a509f8544f286d352e1ec29c86c0742

SHA512
92c4303df4967d48a957d258dc2502eedd50a39c7d5d2120f69233f53d67dde13be7112309dd71c0ba9b005951e59a416c5139861522c73cfba3bd49e6b370ae

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\Qt5Core.dll
Filesize
5.3MB

MD5
a7e479e3fb8c45b4b572a301588c0de0

SHA1
a254d7e90a27196a6e40b9daacc1f72748ccc155

SHA256
a71c5a226fbb4334353cc1d0f4abacba8a509f8544f286d352e1ec29c86c0742

SHA512
92c4303df4967d48a957d258dc2502eedd50a39c7d5d2120f69233f53d67dde13be7112309dd71c0ba9b005951e59a416c5139861522c73cfba3bd49e6b370ae

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\Qt5Gui.dll
Filesize
5.7MB

MD5
89c68c9d29d7c527097eb4a1317f71ad

SHA1
58add7d0d991931ac92eb144e007894412ae570a

SHA256
be00d70e40813e1a8ae4715b8e3cdbfb6470dbffc7d591459bb4afc30e77f715

SHA512
bfe224dec896857ebe32e75e52823f821b3791312d9629d63b565e2cd12e1854aff5e66cc416555dfbe08887a6171dfb6393e9084a0adaa2ee3528aaf0e2617f

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\Qt5Gui.dll
Filesize
5.7MB

MD5
89c68c9d29d7c527097eb4a1317f71ad

SHA1
58add7d0d991931ac92eb144e007894412ae570a

SHA256
be00d70e40813e1a8ae4715b8e3cdbfb6470dbffc7d591459bb4afc30e77f715

SHA512
bfe224dec896857ebe32e75e52823f821b3791312d9629d63b565e2cd12e1854aff5e66cc416555dfbe08887a6171dfb6393e9084a0adaa2ee3528aaf0e2617f

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\Qt5Network.dll
Filesize
1.0MB

MD5
68ec8a5f852fe3eca746393e01124ad3

SHA1
8d750ef88248e20316056e5f7a09a7973cb7145a

SHA256
1e971e5e8996b350622f447c88dd6d020cb4c32c259550aef29b9fdac8df9645

SHA512
efa0294bc337d039b49a806e542d8cdf948054594dea02f8ccf09ade4942a49c566d6804b5d9e5f439ff5a78dd74c67143fcd54e778201fab57174faec259084

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\Qt5Network.dll
Filesize
1.0MB

MD5
68ec8a5f852fe3eca746393e01124ad3

SHA1
8d750ef88248e20316056e5f7a09a7973cb7145a

SHA256
1e971e5e8996b350622f447c88dd6d020cb4c32c259550aef29b9fdac8df9645

SHA512
efa0294bc337d039b49a806e542d8cdf948054594dea02f8ccf09ade4942a49c566d6804b5d9e5f439ff5a78dd74c67143fcd54e778201fab57174faec259084

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\Qt5Widgets.dll
Filesize
5.3MB

MD5
d654ed44099c61cf7ddc07dabeca28d3

SHA1
1acf0f22f3cb15585fe8ec97dad00eda8ac30d51

SHA256
3bc64a69dc06e7a12442c04225630ba57c779d6e9e4e1aff9f986c3e68883f27

SHA512
9012f71a8dd27c56b46b341c97a8ac964bdf399f1f9d8740763be34bc4d179db5bb4fbee153e715990a37c2b1391b2622bcacffe32756abfaceb45183bf7f0ea

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\Qt5Widgets.dll
Filesize
5.3MB

MD5
d654ed44099c61cf7ddc07dabeca28d3

SHA1
1acf0f22f3cb15585fe8ec97dad00eda8ac30d51

SHA256
3bc64a69dc06e7a12442c04225630ba57c779d6e9e4e1aff9f986c3e68883f27

SHA512
9012f71a8dd27c56b46b341c97a8ac964bdf399f1f9d8740763be34bc4d179db5bb4fbee153e715990a37c2b1391b2622bcacffe32756abfaceb45183bf7f0ea

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\RawObject.dll
Filesize
360KB

MD5
e4f38dc0d2794113ebc52a2dc5774f59

SHA1
a45a26800c340c9b459bbee2cbf39d9846e6a9f8

SHA256
89eb4e8eb2620dcbe5a7b775c0084b0e5221c567b54bd1c79d20dc02a9cecf17

SHA512
a89fb208702b89fa7a169aeec57f9537381e0b3b3ec96b94a52ee719ca361e3bb8552f2527b09bc6e1969482eb596171c9684da9e830dbf5e8a8d6362069c86b

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\RawObject.dll
Filesize
360KB

MD5
e4f38dc0d2794113ebc52a2dc5774f59

SHA1
a45a26800c340c9b459bbee2cbf39d9846e6a9f8

SHA256
89eb4e8eb2620dcbe5a7b775c0084b0e5221c567b54bd1c79d20dc02a9cecf17

SHA512
a89fb208702b89fa7a169aeec57f9537381e0b3b3ec96b94a52ee719ca361e3bb8552f2527b09bc6e1969482eb596171c9684da9e830dbf5e8a8d6362069c86b

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\efs.dll
Filesize
25KB

MD5
038ef653d4c317251b7ddcc5aa7a8858

SHA1
6229db50ceb8eb2c1eaf53ab7fac92dcd5709183

SHA256
b472bda60fb88eb4ba5e751d75710f5046068601d089367b882a018e6489fbad

SHA512
27f9f2e789f4b1803e69a463629ac3703db71dfd9dbc3798b718b5bc6d6115535095e4cfbcbc50e611e06d46317923139b33720a295f3346d570b4040bca1d9d

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\efs.dll
Filesize
25KB

MD5
038ef653d4c317251b7ddcc5aa7a8858

SHA1
6229db50ceb8eb2c1eaf53ab7fac92dcd5709183

SHA256
b472bda60fb88eb4ba5e751d75710f5046068601d089367b882a018e6489fbad

SHA512
27f9f2e789f4b1803e69a463629ac3703db71dfd9dbc3798b718b5bc6d6115535095e4cfbcbc50e611e06d46317923139b33720a295f3346d570b4040bca1d9d

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\idriver.dll
Filesize
24KB

MD5
88249d061d4b0960f096edb161123ae6

SHA1
06294d0ac2b87df72f4bf67703b0cf2f25108e02

SHA256
62ad27d89a7ef1496328ea9d128a3abb80ae1cdb7025831101b8777cdb5dae81

SHA512
228596df4c0a4c00c1d11165060fb4059254ec2d481e5efaef1cdb6e20f96afac0013f17236d18e038fafc758f17a5eea903aa4b9da232fa4d0f4703a5afeb3b

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\idriver.dll
Filesize
24KB

MD5
88249d061d4b0960f096edb161123ae6

SHA1
06294d0ac2b87df72f4bf67703b0cf2f25108e02

SHA256
62ad27d89a7ef1496328ea9d128a3abb80ae1cdb7025831101b8777cdb5dae81

SHA512
228596df4c0a4c00c1d11165060fb4059254ec2d481e5efaef1cdb6e20f96afac0013f17236d18e038fafc758f17a5eea903aa4b9da232fa4d0f4703a5afeb3b

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\ikernel.dll
Filesize
3.1MB

MD5
45986fb2a3b486739265fb97c78bf613

SHA1
baa9b8d6940ace3c3f6e0e24c287ae16b3822c29

SHA256
b9369eb0899e8f81ec95ef51dadd1b5c415e39472787a41c2798c6e1950903a3

SHA512
16cfa61ec09cf7919b7c69e3dd8a52d83927a49cfc0934066601f5250d3488a4e3c0d68d4d36ed1bcd9779ad18e06d3fa75bc619be67919e718ea0701198ab81

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\ikernel.dll
Filesize
3.1MB

MD5
45986fb2a3b486739265fb97c78bf613

SHA1
baa9b8d6940ace3c3f6e0e24c287ae16b3822c29

SHA256
b9369eb0899e8f81ec95ef51dadd1b5c415e39472787a41c2798c6e1950903a3

SHA512
16cfa61ec09cf7919b7c69e3dd8a52d83927a49cfc0934066601f5250d3488a4e3c0d68d4d36ed1bcd9779ad18e06d3fa75bc619be67919e718ea0701198ab81

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\imageformats\qdds.dll
Filesize
56KB

MD5
cd58de80b21c0da2b242c15dfd825196

SHA1
4f0fc112d823c2360a1a0577e1aa845355b722ef

SHA256
181ed94d3ad037ddf8ab60bb552ab852afcfa1a759c3adea06bda9f07692be79

SHA512
8039269c51e93c9f97fbde1e4aa6f61e84afdf9b07f26da590f009820c6df4a5fdbcbf76d24ff42442f754189d6cbadc8384c079283fe3b4e4fa958033b3623b

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\imageformats\qdds.dll
Filesize
56KB

MD5
cd58de80b21c0da2b242c15dfd825196

SHA1
4f0fc112d823c2360a1a0577e1aa845355b722ef

SHA256
181ed94d3ad037ddf8ab60bb552ab852afcfa1a759c3adea06bda9f07692be79

SHA512
8039269c51e93c9f97fbde1e4aa6f61e84afdf9b07f26da590f009820c6df4a5fdbcbf76d24ff42442f754189d6cbadc8384c079283fe3b4e4fa958033b3623b

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\imageformats\qgif.dll
Filesize
37KB

MD5
83a8a84a578656713d9cb48dc2df9a92

SHA1
0105569de76fabe34bacdebf2d4cf045b4ebb1ec

SHA256
503c306efd3394eb0f9617c481b0fa5964ee690badea992a592b6241db2aaf3a

SHA512
d9706e49b63b56769e427af9f3b11ed5e19028254f950adf23c3d0d0d6279627e0983bad715e88ff3bf6aa72550ba5ccdc25e688a1b89ced71bd728fbcd379ee

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\imageformats\qgif.dll
Filesize
37KB

MD5
83a8a84a578656713d9cb48dc2df9a92

SHA1
0105569de76fabe34bacdebf2d4cf045b4ebb1ec

SHA256
503c306efd3394eb0f9617c481b0fa5964ee690badea992a592b6241db2aaf3a

SHA512
d9706e49b63b56769e427af9f3b11ed5e19028254f950adf23c3d0d0d6279627e0983bad715e88ff3bf6aa72550ba5ccdc25e688a1b89ced71bd728fbcd379ee

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\imageformats\qicns.dll
Filesize
44KB

MD5
48dad7bb1b009d171dbf7abb4a48a979

SHA1
ed4e972de80c9dd8987e1a6f26a2175e3618cdce

SHA256
a1a7fc64e928a3bee12295ff613be9a13d1d2fd3e934e7726c0cfa33d24bf6fb

SHA512
41e6bedfe1cc3dd0e798c8701220e545128b09112fc5c9243df18f6c1aec371cc5aa592fc92d9b0bef3bbcc376d23f120078a91088ba6bdfd8bf7d3553ad1f78

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\imageformats\qico.dll
Filesize
38KB

MD5
d3f182546f058a7e4f62d258420f2aa5

SHA1
80664c4508ce02448713cc6f34d0a8b13dcd4cd0

SHA256
fd738fdaacc34c9a01a547bd18d3ca1ac620096cdb3e1f94895ac08b371d40d0

SHA512
c2e28c0530e54e0e4455a5da082e3420833cbf48d9a267e97b3cd1e63b32fe93e03f211d0a5401f11013d6061b6a49b76d009dea6ff367327dea2f562b4b75bf

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\imageformats\qjpeg.dll
Filesize
239KB

MD5
0b682ba9c08df63e406546dc2b4349b5

SHA1
c0485e7e1fcd5e7d5324cc8c0f3a66652a855a1e

SHA256
5cda55e959ff3d8ed56710b077be98373986fc698d0eb2c29526904f7355a3ec

SHA512
77dae7de8dadb6df9d51222b3ac5091fc25b8dd642edf7dfa77ba98649effbff316f22af6340ae851793a29cd54bd5bfeb884eabc6bea49f96e0ec58ad598887

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\imageformats\qsvg.dll
Filesize
31KB

MD5
1014f8919ff8a28b5f834b8d0c462b28

SHA1
1d1fe59e497996f1688e993d8917cf6ab1bb3be0

SHA256
2aae1e9a9e910ead378889e5f9db669ec497d164d997e81612afac60ccb02c46

SHA512
ca09812e5a0630459dad76f9c06bb62f3a99be340bd619f4db149905ba45a39313891bfda7af362d44540de6a6d7d4db7aa263ab74e79fc24a32f59d8ba4be3b

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\imageformats\qtga.dll
Filesize
30KB

MD5
3c5ca5a8c9ac8f6ef7d90e5d77f10bc8

SHA1
f2a21ae75e05a91d11ba64fa8afbec04d06c0473

SHA256
18e17b0ef4813d3b4571b9b03b28bd689693b1dcb84d5f689a833393165d5e54

SHA512
4d61ac4e29c58c58e03d5531050ed25f256c8fed34ace46811d912ddeab68176ad710af70c02d39e83c9f3829e941cb8cb20d9ac339235c205ea3208768bbc09

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\imageformats\qtiff.dll
Filesize
353KB

MD5
e2be460aa6ec66884db28140e2037312

SHA1
b0042775e540943ba160415bd060ee1d340a404b

SHA256
ed02f3a1070d1696e663e03b43da0350fab36160f1f486a5d7448994ae1046f9

SHA512
b28f9eeda258fb7579f8d1bc465303d1231771088587eea1a3829b1b90b6f2610338be79a6b5108285438782ac520981bdec430d395e80d38710202b89e8c509

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\imageformats\qwbmp.dll
Filesize
29KB

MD5
aa0d9d5eae818c84384b614d7f376b35

SHA1
cc8e100d70b46ffc180dd75a245306cf8167ad02

SHA256
c9146916d2415cf514abe2d337e94e29231215f0d01b748741d5ba8f09faa239

SHA512
110fc91670d082bee645563722575e420ceee647f435470839836aba418af754a39efe10992dc16e9f995782c5de7d6bffd7dfbc2400b9d548aa9cc8fb5982eb

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\imageformats\qwebp.dll
Filesize
374KB

MD5
87982296888e36f944acb3e2cbcfa8f6

SHA1
312a03b7e7e2799b1e5a3ef2b0db9ec7b56b2c84

SHA256
58ccdf8d4e361b6d0d8847abbc959e6a42be03d8b5415e29773ffa2422e4f7d2

SHA512
23b52a2aa8c99979a719582ee5e62c34c93e2e362121c0968ac4a17b02ea5bb5ea534d153e7e2230c43025693281cb88ae4c56bddb66bae5220ef85d0d9b2c80

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\libcurl.dll
Filesize
359KB

MD5
4edcb47ff216a3d465534620f2e26a1a

SHA1
245920aa97fc1299e6416665f26147acb54f9090

SHA256
753c458e48291eb08cb42cd9a03484f7c4a9dd8c209cdd070c4be8b7f32c248e

SHA512
2df293d15d0a157752542586a5f4dec7c4b334378936d22d8ed8f80b3b58b75f9642df0e9295c124056ca1383af587acfbbf7ac5ac965454d67b0db5fdd83af3

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\libcurl.dll
Filesize
359KB

MD5
4edcb47ff216a3d465534620f2e26a1a

SHA1
245920aa97fc1299e6416665f26147acb54f9090

SHA256
753c458e48291eb08cb42cd9a03484f7c4a9dd8c209cdd070c4be8b7f32c248e

SHA512
2df293d15d0a157752542586a5f4dec7c4b334378936d22d8ed8f80b3b58b75f9642df0e9295c124056ca1383af587acfbbf7ac5ac965454d67b0db5fdd83af3

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\libeay32.dll
Filesize
1.6MB

MD5
aaae8fe70e4c9da4acf5b6445fe7d9a3

SHA1
9916fdcbca4584cfd2e5fb86d187df1bdfae40ef

SHA256
e0297bc3b64d0f39fa0fbf751216dc150ecd1cf403440d5b533d132c9b185cae

SHA512
dc8ddcf3fbf71b85ccdab0d2c20fc002033ceb96370e0f034f4c35ec8588b2a52de63678461b8fe9c516e76420a4a3f39881b1fcd46e2b9563b1928f6cf21f66

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\msvcp120.dll
Filesize
644KB

MD5
edef53778eaafe476ee523be5c2ab67f

SHA1
58c416508913045f99cdf559f31e71f88626f6de

SHA256
92faedd18a29e1bd2dd27a1d805ea5aa3e73b954a625af45a74f49d49506d20f

SHA512
7fc931c69aca6a09924c84f57a4a2bcf506859ab02f622d858e9e13d5917c5d3bdd475ba88f7a7e537bdae84ca3df9c3a7c56b2b0ca3c2d463bd7e9b905e2ef8

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\msvcr120.dll
Filesize
940KB

MD5
aeb29ccc27e16c4fd223a00189b44524

SHA1
45a6671c64f353c79c0060bdafea0ceb5ad889be

SHA256
d28c7ab34842b6149609bd4e6b566ddab8b891f0d5062480a253ef20a6a2caaa

SHA512
2ec4d768a07cfa19d7a30cbd1a94d97ba4f296194b9c725cef8e50a2078e9e593a460e4296e033a05b191dc863acf6879d50c2242e82fe00054ca1952628e006

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\partitionwizard.dll
Filesize
4.8MB

MD5
f698b0fb04c8d4da9ca974da81f67ab5

SHA1
d554ecd7bfbdf040275aaebd3aaa69212dc6b4cd

SHA256
c24a746b4a24edf2a16df60218bc1fcad1cdbe166d861dfff6874206cb257c10

SHA512
1e1181f2449e46fd2672c97492050cd2782e46fe9bf12dcafec193479b03b6bccacfdb42c89249fe394d8524037a11445af4a0ae24a20afabff5de991148ae9a

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\partitionwizard.dll
Filesize
4.8MB

MD5
f698b0fb04c8d4da9ca974da81f67ab5

SHA1
d554ecd7bfbdf040275aaebd3aaa69212dc6b4cd

SHA256
c24a746b4a24edf2a16df60218bc1fcad1cdbe166d861dfff6874206cb257c10

SHA512
1e1181f2449e46fd2672c97492050cd2782e46fe9bf12dcafec193479b03b6bccacfdb42c89249fe394d8524037a11445af4a0ae24a20afabff5de991148ae9a

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\partitionwizard.exe
Filesize
437KB

MD5
77f4dd88cf0158f244ba0a3cd2d2aa15

SHA1
f1eb5a39d05fca0549e177d2480e845982114e3c

SHA256
e225c6cee399f3e828d6494a2852d84cc7c2f1da9801ef5be05886a1d0a0b478

SHA512
9cddf43cad93c2354033b3eb6e7043b37cf0d4a8ac0a8f188cce1eb7ec920a82dc0c4ef792dd720413530eda8ef0160ce474585c40ae6e64088dbd49e0251b4b

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\partitionwizard.exe
Filesize
437KB

MD5
77f4dd88cf0158f244ba0a3cd2d2aa15

SHA1
f1eb5a39d05fca0549e177d2480e845982114e3c

SHA256
e225c6cee399f3e828d6494a2852d84cc7c2f1da9801ef5be05886a1d0a0b478

SHA512
9cddf43cad93c2354033b3eb6e7043b37cf0d4a8ac0a8f188cce1eb7ec920a82dc0c4ef792dd720413530eda8ef0160ce474585c40ae6e64088dbd49e0251b4b

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\platforms\qwindows.dll
Filesize
1.2MB

MD5
9608d1a7416a2534dee37613fb8bcb35

SHA1
c6dac2916d5740a406e784d035f7dee3e6ddb971

SHA256
d3f3f1eea7662a928cea0d9029d83e8b6a23a24d641056c3575e4b2d33b05bd1

SHA512
11fbd7751abd89354383645666a70a6ceb37ec005eb064b5307101823d900073f82631f95201cbc81b4a965f1ca2f5c180b9779778ac09bd5fc6a851ae405e0c

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\platforms\qwindows.dll
Filesize
1.2MB

MD5
9608d1a7416a2534dee37613fb8bcb35

SHA1
c6dac2916d5740a406e784d035f7dee3e6ddb971

SHA256
d3f3f1eea7662a928cea0d9029d83e8b6a23a24d641056c3575e4b2d33b05bd1

SHA512
11fbd7751abd89354383645666a70a6ceb37ec005eb064b5307101823d900073f82631f95201cbc81b4a965f1ca2f5c180b9779778ac09bd5fc6a851ae405e0c

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\x64\pwdrvio.sys
Filesize
36KB

MD5
0236f0292f87887bbe26f280f813b163

SHA1
4b4d962504139a4beec57caa98b5bbd36eea418f

SHA256
a08cca66ad333d3b4d5ee8a6aeabca317624207810f8a40ef0e07c8a6f4ce5df

SHA512
302f63649bf3625bbf29fab5e7401a3e28e5780ef0fb5d39311e5d35262c0c919bc4f98141888677e363dd372fccab7fc26094f96c2f3d5fa292b3dc34c578fa

Download Submit
C:\Program Files\MiniTool Partition Wizard 12\x64\pwdspio.sys
Filesize
12KB

MD5
d619356b955eefa642f5ff72755e8b3c

SHA1
6113cf3a71b13f97aeca3607cabc9000a9829f5e

SHA256
1fd54978a77acd6fbf1236e177ed074894743a9141e4169fe9afe28680fc93c5

SHA512
1971d87d119c89dc6c5582286677853569343483863bd5cb26ba8f11c385c27af00feac2737a6097b6a3dfa46e56ef1a0d421d92648bb8313f1b185c37738b5a

Download Submit
C:\Temp\8mGSyTUtVfuMkV8vtHuW9UFpBdYFm.vbe
Filesize
202B

MD5
d4490bf04ced6fce8be8f2c04ce34635

SHA1
be394c0ebdfdb59d748b7cfbeef46896e756e4ff

SHA256
2577d9e73cf17493ffacaa27ef80ca2bdfe194b01c2d9c2923e2a2b8de9b47df

SHA512
940e3387266e0c43add68f6dd8d7e799e825ece0bb99d1e0cb34e577b57da66abb4e670a902ff8245784aef6dea0c0d788e349399b9b067e858b32fbd05910e6

Download Submit
C:\Temp\Runtime Broker.exe
Filesize
2.0MB

MD5
1b5477e8b0e89279003639c7f4422851

SHA1
f75a0f1226ea7e2bba0b5bfc51039bab188cfa3f

SHA256
954f517954949fb0c20395f3cc0c3ca6e6b1e93dbc364c147198b382970837c9

SHA512
f04223dd34b60834209a15120827e85baf7074aae7d4b77023745f0177c745caf6df76178a50aded7327717ab627f2c5996a768c5435476ee8ce35f6ef0ec31d

Download Submit
C:\Temp\Runtime Broker.exe
Filesize
2.0MB

MD5
1b5477e8b0e89279003639c7f4422851

SHA1
f75a0f1226ea7e2bba0b5bfc51039bab188cfa3f

SHA256
954f517954949fb0c20395f3cc0c3ca6e6b1e93dbc364c147198b382970837c9

SHA512
f04223dd34b60834209a15120827e85baf7074aae7d4b77023745f0177c745caf6df76178a50aded7327717ab627f2c5996a768c5435476ee8ce35f6ef0ec31d

Download Submit
C:\Temp\oX3JL1WEizcdnPmVyjer7.bat
Filesize
28B

MD5
1c0820915b23fa02cd5c9d5ee69e2110

SHA1
cb03a2ee3817d3fa191364429eada237f1fc15a4

SHA256
1d73a85802574d06a478525aa333dcbed44c1c2cdec62e637a9a729c6c524fcb

SHA512
2d16a37ca7542bd7d41f456ddbaa2d9f44f1fc0a862549f262abde4de8728766b8c2d13e641f700c81d7c4ca6158d7ec3ee97bf51a90603e08cbef288f465ec2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\MiniTool Partition Wizard 12.6.exe
Filesize
2.3MB

MD5
69278416d5b1e45bdc199424889d1efe

SHA1
d03e8357ac70b8120e78ba75f4216562be54e61f

SHA256
7ff5cf5a299bb3f9b1ff80582813cd3738d2778de1bdb5d021200221802187d7

SHA512
f7401fdeff531b22e3b2c9b55b5d2721f93b2a00ebffd13e4acceb9ff83eee4146f77bc060df7705cc29e88b01aa796b3e5fa3f2117cae4994856d078fa15ba1

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\MiniTool Partition Wizard 12.6.exe
Filesize
2.3MB

MD5
69278416d5b1e45bdc199424889d1efe

SHA1
d03e8357ac70b8120e78ba75f4216562be54e61f

SHA256
7ff5cf5a299bb3f9b1ff80582813cd3738d2778de1bdb5d021200221802187d7

SHA512
f7401fdeff531b22e3b2c9b55b5d2721f93b2a00ebffd13e4acceb9ff83eee4146f77bc060df7705cc29e88b01aa796b3e5fa3f2117cae4994856d078fa15ba1

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\MiniTool Partition Wizard 12.6.exe
Filesize
2.3MB

MD5
69278416d5b1e45bdc199424889d1efe

SHA1
d03e8357ac70b8120e78ba75f4216562be54e61f

SHA256
7ff5cf5a299bb3f9b1ff80582813cd3738d2778de1bdb5d021200221802187d7

SHA512
f7401fdeff531b22e3b2c9b55b5d2721f93b2a00ebffd13e4acceb9ff83eee4146f77bc060df7705cc29e88b01aa796b3e5fa3f2117cae4994856d078fa15ba1

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\MiniTool Partition Wizard 12.6_LICENSE.exe
Filesize
128.2MB

MD5
aaa0657e4501267510f328c964c6ae79

SHA1
079359bc7a0741be054f59e8dbc4c21a50520ee2

SHA256
c6c2b2d5173c2d2bc71e3c9196ea9ba8a1af5f0dc440564927a8461306b44abd

SHA512
657c6cec51691e8d40bf8a4848cf2f7008307211575a18aa2edf6fc495aaa61602b88cb89e1b231b61c0f294eda7e27a4ee44bc70b8f8fcdaef6e7e92d781fff

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\MiniTool Partition Wizard 12.6_LICENSE.exe
Filesize
128.2MB

MD5
aaa0657e4501267510f328c964c6ae79

SHA1
079359bc7a0741be054f59e8dbc4c21a50520ee2

SHA256
c6c2b2d5173c2d2bc71e3c9196ea9ba8a1af5f0dc440564927a8461306b44abd

SHA512
657c6cec51691e8d40bf8a4848cf2f7008307211575a18aa2edf6fc495aaa61602b88cb89e1b231b61c0f294eda7e27a4ee44bc70b8f8fcdaef6e7e92d781fff

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\MiniTool Partition Wizard 12.6_LICENSE.exe
Filesize
128.2MB

MD5
aaa0657e4501267510f328c964c6ae79

SHA1
079359bc7a0741be054f59e8dbc4c21a50520ee2

SHA256
c6c2b2d5173c2d2bc71e3c9196ea9ba8a1af5f0dc440564927a8461306b44abd

SHA512
657c6cec51691e8d40bf8a4848cf2f7008307211575a18aa2edf6fc495aaa61602b88cb89e1b231b61c0f294eda7e27a4ee44bc70b8f8fcdaef6e7e92d781fff

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4QOOO.tmp\MiniTool Partition Wizard 12.6_LICENSE.tmp
Filesize
913KB

MD5
2a24c0a674f4692da02e631e4a4afbe9

SHA1
fa678a5b96a3562bc75431197979ad1f83346e32

SHA256
bc80b9ed6d079ab2f13092e9802d81ee537b3bfa349c7732585b5c8eafaa1dbd

SHA512
248166b2a37f31111ddde5ec34ed98e133d9aa9f463243f27c821efb27eb79768fc7d3af33a13b43b0a2a3d49a500c6432c745afed59919984da755aa95a7ad7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4QOOO.tmp\MiniTool Partition Wizard 12.6_LICENSE.tmp
Filesize
913KB

MD5
2a24c0a674f4692da02e631e4a4afbe9

SHA1
fa678a5b96a3562bc75431197979ad1f83346e32

SHA256
bc80b9ed6d079ab2f13092e9802d81ee537b3bfa349c7732585b5c8eafaa1dbd

SHA512
248166b2a37f31111ddde5ec34ed98e133d9aa9f463243f27c821efb27eb79768fc7d3af33a13b43b0a2a3d49a500c6432c745afed59919984da755aa95a7ad7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D9HSI.tmp\ISTask.dll
Filesize
66KB

MD5
86a1311d51c00b278cb7f27796ea442e

SHA1
ac08ac9d08f8f5380e2a9a65f4117862aa861a19

SHA256
e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d

SHA512
129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D9HSI.tmp\ISTask.dll
Filesize
66KB

MD5
86a1311d51c00b278cb7f27796ea442e

SHA1
ac08ac9d08f8f5380e2a9a65f4117862aa861a19

SHA256
e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d

SHA512
129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D9HSI.tmp\VclStylesInno.dll
Filesize
3.0MB

MD5
b0ca93ceb050a2feff0b19e65072bbb5

SHA1
7ebbbbe2d2acd8fd516f824338d254a33b69f08d

SHA256
0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246

SHA512
37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D9HSI.tmp\VclStylesInno.dll
Filesize
3.0MB

MD5
b0ca93ceb050a2feff0b19e65072bbb5

SHA1
7ebbbbe2d2acd8fd516f824338d254a33b69f08d

SHA256
0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246

SHA512
37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

Download Submit
memory/1276-169-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1276-222-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1276-175-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2236-165-0x00000000030D0000-0x00000000030E0000-memory.dmp

Filesize
64KB

Download
memory/2236-164-0x0000000000E70000-0x0000000001078000-memory.dmp

Filesize
2.0MB

Download
memory/5060-210-0x0000000007120000-0x0000000007136000-memory.dmp

Filesize
88KB

Download
memory/5060-247-0x00000000078B0000-0x00000000078B1000-memory.dmp

Filesize
4KB

Download
memory/5060-248-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-249-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-250-0x00000000078C0000-0x00000000078C1000-memory.dmp

Filesize
4KB

Download
memory/5060-251-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-252-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-253-0x00000000078D0000-0x00000000078D1000-memory.dmp

Filesize
4KB

Download
memory/5060-254-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-255-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-270-0x0000000007240000-0x0000000007241000-memory.dmp

Filesize
4KB

Download
memory/5060-275-0x0000000007240000-0x0000000007241000-memory.dmp

Filesize
4KB

Download
memory/5060-246-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-245-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-244-0x00000000078A0000-0x00000000078A1000-memory.dmp

Filesize
4KB

Download
memory/5060-243-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-242-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-241-0x0000000007890000-0x0000000007891000-memory.dmp

Filesize
4KB

Download
memory/5060-240-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-239-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-238-0x0000000007880000-0x0000000007881000-memory.dmp

Filesize
4KB

Download
memory/5060-237-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-236-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-235-0x0000000007870000-0x0000000007871000-memory.dmp

Filesize
4KB

Download
memory/5060-234-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-233-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-232-0x0000000007860000-0x0000000007861000-memory.dmp

Filesize
4KB

Download
memory/5060-231-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-230-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-229-0x0000000007850000-0x0000000007851000-memory.dmp

Filesize
4KB

Download
memory/5060-228-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-227-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-226-0x0000000007840000-0x0000000007841000-memory.dmp

Filesize
4KB

Download
memory/5060-225-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-224-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-223-0x0000000007830000-0x0000000007831000-memory.dmp

Filesize
4KB

Download
memory/5060-221-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-220-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-218-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-219-0x0000000007820000-0x0000000007821000-memory.dmp

Filesize
4KB

Download
memory/5060-217-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-216-0x0000000007810000-0x0000000007811000-memory.dmp

Filesize
4KB

Download
memory/5060-215-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-207-0x00000000077F0000-0x00000000077F1000-memory.dmp

Filesize
4KB

Download
memory/5060-209-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-211-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-213-0x0000000007800000-0x0000000007801000-memory.dmp

Filesize
4KB

Download
memory/5060-214-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-212-0x0000000007350000-0x000000000766A000-memory.dmp

Filesize
3.1MB

Download
memory/5060-208-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/5060-206-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-205-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-200-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-204-0x00000000077E0000-0x00000000077E1000-memory.dmp

Filesize
4KB

Download
memory/5060-203-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-202-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-201-0x00000000077D0000-0x00000000077D1000-memory.dmp

Filesize
4KB

Download
memory/5060-199-0x0000000007670000-0x00000000077B0000-memory.dmp

Filesize
1.2MB

Download
memory/5060-198-0x00000000077C0000-0x00000000077C1000-memory.dmp

Filesize
4KB

Download
memory/5060-197-0x00000000023E0000-0x00000000023E1000-memory.dmp

Filesize
4KB

Download
memory/5060-194-0x0000000007350000-0x000000000766A000-memory.dmp

Filesize
3.1MB

Download
memory/5060-187-0x0000000007120000-0x0000000007136000-memory.dmp

Filesize
88KB

Download