f137766576b1539b73f9c132f07db4ea08b87108535037cf1794fbe37fa3d14c

Analysis

max time kernel
62s
max time network
75s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2024 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ontrack Easy Recovery pro 15.2.0.exe
Size

312.9MB
MD5

b4f3e7f77034e822af48c525fad641d8
SHA1

2a9d0541ec63db944b06f2a71415e986fc5d4bcb
SHA256

f137766576b1539b73f9c132f07db4ea08b87108535037cf1794fbe37fa3d14c
SHA512

3e7cd905d2b2731dce45b18cc4dc569cec9975de0617d725abb3917ae9ee294f45b9683a25a2e37db4e71a0bf83dda7ebbf2321d878903c8e8d4fad430de14aa
SSDEEP

3145728:yTK7ryGFKYGpJrrO9S1Qor9VNxdA9nZjtqkYj2giXCXRIqa/jt9iqfMgpAhYh2g5:mK7OGFKvHrrqS1Qor9V9A9NfzaPlaEO

Score

7^/10

bootkit discovery persistence vmprotect

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2164	OntrackEasyRecovery.exe
5432	smartctl64Bit.exe

Loads dropped DLL 31 IoCs

pid	Process
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe

VMProtect packed file 4 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral2/files/0x00070000000236c1-514.dat	vmprotect
behavioral2/memory/2164-548-0x00007FF7578F0000-0x00007FF75968E000-memory.dmp	vmprotect
behavioral2/memory/2164-549-0x00007FF7578F0000-0x00007FF75968E000-memory.dmp	vmprotect
behavioral2/memory/2164-551-0x00007FF7578F0000-0x00007FF75968E000-memory.dmp	vmprotect

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	OntrackEasyRecovery.exe
File opened (read-only)	\??\F:	OntrackEasyRecovery.exe
File opened (read-only)	\??\A:	OntrackEasyRecovery.exe
File opened (read-only)	\??\B:	OntrackEasyRecovery.exe

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PHYSICALDRIVE0	OntrackEasyRecovery.exe
File opened for modification	\??\PhysicalDrive0	smartctl64Bit.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ontrack Easy Recovery pro 15.2.0.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2164	OntrackEasyRecovery.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2164	OntrackEasyRecovery.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1520	Ontrack Easy Recovery pro 15.2.0.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe
2164	OntrackEasyRecovery.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 3248	2164	OntrackEasyRecovery.exe	107
PID 2164 wrote to memory of 3248	2164	OntrackEasyRecovery.exe	107
PID 3248 wrote to memory of 5432	3248	cmd.exe	109
PID 3248 wrote to memory of 5432	3248	cmd.exe	109

C:\Users\Admin\AppData\Local\Temp\Ontrack Easy Recovery pro 15.2.0.exe
"C:\Users\Admin\AppData\Local\Temp\Ontrack Easy Recovery pro 15.2.0.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:1520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4380,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=4128 /prefetch:8
1⤵
PID:452

C:\DrZero_Apps\EasyRecovery\OntrackEasyRecovery.exe
"C:\DrZero_Apps\EasyRecovery\OntrackEasyRecovery.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c smartctl64Bit.exe -a /dev/sda >> C:\Users\Admin\AppData\Local\Temp\SMART.txt
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3248
- - C:\DrZero_Apps\EasyRecovery\smartctl64Bit.exe
    smartctl64Bit.exe -a /dev/sda
    3⤵
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    PID:5432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\DrZero_Apps\EasyRecovery\ArmAccess64.dll

Filesize
58KB

MD5
9201f8da81e241d1c3c275d909ea0228

SHA1
3943f1a0aae630d725c3f0e5b29653a346212ca3

SHA256
bedbdf6f458e73c196662efe069bca314293650ba8653626b3ea4be8405a5c9a

SHA512
ba7ce3f86fa046af923ed030b7077e4569cad8fc65d80ec541abfa5df6bbad748efe7de271507cf17295b84968547535a326c1167ac9f575756da22057d68c2d

Download Submit
C:\DrZero_Apps\EasyRecovery\OntrackEasyRecovery.exe

Filesize
10.8MB

MD5
8294a062062df3839e65d4a7dedd1c37

SHA1
5935b8fc77f927d16613e004e9970e7f036b6ba2

SHA256
4063ed04f4059a6dcc3a6d4906b4e909824c6855b842fa0ad6308ad2ed22fb32

SHA512
8eb56c7217f65b0c097e8340784702915095cb07591cde57848908da4a31900fa05aaff0e58d63097a4255cdd63104bb6a23f0671d4205600e2b9cf2850c1190

Download Submit
C:\DrZero_Apps\EasyRecovery\Qt5Core.dll

Filesize
5.6MB

MD5
607a99dcc9e21d2300fda4455c0d8a81

SHA1
b26427451ce3fb20c414c01e5576ff79d4a81e81

SHA256
2925e5e2b386e6697cd42eda0afc6d3246f8b1d5005b5876670b36c3cd474ebf

SHA512
9d4412715fc368502acf97215d0aada6e2080806757b891c9a257c0e33405f9b187bd2124d7bb65127ea7523b3890209c383e1445b14a8afd0d23b0180e64361

Download Submit
C:\DrZero_Apps\EasyRecovery\Qt5Gui.dll

Filesize
6.3MB

MD5
d6e43cb6441e91b181c0ae7b1f759a06

SHA1
82a20b0e9b53b59c5dc90d1481f15172f4f8d936

SHA256
afd95670974815e61d941ffa4bf69bc20d2dc60d6800e4d9d5058eebde062be9

SHA512
7d5f4f7fb3d85fca70811fa9100ac75e416ce1248579396a25363d00f1db72f3b548193a5d4b72b145c0619bda8463117519842ba8044e7513203a8110daa9cf

Download Submit
C:\DrZero_Apps\EasyRecovery\Qt5Multimedia.dll

Filesize
715KB

MD5
3b5c3ef3245f1e933df7b6ba91ece971

SHA1
f54871c0163fe3bf968ecd8af5e96febde8b2182

SHA256
2b70413b6369545a666c6bf950eaef8708a2593698f28dad9d519632b9abc517

SHA512
d00b0a7e448c768491f645390204db97dd41cd63b6a09c55c844a4e3a80b430b0c1086116db95c8d4665dabe1e1dd9c344f4a5b9a604f1384f0113f291e939ac

Download Submit
C:\DrZero_Apps\EasyRecovery\Qt5MultimediaWidgets.dll

Filesize
93KB

MD5
d66e8f473807692599e00f019d63e136

SHA1
7d1aff209c068296dfd09748212a51b3152e8fbf

SHA256
c39a56b9da732b03bd1710d1f65cc7483d8123a5c92210541b36d52f0046bde0

SHA512
6642b16cf713de50dc8003a3304d82de0d585fa1fa3a56410115cba1f09e9b013225f6ae649b54c59e05046f839bd9517f4522b087e58c4be3bfb1fb53035bec

Download Submit
C:\DrZero_Apps\EasyRecovery\Qt5Network.dll

Filesize
1.2MB

MD5
fa35e8732eb2ab09c9a970f4001c207e

SHA1
7da45263debfa03df8582b05113cf876937b39c9

SHA256
be4dafdf0903d7844e667bdc682e2f46287717d831e7bcc04b4da60041cdbaa8

SHA512
e8b6f9614aa3e6c5bd45a818a74395cd7c7d557672c2b94dbdb50663ea9477169b9ad1987e5e372c2725ecb173f9327cd651c6feaeba8efa12185e44714ed2b4

Download Submit
C:\DrZero_Apps\EasyRecovery\Qt5OpenGL.dll

Filesize
306KB

MD5
bc7fdb0f7c8c64af39584b67d43f0a3e

SHA1
7b444f135afa4352871ef5ab0f05b321c251a460

SHA256
33ebdd5d276ab8b937dd23bdc9827938cb58b2588bae354db74f335863cbc0ea

SHA512
27b3b570f008c567ea2dddad429d01da353b31b484d27184f46c6b1938d6d2a647e739918d54256a432182c6bdd1420ce1447770ceb0a74bba92568d9ed0135c

Download Submit
C:\DrZero_Apps\EasyRecovery\Qt5Svg.dll

Filesize
310KB

MD5
98a934a22a0c5f5ef095e12285eb1a11

SHA1
9a330e4113da001cb087ae3205ee0140209777d0

SHA256
e79a6e5b545306fc95040f1da5326ebee81a7e422ccc43b551adaa0fbf385897

SHA512
858673c36b559d35bdb1cf7f8bfca818941a0f34c0277f061c7e7ec2b4e4a18b76ed119ec074ba04879e32809963f0b17c9cd05362e59309b5e9a6ecebd79a8c

Download Submit
C:\DrZero_Apps\EasyRecovery\Qt5Widgets.dll

Filesize
5.2MB

MD5
ca738e77373a5d21715bac3c3e63c786

SHA1
98dc208af21dc1df800e85097b85d046250c327f

SHA256
5a89434353cded683c750124b25fce258550c091c051b33a1e73f42b81b25cef

SHA512
90afb6a2b9615d469456263a50f246fc6cc01256f2dabaa363d42305847d4b5cadf18f2309b2854f9ebf7a3ea88283b55f8e58525b7b5c08900d3f487dc0e74d

Download Submit
C:\DrZero_Apps\EasyRecovery\Rockey2.dll

Filesize
9KB

MD5
15b2a65f13cf389da61cf198ea7dfee3

SHA1
97a97a7d8fcec5155da378b2b2926ead608d6b16

SHA256
92efddda210589a067b536c97e1c598e253375181b9792f394b3132b9ddb7b9e

SHA512
339bfdd1c80bb9ad3629f21b5e3607dc20145794ac4ffa5b8b8f2b0f1645c32726cc5c9083993b927b4500d4f15e4eb2b7d12a242bce5b1330ab3e156ea92d1c

Download Submit
C:\DrZero_Apps\EasyRecovery\Translation\DE\LANG_DE.qm

Filesize
240KB

MD5
3bd3394dfc4f44a4eb564bb73349cd4b

SHA1
caaab233e6b7de056b40d6cb4aa2127256f8923e

SHA256
2cdac7605b27411b44e0080c6e5b0b713b462be4b926d5dbbe04b57350196f1c

SHA512
3eba7a5c097e06b667c86f8d03298b1bf27536416e8f569e7351bf2e50d75d3647eb9be853711ef638ab3a71e16470ad60cf975aba4cbc2f07beaded4c7c0dcc

Download Submit
C:\DrZero_Apps\EasyRecovery\Translation\DE\qt_de.qm

Filesize
86KB

MD5
faf368467184463e35ac2f0fb3ca178c

SHA1
081a7d99a21a046e4d2fef587d784de83275aca4

SHA256
cb71ea71eda4d5c5439e1ca68de613359d49cd7a22d3fce7e4e734c7f54579cf

SHA512
870adc933cf5b14757dc97f110aaa9bce943e7cd1f22954078888d455212970093bc8c10d74cc430cf6c0d76965c35df6bac112e3d7c139ffe8e1ce8b5ff3b13

Download Submit
C:\DrZero_Apps\EasyRecovery\Translation\EN\LANG_EN.qm

Filesize
31KB

MD5
70341cf9b8bcb905b32472b7d5620275

SHA1
c960902b99d140304df07a7d4ebe438ec30e7326

SHA256
cad04c7221978ec67815ebfee592d3d70ed17ffeb9c0a9a19001bb8c3db09bcd

SHA512
33628ea66108ad8c94a2587b19664af02a38924c8b6e008d07138aa5a8722975bdc8691027737e39242d2ecdba46391c092b98cd1e2ac420e8fa35e2bf4c0ef6

Download Submit
C:\DrZero_Apps\EasyRecovery\Translation\ES\LANG_ES.qm

Filesize
239KB

MD5
5524c5de021dc061db230ce4c3ebc4d0

SHA1
4ea2eab9361844687255a81f81b21896815fe709

SHA256
60134a63f0fcacc3ab7e5ff8844622bb6c42b00ec1cf6a4e085cb7c36e73ebff

SHA512
f29c11cf38c4270c05232b8c570b4bb95d8d62d769f9912f327fdf9321ecc5e0793eee6943a2c3bb130a0bf28dbbfb6cad904bf25c8e8fa22b54c90e1bb12af5

Download Submit
C:\DrZero_Apps\EasyRecovery\Translation\FR\LANG_FR.qm

Filesize
242KB

MD5
0083419e6b63e66f963de6b541c54141

SHA1
7198f5cae31191196b0803f4b118f218bf84eb63

SHA256
ea05c30c93e4022529412b59d8538c42cc9af5dbca7b5a62f21c5be7a766230b

SHA512
d70032ec65831e1f836c1b103aa5296cdfecd6924a35f075a8dd04c43225bb4ccd0d0db6a78cb1d16068dfd27a322432dee3bbb49e74841952e14757cabbc7fe

Download Submit
C:\DrZero_Apps\EasyRecovery\Translation\FR\qt_fr.qm

Filesize
145KB

MD5
0080ed0dfee29919770e1fb23b93f4cb

SHA1
7539d840c14763e2a3f8ecd5cca42322579a2c0d

SHA256
cbc378b3ebdd7af48d038ed4625383e767810915e7fdaedb24ad4a099e30ccdc

SHA512
a236636554f7f6576d910cac79acadc43e44553ebdb07a6698749925de1840e56515e207bc96308098b013e4850461817286055db55336c8acd42c53837504e7

Download Submit
C:\DrZero_Apps\EasyRecovery\Translation\IT\LANG_IT.qm

Filesize
236KB

MD5
a5f081094da2b54ae4c67c3f8eacbfad

SHA1
93fe4fab3682a7402316dbf251bbe6d3fe15cca1

SHA256
1ab1cb84fa659d7acba4c26cb28b9e6887adc34215e68c91e5db882b48f22e42

SHA512
0df895e4ded428c3475c4062a5b60de314a4aa9cdd64d8da992e2f372080b00d6e8090bd05115bd677dbb4bc0ca18f2382eac52f65ae1d9fab8548a0a35b0be9

Download Submit
C:\DrZero_Apps\EasyRecovery\Translation\IT\qt_it.qm

Filesize
80KB

MD5
31a5e844ac650718f04e33f75dbc7d01

SHA1
0a5350c32d3ff518e29984dfa6d92526a02092ce

SHA256
74fe7481c3c592702dd3fc9fb29c6c23cbeec12662bc38cb0b0a47c6131f3d35

SHA512
c8ddf4322714b973c7804d3d93b4863537d9523be830c1e099f30a2da892b823afee7528fe75420c377bf4f81f0b6f72943050236f81a4a9aaebaeaa5c954809

Download Submit
C:\DrZero_Apps\EasyRecovery\Translation\JA\LANG_JA.qm

Filesize
192KB

MD5
ab5567b9d432d90877389fe253419545

SHA1
f332c51cf2fe6e4be8adff931ad238590cb461b8

SHA256
275e7713964257b830276e6f828d423cf5eeed8b4c202d06056711004c9b9929

SHA512
7705a24168270960240264746900ad77eea2c68c7b6d98fe6616c7b8a7948c2aea3ebfa2183276d074447c2326e01d9460db526f34e46d296aa9a65e3fe997c3

Download Submit
C:\DrZero_Apps\EasyRecovery\Translation\JA\qt_ja.qm

Filesize
89KB

MD5
52f7070bd68452810e0b2205a44f06f9

SHA1
72c8ae357662707f98dfbc489b40be6347292e98

SHA256
f08328ac774b9a062d881db9979c99b5bfea2879411f82ed0cab571131516841

SHA512
b8c69c0629812f6278e9ae05c152b429d4b5d0b7ff6907d28e3a6c1f28a83ceef63f6fa5ef9e8cb472e3fcffaa5c46e9c5eb4b0e338dba02ef8230edb5a13942

Download Submit
C:\DrZero_Apps\EasyRecovery\VCRUNTIME140.dll

Filesize
83KB

MD5
1453290db80241683288f33e6dd5e80e

SHA1
29fb9af50458df43ef40bfc8f0f516d0c0a106fd

SHA256
2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c

SHA512
4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

Download Submit
C:\DrZero_Apps\EasyRecovery\VideoTranslation\ES\qt_es.qm

Filesize
114KB

MD5
3dcdef7515e8015e74fcd5bfa2f8f12d

SHA1
de4c74a660fd05f7aaae346f6f783d1385c4e71c

SHA256
004c23b01b3848da1a5819336e99efb0341d4bd3316430ce26670a2429de63e4

SHA512
b65f684e3f24a3062d418284cb20583aa6bc590d0da1d50a21638495c6316057ca881a598c3e36c4ff51305a85e5ee3754cb9c7c77324d349cd2a9f52b890172

Download Submit
C:\DrZero_Apps\EasyRecovery\imageformats\qgif.dll

Filesize
31KB

MD5
cd795c6fd81135390a02f3463becd6f3

SHA1
a0783ac5ba994c26034fc7cf28c2d7c8b1a50efa

SHA256
e38a2e0bbe9627995379658daf73f1e118accdbf5a6855fb581633f80fcd9abd

SHA512
692a35074647d97cd1ae063cd6bc5251b7031937f5d64c871852e5f9cd7464849c4509e7ca015c9713ec20a07746159ed89a4bc76821ab530eca92e7b821423e

Download Submit
C:\DrZero_Apps\EasyRecovery\imageformats\qicns.dll

Filesize
36KB

MD5
0c6d5e510f19fbfe556fb2aa367a21c5

SHA1
0f8f72d3d86fda990aaf879214228484024d6cca

SHA256
3cf976521112f7b1ae84005b247bbc963f82b82860e8ad98a2c17fb99443d312

SHA512
01a11e5805ec7bf1ef4251929162bfedd3018b4835a8aac44b719fc7941a7b03ece9dc12135c40b302dd8df50ebba0897525136c4749f4eb1a1f67f22dfd3ef7

Download Submit
C:\DrZero_Apps\EasyRecovery\imageformats\qico.dll

Filesize
30KB

MD5
772873782cbe1125284edcf5b86538cf

SHA1
d2429b9019d5f313d5b49542ce680c3993b05fc2

SHA256
02e4611eaff64c8ec0bb8df46561c2935e083686a65816752e74fdcdb6fd79f9

SHA512
7b99ea5a33c51977391461a3833641ff2d89140e04bc16297ca76209c243b232dbd6b72eab8e602ec43e57a697476dd995ca708dbf718d446a529618f1d9a24d

Download Submit
C:\DrZero_Apps\EasyRecovery\imageformats\qjpeg.dll

Filesize
403KB

MD5
6c585c55b870b76a05d880ebffe845e9

SHA1
840f698bb0e5e7e70cb188c45dd73e4f03e8132f

SHA256
47d732085bbe838c90045eb1a9aeba3c93a0b495dba5020f52da7febcc8fcceb

SHA512
b427b3a6ab3b6d1cee21eb203e3ff55c5b7a5675b69eeaf0ac9fa02e006cbdde615e53effcee97e1f9b1ed2e2ad9bb8c1c54bb263461d7bdf18bb5029c31f886

Download Submit
C:\DrZero_Apps\EasyRecovery\imageformats\qsvg.dll

Filesize
24KB

MD5
7ea86928187e396a27c9f996c0897192

SHA1
f63ad75c466b963126d00406e0916bafc955c944

SHA256
e7006fa532b672441674ea536f9471abc8810c861d047790ce8a16d9e0016da6

SHA512
9b669413d0f305606ffb1628cb36cae7aafa17098fd065464dcbdf19a56fb3ef8ad58d6379611350790cbca71a56c5e6e90e07843f44697190a263e8fbbdd63a

Download Submit
C:\DrZero_Apps\EasyRecovery\imageformats\qtga.dll

Filesize
23KB

MD5
b4c80107e8c1d259f9036352aa875b7d

SHA1
e46b34adcfdae2c07044c662039f82f47ce6e441

SHA256
c16078e5aea0dca3a6447f4ba10987272bffffbdef779ec8188cfca0614971cc

SHA512
80f9e8be94a22b68d6ffe7af029c82a557de4d991d6bbea72b921e7890d469ea82681becc4e40cc99443c58e966f833ed092cb77c3dd0083e8b5c49a55329f53

Download Submit
C:\DrZero_Apps\EasyRecovery\imageformats\qtiff.dll

Filesize
373KB

MD5
0407afbcddc06aa14902e4055c6dcd53

SHA1
19863ce0bcfea6b69213957830f06d7ee767a0e0

SHA256
b300011d20524bfee2211d2bbd91ec12baa330553afad7e4937f17744283aab7

SHA512
472851349e341931b1e3c9b530e6db0d9ed032163f89d2cdddcbd1c4b8748f7735ce44f3546afd3a4a5025a81c6d73b2e73650c47c38a32a174974e23f9ff070

Download Submit
C:\DrZero_Apps\EasyRecovery\imageformats\qwbmp.dll

Filesize
22KB

MD5
e07badf907882339e3a2c5f089e7041a

SHA1
356a7b7302c5aa32acc1fb32d96b578c099f6fd8

SHA256
fa8d3560370e7bda8cd845baf274d2a6bba6e75a42bd486a32b0da7116123a79

SHA512
44460754c7669597dfd7023a742604effbe6f4496e40cbb26806e0094e9c9a20c60e31c80e93a2a8dc5ef860beb35c997147bfbee9431ab5e6cd2ae76b064bd5

Download Submit
C:\DrZero_Apps\EasyRecovery\imageformats\qwebp.dll

Filesize
490KB

MD5
97fa59625588c492ee2cd03406e9d8f3

SHA1
5cb4a5a4e482ad36910fcb797bc538e73a57a4cb

SHA256
eb36bb90f52be2413e43bde40c5f56a70e5ab251feb6f39c19b36b10d1c54e8e

SHA512
8c7ebf474bd9ada2771f7e336799c969096150e769cd1ec8950f35009e98dc777d2b5f392981fcf1863f62e266fabdff419bca15f964777d05f23cb48cd5cdf3

Download Submit
C:\DrZero_Apps\EasyRecovery\libeay32.dll

Filesize
2.0MB

MD5
9903d4d6db6a6b8eb0353dabb9f76c40

SHA1
2098960dec0ddb3678eb40ad2664f00cd0232f99

SHA256
0ee2a45c8c6d9928723d46d364133f39e706baccabbceea1159e9a8077551f00

SHA512
a85705dc077facff0885bdec2c3a54b1b61eedcae06895cbf502e94cacb5bc733c8e7b9ee09be271f8594cd4b3f4253857cc663288be67a72ad6e53a63f7fee0

Download Submit
C:\DrZero_Apps\EasyRecovery\msvcp140.dll

Filesize
576KB

MD5
a11a1d761d757d367146f0f772632d8c

SHA1
9fd3eee4c4111dc386510a930192d56a2e938dfe

SHA256
2cc02c5e6654aa9175d5963f811cac222f4a2604dc28553139c675b1a78995a7

SHA512
6fbbb77766ee9846d6d3bde2ced5eeaafe721de5524a410a4821dfa6c08edbd00905bec2b9237b8f7986d6d06dbe444c5845130193da537cadaf29ea784c48e1

Download Submit
C:\DrZero_Apps\EasyRecovery\msvcr120.dll

Filesize
940KB

MD5
9c861c079dd81762b6c54e37597b7712

SHA1
62cb65a1d79e2c5ada0c7bfc04c18693567c90d0

SHA256
ad32240bb1de55c3f5fcac8789f583a17057f9d14914c538c2a7a5ad346b341c

SHA512
3aa770d6fba8590fdcf5d263cb2b3d2fae859e29d31ad482fbfbd700bcd602a013ac2568475999ef9fb06ae666d203d97f42181ec7344cba023a8534fb13acb7

Download Submit
C:\DrZero_Apps\EasyRecovery\platforms\qwindows.dll

Filesize
1.4MB

MD5
12e228184ba34755eda86f3dc83ce2db

SHA1
d0dc728162a3ef17917cb8dc7821335921192949

SHA256
33dcbfb519146bcf0bb955cef14bcd76f0c746277b2694911fac68ea890cad89

SHA512
2f5fb4ee8d00880e940e70aa6c1f98a85409e45de3d3969f4b2710361f70414f24346755ec8c2b8fea90f54f5600b3d4dc057c2ed1f2abac2624ff9874c41456

Download Submit
C:\DrZero_Apps\EasyRecovery\ssleay32.dll

Filesize
344KB

MD5
3ee69e78eec1906ee5b896e54b94291f

SHA1
1c979d26b5983d149c96741a9105a972258fdbd3

SHA256
bdc9170cea7c45861391bae3cd57767c090ecf8b52b6b9af3cd6ed2305abef9d

SHA512
549ee77f8bc100eaf3c136bf3c8af750ff0ae10f383e2c3b9325bbd49d32143e42b59ea5d056c27e3e17752b6f0fb6de70d154da6458f2a1a345e978effed5c6

Download Submit
C:\DrZero_Apps\EasyRecovery\styles\qwindowsvistastyle.dll

Filesize
132KB

MD5
e9788e9680ded883c0d04aaae3871f0d

SHA1
354cabd75cf65f7e07ed47f18555d16d4fb4e02a

SHA256
e0491d8dbc838236e9263187ca93a4978070a709fd27acaa6c5a7ccfb2fd7710

SHA512
e3e6019b54143f242fba6ac85b33ab3c29db23668e0368897aa00dfff82159397447905e8d236398a0d4a2ddf5c4b254963dc03ba3046fb19997b00740958066

Download Submit
C:\DrZero_Apps\EasyRecovery\translations\qt_en.qm

Filesize
23B

MD5
4aef4415f2e976b2cc6f24b877804a57

SHA1
2aa2d42c51f9cf024e3777f0dde4270388fd22ae

SHA256
307cef95dd5b36ff215055d427e1885b7fc3650c9224cf76d63056545996ff60

SHA512
c75f089a95107997b0a786e7c1191e48ec7a69aefff97daf37783791d943c612b7c1b43bcc2cacdfd15e79382e0f314c88817c7dd320f8028af3420452ce3a1c

Download Submit
C:\DrZero_Apps\EasyRecovery\vcruntime140_1.dll

Filesize
43KB

MD5
6fe223ce568d919f80bea233738d0628

SHA1
d7bf5acfb4bed8b0790dfc617a9b6f899b484d4a

SHA256
da5d3440dd53261bffec0f9163a46eb12e46b2a4e1bd72dd1b62c6bca9cca280

SHA512
420bde4da4f2e9cb0b4a26c11a4cdb405656eaec6b9e8ebcfe8c6b71682dd02cea0a26ed01eea2295bf1b574ea7ec33e15b5b1cf742694ee8aeed07feb1e6543

Download Submit
C:\DrZero_Apps\Uninstall_Ontrack_Easy_Recovery_lang.ifl

Filesize
2KB

MD5
2922d0c758d9c3c10cbdc59f91979d0c

SHA1
feb69bdf58d06cca776db63036811af0764ca013

SHA256
20f6d12eac29bd6ddc6a99dd276c5e200fac25c976ab4293195b58ec164c253f

SHA512
d15e888bae4e23ce5d61becc3c47d9b5f61fbbe4612cf90677314570fe1df1f4fde6c519b789ad46cc50d19c2b3701bc9bd968e85bb618fb7127950d4ae92695

Download Submit
memory/1520-16-0x0000000000400000-0x00000000004CA000-memory.dmp

Filesize
808KB

Download
memory/1520-17-0x0000000000400000-0x00000000004CA000-memory.dmp

Filesize
808KB

Download
memory/2164-544-0x00007FF9CCE60000-0x00007FF9CD39C000-memory.dmp

Filesize
5.2MB

Download
memory/2164-548-0x00007FF7578F0000-0x00007FF75968E000-memory.dmp

Filesize
29.6MB

Download
memory/2164-549-0x00007FF7578F0000-0x00007FF75968E000-memory.dmp

Filesize
29.6MB

Download
memory/2164-551-0x00007FF7578F0000-0x00007FF75968E000-memory.dmp

Filesize
29.6MB

Download
memory/5432-586-0x00007FF7AB3A0000-0x00007FF7AB4D2000-memory.dmp

Filesize
1.2MB

Download