Analysis Overview
SHA256
474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045
Threat Level: Known bad
The file WinIconMakerFreeSetup.msi was found to be: Known bad.
Malicious Activity Summary
NetSupport
Modifies Windows Firewall
Loads dropped DLL
Executes dropped EXE
Blocklisted process makes network request
Enumerates connected drives
Adds Run key to start application
Maps connected drives based on registry
Drops file in Windows directory
Program crash
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Checks SCSI registry key(s)
Uses Volume Shadow Copy service COM API
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-01 14:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-01 14:46
Reported
2024-02-01 14:49
Platform
win7-20231215-en
Max time kernel
163s
Max time network
174s
Command Line
Signatures
NetSupport
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\IObit Workshop Ultimate = "C:\\Users\\Admin\\AppData\\Local\\Programs\\WinIcon Maker Free\\CPPlayer.exe" | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\INF\setupapi.ev3 | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\f777022.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f777024.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI97E0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f777022.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev1 | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\f777021.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f777021.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\WinIconMakerFreeSetup.msi
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000003B4" "00000000000004AC"
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
"C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
"C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="CPPlayer In Service" dir=in action=allow program="C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe" enable=yes
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="CPPlayer Out Service" dir=out action=allow program="C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe" enable=yes
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 128.138.140.44:37 | tcp | |
| MD | 5.181.156.118:443 | tcp | |
| US | 8.8.8.8:53 | geo.netsupportsoftware.com | udp |
| US | 104.26.1.231:80 | geo.netsupportsoftware.com | tcp |
| US | 128.138.140.44:37 | tcp | |
| N/A | 127.0.0.1:49364 | tcp | |
| N/A | 127.0.0.1:49499 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabE458.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\TarE4F7.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8c0e0eb7ea6a94412043b04a31bbccd |
| SHA1 | c4bc618072a968cf2f915daa18b1a7ed4f51a059 |
| SHA256 | 6548d5e4cf19a9e24e2584c547804b1c590c88b2dc2209bea8e1a7261d132a1b |
| SHA512 | b5d6d675b717d0d793633448d6fd38a62fc2ee65889d3eae8eb183e1e33b582d65d9c614b019a290fd03b586fe0080b21418c3a75abd9ca09fa62576fa6068aa |
C:\Config.Msi\f777023.rbs
| MD5 | 6d99b5795eddee6dc6747b70affa7b97 |
| SHA1 | 29dfb6d024e3dfe9b3d4b8f706c485ec6368b8c3 |
| SHA256 | 802a5a12b08d89c626773d969e8a05d5f46e1d4d47dbe051c4864386a8df5ef7 |
| SHA512 | ff12ce84d31f82b0c6bc3c1d56a0060e24197748888a1b70e8c760869e40c033fc323898fd24cfc2607ec786d14d6db5804017780323bd0b06aae44c2d3f31fc |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
| MD5 | 63865737958c4cc0e26e0bc63126320b |
| SHA1 | 0ec16c83f988ef18314bfad82a0605d5d282851e |
| SHA256 | 38cee91fc73f7995aa52b7374e4ab3ee5c0f6b4ef5840d0c4e19a3340f1a9139 |
| SHA512 | 385a12853ec751ed480c8b1476f456f3130e25fc500a56e0df74242f83ffb14e1b61f7e021f30c7c74d8d6e217727115f2d23e0bb608819ba001a6049b3e7f0c |
C:\Windows\Installer\f777021.msi
| MD5 | 57f93335715feb1be80795df85021f08 |
| SHA1 | 15f6f9981f64b935981d70803b2b726733f1dc4b |
| SHA256 | 8c539c8c60f21ba4789e2abbf7bec73c7bd67280697e89fb184f49acd23b9a0a |
| SHA512 | ee7e7f8901859c313b4e5bf99dd706c0b483e6169dd4a26008825384ccff847e03db1b3d34779bd895fea0507d1a266e939481915f9cf2ec33bee054fd96ec51 |
memory/1528-112-0x0000000000230000-0x0000000000231000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll
| MD5 | 074091aef241b7eeb2e9d3c1a95a7b0d |
| SHA1 | 25f47619458ebc5183c6fa914a0a03c88e7439e9 |
| SHA256 | b179f958d4aaa99e0c7c1101b06e49c3001e7dc9796ffadfd65b96a5fdbeb538 |
| SHA512 | c20589c511016c804dc75a4d19bc162e2064bcfd5ad5755a960cf876b7a57ef0db385d7841c10e264a29270512da5648c740df7ecee6d81a04e427ab0f883ec5 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll
| MD5 | 094f00fa6024b0c5b3c5e87e708030b4 |
| SHA1 | dd30f7fec4508fa82c021f93bd34d07096574bdc |
| SHA256 | 286858dfb5e5361383db3fb4c9ecf3cd8e74983b777dc720ac5886db68d3a152 |
| SHA512 | 1cc4aa959f8f6aa22c0fa4e906cad3c6794559b1cb66625bc68eb0cce072df78fca9e37fc8ce53503947b444bc1bbcb36b6270dee8fee1193063d995cb546c23 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadGC2.dll
| MD5 | 6f346d712c867cf942d6b599adb61081 |
| SHA1 | 24d942dfc2d0c7256c50b80204bb30f0d98b887a |
| SHA256 | 72e6c8dd77fa7e10a7b05ef6c3e21d3f7e4147301b0bf6e416b2d33d4e19a9c3 |
| SHA512 | 1f95a211d5dd3e58d4e2682f6bf2c5380b230e9907e2882097b77b99520cd2c788f43ad2abcce617dd8ded0043e4ef1c8b6e083c44688b23109868e6cdd2364c |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll
| MD5 | 19ee3844806815a353335ea445832b6c |
| SHA1 | 1e05e1642c9f788efa9298fecea77210cb821403 |
| SHA256 | 27e7d40fc3496106359b9f189da073c92a3fc9da92d666fbc024f99f44bef6ed |
| SHA512 | 8f021c11dc4c3ab12cc113a5a86cec4ea27b9ab674ca208a6a2999227e80005f268964085c8b909a7fe23060cf952a11d4d6704e28d750a32bb404f324766608 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll
| MD5 | 0c36ea27f64a7da427ab112d50d2d42c |
| SHA1 | 2aa4a718eec953b8309503095834c94cf76fc6f1 |
| SHA256 | 09081236918db3e0caf00ce7f4b1c93a796fc2aeda4216f5878fdfb8d0bcad63 |
| SHA512 | 568b54eb129220ef2520bd9c46342de9240fa0e79a493c9498c64239c58dc40be4d99eafdb34e8f09f85e2f55eca80eeae69312ca03a275b73635a5dbdb1da77 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll
| MD5 | 2eb70e48e3d2a33b0fd782739e0074d7 |
| SHA1 | b49408d9036d715493745343c735967f70754cd0 |
| SHA256 | 9fa6b72f247e0317b9ed03a5eaea14d8bddc5d1acd301844e20135341d09cc99 |
| SHA512 | 241df9fa8ff7c3dc675fd3ad9ae433d12075ffb7f45523c578a8ae00104ec94d97582cc4dcba0aec1905073c63f28a48f2d002dd7152b7ab6810ffc4e64e08e6 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corem.dll
| MD5 | c3af226e81dd9b5d5d5ab08c67ca458a |
| SHA1 | aa3007573ccb7d6526a9ac2453f0713355fdd236 |
| SHA256 | 3c522331f81843b7f98de3b84009a3142ac0f3652d87308dc1452a026f311dd0 |
| SHA512 | 296806d0857697dcb2f91ec60e02401871ea8ac9e104bac057faf0342897efd04e98b51148b415439808e218ac93ac3aba907263fea2f965a1b38d7c9efb34e8 |
memory/1528-141-0x0000000005AE0000-0x0000000005AF9000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll
| MD5 | e0413b535363440ac5031db8ea9a75ed |
| SHA1 | 43328aa2000740416cf7f8475d573053a2f97adf |
| SHA256 | 1cc5468c0c16f24db435c2d21c0874b9ee26ab6b517c28366d43c51eea39a34d |
| SHA512 | ed84a0ad8be20fed412a89d5020fa5079721206b6d1e7de62a6433b97d5ebee3d458d02791e54a1268a356e42e0ec6ddf7d6631dc1fcdda9e9e8b9f53b6e0bac |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll
| MD5 | ee513613ea9ff54061753c9692e624f5 |
| SHA1 | 5e9acd405d6ceca21e8c950a90105996306c0f46 |
| SHA256 | daf0272fdac6b5b49c6f73f14251180eac68bda29fc413bcf38085491702056e |
| SHA512 | 823ded107198d3b6e8cd4a03e419d96ed3b01c2a7429516d20fc4cdd2441de25d44fd3020beb070d7f016641ef5783dbd1840b91335a9a6759beb553aed1bff8 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corez.dll
| MD5 | 258c140a5e8f5189110ba52232ce7583 |
| SHA1 | 9645136f8d75d0cc93629e7589880b29a56d1707 |
| SHA256 | 2d1d2c2741dc8cc5cc0d92e5f4025b7f28ed834f15386c320e56b009bc94f3c2 |
| SHA512 | 837616edf9238c2b969d6f60ecc97a32ed5e176df40a5b177e65c2d8c859891538bedb120b8da32efe6feb3b6f5bd547ac53c9ece6a3c049bc7f4ed035aa8274 |
memory/1528-138-0x0000000005AD0000-0x0000000005AE0000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corez.dll
| MD5 | 355f1b97cad97743a8e70dd2803e2f9d |
| SHA1 | c7c12bc74483874cbdd39343d149509be355c2d9 |
| SHA256 | 00d4986dfff92cfdd45576da9100d49f374a8dba1a476cfc8dc7cf50f5a6735f |
| SHA512 | eb7f8d7b68ab01a95de5aad0023fc4c51c3828138610b488c92ca3ab5c320305f295467972b542c7fe436d08e21ba7926a997702e4383ce5f4cbc674f62479b7 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Player.dll
| MD5 | 9e137cbd50da2b9a4788f6cc1dcda62c |
| SHA1 | 4f38ef19170675bfb5b363196e712142bf90e7f8 |
| SHA256 | af49cc02f3063d95eac2ad2dcbec1c7361ed47a119a41e964ec7919d12258634 |
| SHA512 | 4b9ab5a07d37cea841bffb178a682efb6dca728cc205ad081504bc1ead391bd1ca5f5a608e6cb673aadbc62247b0bfb99c7d15029c0091b6a2cb7e91bf2b1b2b |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corem.dll
| MD5 | 71f601f8151e34ef31307ab4e46e902d |
| SHA1 | 1f3d312e2f4755b7f2decca1dedb91bc795288ea |
| SHA256 | deac6221d0abe480012e836e5e9dd915828ae55401f0c46fb7ce8049c380c698 |
| SHA512 | 377e6c9540616cad77cf151a31f6461338910d441a12b26175d8bcc2020eba83f621b0df1756123b58fb4358786fcb6a3e187af11123f100a91255218a616aa9 |
memory/1528-146-0x0000000005B20000-0x0000000005B3A000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll
| MD5 | ed5746c87fc7c3925933de2df866e7bc |
| SHA1 | 0a567c7b7d3cfabdc4de7ba0cafa1311652034d4 |
| SHA256 | c2f48eb3727040de5b8ea76875292dc86915a04836ca41ad1b30a2cb86e3eeef |
| SHA512 | ea32f04b1bac637686ce605d1fe7ceb7bdbc032e9d893197473016e62985f77245c9fffb691c6f24ee8483b12d89e976d12e027eb179ace18246bddca2737fc7 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SharpWnd.dll
| MD5 | 7370490e1da3b929ebd4287875ad5914 |
| SHA1 | a598d8c11905464414e8b741fe080be08507351c |
| SHA256 | 6602c4a3115a1b3a8a56cfbc7402936f8dad7627dcd6a9fa224dbe9b7ebb2434 |
| SHA512 | 6f1cd820907e58b47ea0c4b36a7b7cb1fb45ff7393833daa424d51a52741957eb437dc33d1a61a77880069b4522fa777e0f84eb89e067da7e176db20f93bf887 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SharpWnd.dll
| MD5 | a0bf8f3ce050efcdc441a40fa146d12c |
| SHA1 | c12814cf6cfbd329ec2c0281ee598f704e5e3335 |
| SHA256 | 6203260bbf3cc6a85c868d2a0c617296bdd966422d5b1d132f487aff305544d0 |
| SHA512 | 8e8bb4131f3bb3868d65be1ab4bf9b0cf8d5db04f4a5f598b43d0ecb3d0813238e2a9ade0911029fd65506048153a801758892d86a871989a9f8ef3a23bac26a |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ImageZoom.dll
| MD5 | 7707f9a473a8b76e2e45ecf9eca9373f |
| SHA1 | 8ab746e832a624a19accbc258826f3e9efa5b58d |
| SHA256 | 77ca67cf295ad97132717ddd0193c2fe2dfc78742ead75214bcf10362289fe3b |
| SHA512 | ea134eeee5d07c96528f612089a42a902b5a02c9791de124edc702b4dd3f08088046c04b1d601a15d0c0fadda46c8edaf69031109f283336ebfd9d08fe78ba76 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ImageZoom.dll
| MD5 | 40d7fc3b2d0654937e3f90ca1132a2c1 |
| SHA1 | 8766221aff314a4fb78fd32961206cd95ec494b9 |
| SHA256 | 3d9b491cb3b98616a50885002daffdd4a0993276cb7b22d1d49f20a4ed64bcaa |
| SHA512 | 2edde540692a4a77622aa3d713e26a036c84af06c36c3f1ee7913e29318beb874367e0b49a9bccc03e71b62337e79bca60180d53b3c70e7bbb6f2ab3202f0293 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll
| MD5 | a1be2e85f5e83eef973635da4a09d35c |
| SHA1 | 21b729ba1e660109ea894b8265e38228e45c3922 |
| SHA256 | 3738697facd962bd399f72f39205bb68984976077f06aca5cc7468c3d85eec60 |
| SHA512 | 06d47e2edd4b79200c6e12a1db9364d9509d1d85d44b8e92ec9f4e8493df322acad21dcd3376c13377494903e6670e14d4fbe5ba16785c5c4d13c1d953ed92da |
memory/1528-153-0x00000000733C0000-0x0000000074268000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Player.dll
| MD5 | cc1ae9416404f956d504e3097175418b |
| SHA1 | fa6a0c4cc028dafdce90b75a1f5e4e7c57fe7e12 |
| SHA256 | 23152750c57f33ee7647b182a33a28a9ec791800b4ff49b0210cfdba434c08f5 |
| SHA512 | 8cd5bf544416ca6488478ade204ebcf12336a737e1579494a25bc47aaee7fd2eba6de74050065ceb4a7fe7f7f83958122eeaaf4d0436e84700885d4535e9f85e |
memory/1528-154-0x0000000074D50000-0x000000007505E000-memory.dmp
memory/1528-135-0x0000000005AC0000-0x0000000005ACB000-memory.dmp
memory/1528-160-0x0000000074560000-0x00000000746EE000-memory.dmp
memory/1528-161-0x0000000072C50000-0x0000000072E0E000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll
| MD5 | b2ee747e65d4f177c77b6a722e4a31a9 |
| SHA1 | 04777f404901a07b7052d47e9633bc3c2c794770 |
| SHA256 | 69a407d078e9210e0d812853482ff61284af988cf4252e147b96467b0d1350dd |
| SHA512 | c6a40b145f537114ccf0d0677cf860aa3aa27ef02a1ca575b0ed963ed97bec400eb82704417f13517a1cfca748e2a75afe50979700b641b40151591aa9b0237d |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll
| MD5 | 4929d4ac3a205dfd99442b3c8703a3bc |
| SHA1 | 4c103c3629a55998e3d3de5f8a40195221234d38 |
| SHA256 | 1a4855fca2f0cb64cd9a78b3daf4dc2e17899192a0e42f9170255627ad5b1966 |
| SHA512 | 9374d2aa9aa8331f7dea8e3dfdbb1e39b5deecdacb38345b31d78e7b215996168a650114bb72e8565ab4ba10fa6c49fa17c75de9875297c288a23cc4dc008b1f |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\templates\bank.wav
| MD5 | 3df344eee0bc793e97eb81cf78e15257 |
| SHA1 | 461d658ecf9a2a881126b51aafb05651244db60c |
| SHA256 | f4858a2db9a3df91ec668cfa87a1e1339582c1fc8fb3da7d7f67562c9673fc86 |
| SHA512 | b8104dce314ca59e2522f7319663d1cfa2986dd3571d45bc0272def6eda09c1d5fe8e7fd38d95635067bbfc10e94f2ff380d0791881d7f9432bcc51a15701dcd |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\awebform.resources.dll
| MD5 | 1df3587eb803ff1e6554cbaa1b1feec4 |
| SHA1 | f95eb66ac50bd3a03f714172624892c33b5148fc |
| SHA256 | 52bb164ea074ed61a5842ee596203100f4b553697bcb7035afe6871d67a96671 |
| SHA512 | a43b0b00dfc4e9cd5b3b91c5b716fd1dcf07b32e7219dc9d2f253c8c5da051725d9edc60d891468cf0b9507ff576b1300e755a72030c1aa7e45acac65d1bc9d5 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\awebform.resources.dll
| MD5 | 61e797e9c5e06798ecdbfc2e7e6ddf20 |
| SHA1 | c758d54447a870921021cc07fa8c611a73dabd8c |
| SHA256 | fad4d2e938d97e3f999f2d9cd78d39e4587f3205d5abaa873db31bd53405de85 |
| SHA512 | 300315bd625a458d8f91f44df4a7739824faa69c3110405d2a7582a1541e79f22af6cd00f0177263cca76507e42e2bbf888fed9082dd67353f0a39b0a9cf01a2 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadVC2.dll
| MD5 | 54aeddc619eed2faeee9533d58f778b9 |
| SHA1 | ca9d723b87e0c688450b34f2a606c957391fbbf4 |
| SHA256 | ee15e6e3f82c48461eb638c1ea11019ae9e3e303e067e879115c6272139026e7 |
| SHA512 | 7cec39f32804109b3d502027d1ec42a594c1e4a2d93512195c60bd41aad7e32a8b0eb21a0ee859fecb403ee939eebc4608d9d27a4002b8c282de32f696136506 |
memory/1528-162-0x0000000007120000-0x0000000007279000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\postproc-52.dll
| MD5 | f75d1b175e1687ee0a9b9e4a7abd123b |
| SHA1 | 026f4db79aa8db651964acf17233302d1809de1e |
| SHA256 | 72180a408b13b7d98c0bc2395b886a5c3aa0b2dea39ef081e193f60ef373365f |
| SHA512 | 200aec20c95b1ec2e7d1bb33ed89d846a128847b82c9d09aa2788b258967e750718414f05bdec0cf2e4f9c7af697404e19caccac354a1a62db52e76c6a45886b |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll
| MD5 | fad029ba38baf5ae1093f03a5e101fff |
| SHA1 | 99505a53e9f96405e799724502faefe0658743ff |
| SHA256 | e11a3baec584ff516fd07e6d013ac03f4477b871cc67d6803dbd3eaffc10a0e7 |
| SHA512 | 2905c2fd0cbf695f465338760f5ee79887cdef1706d7897e704217d3a695fc88be0b6854bada87f9582d87677cad210edefad4a474efefe5d1dab818d17698df |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll
| MD5 | aff1bc827c7d48cb647ddac23f5e09f3 |
| SHA1 | 3d58299964ba60132d3627cb70bba8438d2831e1 |
| SHA256 | a223336cf22220752088b7a87bbb8d10f208737877500f82a72ab0547f9cbe66 |
| SHA512 | 8e3d041cf5d1b3187243fec1b13f2d00b412d29feeb03dabb525d0cceb96e755c586fe613bdecb6d6e1e39a6aaf9bd645d516875a4131f66abfd3faabde537c7 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll
| MD5 | 3c68bc2d1250f670213e4480a470e6fd |
| SHA1 | 295e6c4e54847b822364f49918186fa6f6656787 |
| SHA256 | 2c3d8100cb48e764d5caa16a20295d23990a40b2bc0e2c39c882b61d16f709af |
| SHA512 | 0bc48e7e66f224f03db6bdc6f4a75228483128d207c7c27c7ead8de1aaa788578898066980ebf1e3947dba5f638800a037678876bbcc9790157c4cdbae865f1c |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swresample-0.dll
| MD5 | 77bceb240f65c91d26299a334a0cf8e1 |
| SHA1 | de9d588a25252d9660fe0247508eadfa6f8a7834 |
| SHA256 | d179c01c646d821cf745ae5e66ffc7ed394a61a595ecc2bccf27dc144ba91a2c |
| SHA512 | b380b592c39fd22302fc4a36aa6f773a79253230f0dd73ad129500654dbdf24c5a0b0ae3b2a4ffd762da4f9705a0c8e48ad4372d85cdb6271c5d3f315c82a281 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avutil-52.dll
| MD5 | 5fb3a0307fe16f27c4ca1f6e38560fb5 |
| SHA1 | 70781f6ac942bcce18b06f871ac4d19b48f6cc45 |
| SHA256 | 2b1c3aa93401e90678e3274fe5163da96d461b54fcce11fe62dc7f41b5eb2261 |
| SHA512 | 49619ffa35bef4e46407aa091c8d12040a02b1bf3da6df16d0f1f86261b953c586b88f051b1ce8fc3051aaf78289b6fddfc3f75ad398bdf61ca784f699e840c2 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avutil-52.dll
| MD5 | bae531c937ad52ae47854e27524b13cd |
| SHA1 | 7d19daea3db4c02e7cf69ade8eb8bcd1c1f4685e |
| SHA256 | 82cc263696dd1012f42ef0f95d68e99fbf9adfd2efead650d3ce7984032f7e68 |
| SHA512 | 9754a497cdbb8bebc7a18a2fd6095d9f7ee4b28d72f83f567a9b951c5615433c04083e31389d9f173798c3cefe45239fd605631c3f419b2b07040846de350514 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll
| MD5 | 338e5391aed284646a4ec00e3d2b20a4 |
| SHA1 | dba92fe5ed4231e9e16294f8aa37d8a4b71a71aa |
| SHA256 | 13de7a2a1aba1fc808d61b6fffd67146472a1791a9332cd7b8c0598f4c3d820f |
| SHA512 | 5f9e4ef1d0180a173bac590b2cd209abf5267bfd6432ef8dbc7227f811a1d78c2ce4035a0079a6bfdee59fcc4813ee2bbb2257d3e0ee613c0d96653451c44f84 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll
| MD5 | 3e98c3e0de47ccf36c1af7eebe5969ef |
| SHA1 | ec781765ae9b074f8d0993a0d890b071f3c4439d |
| SHA256 | dcbad205fecd66dd4e0b249f6cb938c6aa4db288f5e225061cb029b1be85c574 |
| SHA512 | 66d4edccf5fa1b50d595656adf4099d12d9f09b107c1bd84a8aae95e1f89134dafd59e9c74ff79591dc9ab2549fcf4e52758741b84ff5a342d999b522a257216 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll
| MD5 | d708b3958ea4960cab57e998702c2710 |
| SHA1 | 1920bd82c4dea8e07fb910b50c99974370b11648 |
| SHA256 | d00310bd7be306bc5d8c1515dfb0ee2ff9a6d4d5a4c0dd2f519c0614f353e752 |
| SHA512 | 28e13ce7a0b0d1d3a88d42ec7ab07c89334a1ca361746efd04755da71503cc03a8b8dff897d08dab395c1118090e633b5164a1a9b1ae88dcaa3378629a9cfbba |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll
| MD5 | b8b1f7b230ff3d7d4151e561734a8b89 |
| SHA1 | 9baf58b394e3330f2dfa823068cd5ddc07f0a39b |
| SHA256 | ca9fda28cad39b1c66e6c28541d6e73c3a6c8a98ebfb8380ff99af2f07ac8470 |
| SHA512 | fcf9d13a27adcf0a74685f152385b62efaf7823857683a837f8fdc98cdadd05f716e5806ff49fd95729ef998b3f705620556a98d4bf8bbd6409a9af9a28895e2 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\License.txt
| MD5 | cc5d000307075f7c16eb5cf2c8606c8d |
| SHA1 | 0169dbed302b8a3d142522e6bcb6040609d07232 |
| SHA256 | 66014baaf612e3aa3084b0c9d7fd95041606f6157236ea10e80865e7cee4cab4 |
| SHA512 | d8cc2a3ae2bda1ad7d07f5ca4645c60d67bbb719ea8c42696e749604205b43fbb8630060924a486fee7f8f38984e53ab9c9016eabf8a548f9eec177d5d8b268e |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Fitness.raw
| MD5 | 7e49fd08fecf1d32777431ce57fae981 |
| SHA1 | c215805ae915be0e9908e3d0ef25006aeb710756 |
| SHA256 | 40a8c6b7c684072bd4fe2511571c9846c26b5c2b10a0e185347243dda02052b3 |
| SHA512 | 3f554275c6d9dceea8766063027a04bbba30efef8965dbfc579b78fbbf617f843111db34a50f4f213e13b28dbd01333e301f5938f891ef99a925af158b942894 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Readme.txt
| MD5 | 969c656269ca1f8437d76200e7620bcd |
| SHA1 | 80c6b239567b19e358250c8cbda9f100e6b0c28a |
| SHA256 | dad36f230fb9f65767b07006df1f73d04ad55863f17c1d0343771ce6c5e2ccfc |
| SHA512 | 030ba239643d0d2e68283ec428dbf916021b7e3939d2ad7df4ef7101cf581341e50b7900dd6aed32582df8c66539d0d5032106b9e41a95cf2886a25941f15941 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest
| MD5 | ce3ab3bd3ff80fce88dcb0ea3d48a0c9 |
| SHA1 | c6ba2c252c6d102911015d0211f6cab48095931c |
| SHA256 | f7205c5c0a629d0cc60e30e288e339f08616be67b55757d4a403a2b54e23922b |
| SHA512 | 211e247ea82458fd68bcc91a6731e9e3630a9d5901f4be4af6099ad15a90caf2826e14846951fdd7d3b199994fd3ac97ca9e325cf0dfeb9474aea9b0d6339dd3 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
| MD5 | 6bb5d2aad0ae1b4a82e7ddf7cf58802a |
| SHA1 | 70f7482f5f5c89ce09e26d745c532a9415cd5313 |
| SHA256 | 9e0220511d4ebdb014cc17ecb8319d57e3b0fea09681a80d8084aa8647196582 |
| SHA512 | 3ea373dacfd3816405f6268ac05886a7dc8709752c6d955ef881b482176f0671bcdc900906fc1ebdc22e9d349f6d5a8423d19e9e7c0e6f9f16b334c68137df2b |
memory/1528-173-0x0000000007120000-0x0000000007279000-memory.dmp
memory/1528-175-0x0000000007120000-0x0000000007279000-memory.dmp
memory/1528-178-0x0000000000400000-0x0000000001554000-memory.dmp
memory/1528-183-0x00000000746F0000-0x0000000074713000-memory.dmp
memory/1528-182-0x0000000074720000-0x000000007478A000-memory.dmp
memory/1528-186-0x00000000742A0000-0x000000007432B000-memory.dmp
memory/1528-185-0x0000000074520000-0x0000000074557000-memory.dmp
memory/1528-193-0x0000000000230000-0x0000000000231000-memory.dmp
memory/1528-208-0x0000000007120000-0x0000000007279000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcichek.dll
| MD5 | a0b9388c5f18e27266a31f8c5765b263 |
| SHA1 | 906f7e94f841d464d4da144f7c858fa2160e36db |
| SHA256 | 313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a |
| SHA512 | 6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd |
memory/1528-222-0x0000000007120000-0x0000000007279000-memory.dmp
memory/1528-224-0x0000000007120000-0x0000000007279000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicapi.dll
| MD5 | dcde2248d19c778a41aa165866dd52d0 |
| SHA1 | 7ec84be84fe23f0b0093b647538737e1f19ebb03 |
| SHA256 | 9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917 |
| SHA512 | c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\msvcr100.dll
| MD5 | 94f12483485c17df15de92e2fbc45d83 |
| SHA1 | 61b8350e8ae9ecf08687217d06dc5a54863e2a80 |
| SHA256 | 275d6cc02a70460afabc273bee90818e5cf1631a1292295511899f5e36adf2d4 |
| SHA512 | 697f8e5021eae8d54b52d51fb3e0d2aa86b076ccc2f39d5c33169c18e2b04b02cd54e1a4a4b959237643612773382cb2c0dc5acb9db9437a6e880a1f4936cce6 |
memory/1528-234-0x00000000064C0000-0x00000000064DB000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\htctl32.dll
| MD5 | 2d3b207c8a48148296156e5725426c7f |
| SHA1 | ad464eb7cf5c19c8a443ab5b590440b32dbc618f |
| SHA256 | edfe2b923bfb5d1088de1611401f5c35ece91581e71503a5631647ac51f7d796 |
| SHA512 | 55c791705993b83c9b26a8dbd545d7e149c42ee358ecece638128ee271e85b4fdbfd6fbae61d13533bf39ae752144e2cc2c5edcda955f18c37a785084db0860c |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\nsm.lic
| MD5 | 7067af414215ee4c50bfcd3ea43c84f0 |
| SHA1 | c331d410672477844a4ca87f43a14e643c863af9 |
| SHA256 | 2050cc232710a2ea6a207bc78d1eac66a4042f2ee701cdfeee5de3ddcdc31d12 |
| SHA512 | 17b888087192bcea9f56128d0950423b1807e294d1c4f953d1bf0f5bd08e5f8e35afeee584ebf9233bfc44e0723db3661911415798159ac118c8a42aaf0b902f |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicl32.dll
| MD5 | 3f674d98c51dddc948b460c49e291223 |
| SHA1 | 17915cf6668cf9712c3c9e3f631b20d0c79b95cf |
| SHA256 | 5602f0d72d519041434bea902a4fe7b5970bc844ad8cfb5378e2dda8036b9fb2 |
| SHA512 | dd98c1dba35e4f74772d75996fc11f5162809fbbdd506ed6d26600748c345376ad3e296bc2bfbc2eb96bc0a10b12cf2073b6b2463b9c4858f8a97f8e3f531476 |
memory/1528-244-0x0000000007120000-0x0000000007279000-memory.dmp
memory/1528-245-0x0000000007120000-0x0000000007279000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
| MD5 | e8798daef7e0c7895563ea617cc413ea |
| SHA1 | 8f6cf6ead9a99b8dac26ad6c60bd5bf6cdb611e3 |
| SHA256 | 949a86ab77380051ee57d48591a4d41440551a9aebcbb6bed2ab38b6e0b80c6a |
| SHA512 | bf9be5164e5e4a082aa4f1cd1a98f07c99c938f7b4456f97f98d3f421e6635c7a413e4feb14b8ebc3feb8421c62987b5fbc1943267498d440549c712de25a1e0 |
memory/1528-250-0x0000000007120000-0x0000000007279000-memory.dmp
memory/1528-254-0x0000000007120000-0x0000000007279000-memory.dmp
memory/1964-267-0x0000000000400000-0x0000000001554000-memory.dmp
memory/1964-278-0x00000000001C0000-0x00000000001C1000-memory.dmp
memory/1964-289-0x0000000005D40000-0x0000000005D4B000-memory.dmp
memory/1964-292-0x0000000005FE0000-0x0000000005FFA000-memory.dmp
memory/1964-291-0x0000000005D60000-0x0000000005D79000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll
| MD5 | 2985c39796fb4a5f4357a1a7a134ad45 |
| SHA1 | 305dc537a03e0137a529dc30bfd2fc6c185402a3 |
| SHA256 | 4f17b1ceea162390f64f54a3d13de4bb9e553da1e51ae7061545b7843ddad9ca |
| SHA512 | 4764dbf01defe417d587adbee16901bf374e0548d4a00f4f977f058dbe00c54712fd25162e1bf1986b55521cc2f005e7ed8e78db15e6cabfddc6b6924ec423b8 |
memory/1964-290-0x0000000005D50000-0x0000000005D60000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll
| MD5 | dc2794d7a15488990bde6768c0e0c49f |
| SHA1 | a07d0e61500ef10d15ee74a55ad2a78a238a24c6 |
| SHA256 | dc4434162b4f1e94b205c67efdfdd0bf1db9f876fd224b6d83974c7aca409496 |
| SHA512 | ef4eb12c47da38c1d42712be2c3a0406e7d28c4d8c644ee0a9049862e51cbf59b117179f7d0027289a7476516af6a69b4437d7e58fa3587362bb1d6cf7c75524 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avutil-52.dll
| MD5 | f832d24b70a2f4583c57a5fa9b6f0d68 |
| SHA1 | 092ce5cb6bfe6eadde62c4cfb911eab2474196f8 |
| SHA256 | 67a0f7d47ceff1407b9c4851032346a9b81a75fee6569274f15d092610f04cdc |
| SHA512 | 41048c023871b485718ae219f0d79bbe01a0704f8d2107d68ead2262e3f66737718afbb636b02109d1a2b427aab04dd394ef82d8014298fa3fdee0c61bfab185 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll
| MD5 | 105f1422d855dfa6e4569383d17e50e3 |
| SHA1 | 7c0b7246a3313430e330bb27cf0550324f199d56 |
| SHA256 | 843cd53a13e51259997cdcd0a0f5bc9b86d6da8cf9eda22e3bb46855956b1161 |
| SHA512 | d33c0bc5e73fa1fc015908cbff2b91cf6ae16fb3fd0d93e2a2396b60a7fc0037a895b98ea1e295a5866ff1c577c7fd199dd91184c7381ed1edd63d71ca91699c |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll
| MD5 | 5e269d64045e0df6668063e6df02014d |
| SHA1 | f572aef6a0fa5eb3ac58e29b3f2f8063101a28f9 |
| SHA256 | 861c6e12dc1dac24a41851ac728c1e1fb9cdab5286c4fcb9474b5c04878db3b8 |
| SHA512 | fa3c295cbc0737e09771caa1ad99a2cc8d43b87941a3ca8935a3efeeae31a5cac213679ea105b2e9ae1351f19a85d2f7537ab13a0ae90bc9f51c034b21614131 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll
| MD5 | 30b7fdf2c773349ba048f9ff5e576c49 |
| SHA1 | 24eeaf7534b1f83bd4502aecf5fbe7116ed8c7d0 |
| SHA256 | a1207efb566aa4b0993b8f2bf55fa2ac0e46db3a6c2671e3e8e180aae3ac2297 |
| SHA512 | 5cabef903a71600fdb0bd0f922d6cecf013b41a3f2aa29a245114eb5d84c865db319dec40a48a0c32886bb06862e55df7f41c6a70c024abb00c6ff1dd4e4687d |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll
| MD5 | 5f6154154abdad46889e47b993f87647 |
| SHA1 | d18f4fef21f531b0392bb9fe0a2063aa7c4dd47b |
| SHA256 | aee692ac10e2a2f87da38c9b97714fea21a55c06915a298c0a5d242659338a41 |
| SHA512 | 9f7783ee2de60a559473ad8235ad64d801d27f5b2e428408f29d10773c4ac95eabe2c8a9e6e145db1ce1ee694fd696e0396797415ebecc91946f335e0a93a909 |
memory/1964-293-0x00000000733C0000-0x0000000074268000-memory.dmp
memory/1964-311-0x0000000072C50000-0x0000000072E0E000-memory.dmp
memory/1964-310-0x0000000074560000-0x00000000746EE000-memory.dmp
memory/1964-309-0x0000000074D50000-0x000000007505E000-memory.dmp
memory/1964-322-0x0000000006600000-0x0000000006601000-memory.dmp
memory/1964-321-0x0000000007ED0000-0x0000000007F5B000-memory.dmp
memory/1964-332-0x0000000072C50000-0x0000000072E0E000-memory.dmp
memory/2596-363-0x0000000071AD0000-0x000000007207B000-memory.dmp
memory/2596-364-0x0000000000280000-0x00000000002C0000-memory.dmp
memory/2596-365-0x0000000000280000-0x00000000002C0000-memory.dmp
memory/2596-366-0x0000000071AD0000-0x000000007207B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-01 14:46
Reported
2024-02-01 14:49
Platform
win10v2004-20231215-en
Max time kernel
151s
Max time network
154s
Command Line
Signatures
NetSupport
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
Loads dropped DLL
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI95D2.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e589027.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e589025.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e589025.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{DCE33C24-54AC-4134-8C0C-AA3D26865F9C} | C:\Windows\system32\msiexec.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000003462af5746133e160000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800003462af570000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809003462af57000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d3462af57000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000003462af5700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\WinIconMakerFreeSetup.msi
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
"C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x50c
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
"C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4336 -ip 4336
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 1608
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 182.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 128.138.140.44:37 | tcp | |
| US | 8.8.8.8:53 | 44.140.138.128.in-addr.arpa | udp |
| MD | 5.181.156.118:443 | tcp | |
| US | 8.8.8.8:53 | 118.156.181.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | geo.netsupportsoftware.com | udp |
| US | 104.26.1.231:80 | geo.netsupportsoftware.com | tcp |
| US | 8.8.8.8:53 | 231.1.26.104.in-addr.arpa | udp |
| US | 128.138.140.44:37 | tcp | |
| US | 8.8.8.8:53 | telldruggcommitetter.shop | udp |
| US | 172.67.132.181:443 | telldruggcommitetter.shop | tcp |
| US | 8.8.8.8:53 | 181.132.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gemcreedarticulateod.shop | udp |
| US | 188.114.97.2:443 | gemcreedarticulateod.shop | tcp |
| US | 8.8.8.8:53 | secretionsuitcasenioise.shop | udp |
| US | 188.114.97.2:443 | secretionsuitcasenioise.shop | tcp |
| US | 8.8.8.8:53 | claimconcessionrebe.shop | udp |
| US | 104.21.58.31:443 | claimconcessionrebe.shop | tcp |
| US | 8.8.8.8:53 | 2.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | liabilityarrangemenyit.shop | udp |
| US | 172.67.182.52:443 | liabilityarrangemenyit.shop | tcp |
| US | 8.8.8.8:53 | 31.58.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.182.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
Files
C:\Config.Msi\e589026.rbs
| MD5 | 7bd67021a175dc357019fe5f5934a97e |
| SHA1 | e0439fdc1fbcd06a52926262b6f16b6a4c48456a |
| SHA256 | 52dea92d7d7a962b46272fe01d9a262e47fffbbee0e9250de0359c41fab44660 |
| SHA512 | 9d17b692e9e03a0995d34704b3f2b6792887fbb59436cef20a337a1b5df7bb07b5c1213fb4740cb8e382ebe54e80ff69ce562be39434ab26d37ead2f81c06e75 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
| MD5 | b39fb3cf854f8628c2f38298e0965687 |
| SHA1 | 5931c9f88231e2cbb86010224a4d8604809e7fc7 |
| SHA256 | fa203e315d9cf5190da708dea03ff34c1df172c992df671aa3db2f5513a70d76 |
| SHA512 | 133c98145e4bc2012198593bfe23c0b3b965a69e3bec7eab4718832daf9013cbe96f040acd64ea0b1d46631ef96c1f779b7f0d5b1b5ca32c14b20c5b8995c2b2 |
C:\Windows\Installer\e589025.msi
| MD5 | 1414b254f44bba8e17b01983dc22adde |
| SHA1 | a12059b028647968a03d9483815dc5c13bb4b841 |
| SHA256 | 474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045 |
| SHA512 | 1ea087707ab1f63af26950714d11376bd284984dca4069ab5adf5e35b766b82c6f65447d770ada792a4d1e334e6f5952c0f917e227f3b318986bea819f33e899 |
memory/2920-65-0x0000000001CA0000-0x0000000001CA1000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll
| MD5 | 00098438ab2cc364ce45d98902fb2b2a |
| SHA1 | 2a88a24a659f9a7962a4b6602b96d12249d2c790 |
| SHA256 | bffea8bdb7811b3d52473c07ef2c539dcac00df6bce60c7cafebf8c7beefa52b |
| SHA512 | ca430ad171f53bbf3e7d670a9ba2961e3a0777abb640fa64cb722a1eb434f4c86bb71e2b3f6be9f1e3081e13a21fb38fb491a53134e9ac84f71c5fec237abf5b |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll
| MD5 | fb9763ac3b3f51551b4a77e833c395fb |
| SHA1 | 9a3f8e9225f214b31b4e703fe428b0537a7cac63 |
| SHA256 | c0fb1896ee5838e9f8bd1e4495367baffa0e71aa2d3785944d5b470f29aec53a |
| SHA512 | 6eecdf0d290e259fcb1c8aa9da5f3ca32f760c9039b84b11f40b63b39b1119152bde54d2c6e1c7d0a1af9f64c6a340501f934000a2f3e232612f525dd9b0c7fd |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avutil-52.dll
| MD5 | f832d24b70a2f4583c57a5fa9b6f0d68 |
| SHA1 | 092ce5cb6bfe6eadde62c4cfb911eab2474196f8 |
| SHA256 | 67a0f7d47ceff1407b9c4851032346a9b81a75fee6569274f15d092610f04cdc |
| SHA512 | 41048c023871b485718ae219f0d79bbe01a0704f8d2107d68ead2262e3f66737718afbb636b02109d1a2b427aab04dd394ef82d8014298fa3fdee0c61bfab185 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll
| MD5 | 54b0221dc97992b5170cac659aa60ae6 |
| SHA1 | 8a0df459f134cee59cc442c3d98386fc2f6a532c |
| SHA256 | b66dadc8e64a0179e7af465800092937ecb020dba8f0b12efe7001d004b9ca7b |
| SHA512 | cecea736365373a5ebfecf18e2fd4d8a0052cb14e31247461cac99d8b0d50c50139fb610e68553379aba3e6839cb314b02b4c84e2313f44758d864066078f464 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll
| MD5 | bfcb8be288b3b1535c878fac14033351 |
| SHA1 | 9a2af6064e694f7d58f078a9e52e24e0a9448de9 |
| SHA256 | 0c1310f92e0bd207d6c2b1e7d45d527038612849d94a1f97ce0290fb4916a711 |
| SHA512 | e9c0a86f25118af21f3227c17f8d803f4623221481cf9ab5b8c7c9929681044ae0955df1b4d8c0cc004f71a3c74c56c2fea888e25ae5f9ce0fa0124eead5ffc5 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\postproc-52.dll
| MD5 | f75d1b175e1687ee0a9b9e4a7abd123b |
| SHA1 | 026f4db79aa8db651964acf17233302d1809de1e |
| SHA256 | 72180a408b13b7d98c0bc2395b886a5c3aa0b2dea39ef081e193f60ef373365f |
| SHA512 | 200aec20c95b1ec2e7d1bb33ed89d846a128847b82c9d09aa2788b258967e750718414f05bdec0cf2e4f9c7af697404e19caccac354a1a62db52e76c6a45886b |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadGC2.dll
| MD5 | 6f346d712c867cf942d6b599adb61081 |
| SHA1 | 24d942dfc2d0c7256c50b80204bb30f0d98b887a |
| SHA256 | 72e6c8dd77fa7e10a7b05ef6c3e21d3f7e4147301b0bf6e416b2d33d4e19a9c3 |
| SHA512 | 1f95a211d5dd3e58d4e2682f6bf2c5380b230e9907e2882097b77b99520cd2c788f43ad2abcce617dd8ded0043e4ef1c8b6e083c44688b23109868e6cdd2364c |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corez.dll
| MD5 | 355f1b97cad97743a8e70dd2803e2f9d |
| SHA1 | c7c12bc74483874cbdd39343d149509be355c2d9 |
| SHA256 | 00d4986dfff92cfdd45576da9100d49f374a8dba1a476cfc8dc7cf50f5a6735f |
| SHA512 | eb7f8d7b68ab01a95de5aad0023fc4c51c3828138610b488c92ca3ab5c320305f295467972b542c7fe436d08e21ba7926a997702e4383ce5f4cbc674f62479b7 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corem.dll
| MD5 | 71f601f8151e34ef31307ab4e46e902d |
| SHA1 | 1f3d312e2f4755b7f2decca1dedb91bc795288ea |
| SHA256 | deac6221d0abe480012e836e5e9dd915828ae55401f0c46fb7ce8049c380c698 |
| SHA512 | 377e6c9540616cad77cf151a31f6461338910d441a12b26175d8bcc2020eba83f621b0df1756123b58fb4358786fcb6a3e187af11123f100a91255218a616aa9 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadVC2.dll
| MD5 | 54aeddc619eed2faeee9533d58f778b9 |
| SHA1 | ca9d723b87e0c688450b34f2a606c957391fbbf4 |
| SHA256 | ee15e6e3f82c48461eb638c1ea11019ae9e3e303e067e879115c6272139026e7 |
| SHA512 | 7cec39f32804109b3d502027d1ec42a594c1e4a2d93512195c60bd41aad7e32a8b0eb21a0ee859fecb403ee939eebc4608d9d27a4002b8c282de32f696136506 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swresample-0.dll
| MD5 | 77bceb240f65c91d26299a334a0cf8e1 |
| SHA1 | de9d588a25252d9660fe0247508eadfa6f8a7834 |
| SHA256 | d179c01c646d821cf745ae5e66ffc7ed394a61a595ecc2bccf27dc144ba91a2c |
| SHA512 | b380b592c39fd22302fc4a36aa6f773a79253230f0dd73ad129500654dbdf24c5a0b0ae3b2a4ffd762da4f9705a0c8e48ad4372d85cdb6271c5d3f315c82a281 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll
| MD5 | 2985c39796fb4a5f4357a1a7a134ad45 |
| SHA1 | 305dc537a03e0137a529dc30bfd2fc6c185402a3 |
| SHA256 | 4f17b1ceea162390f64f54a3d13de4bb9e553da1e51ae7061545b7843ddad9ca |
| SHA512 | 4764dbf01defe417d587adbee16901bf374e0548d4a00f4f977f058dbe00c54712fd25162e1bf1986b55521cc2f005e7ed8e78db15e6cabfddc6b6924ec423b8 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll
| MD5 | 6b007bedabaa20fb6d445bc62f1091d3 |
| SHA1 | d3905661051c4415ac92bd5492100a5f2df6f659 |
| SHA256 | bfc20232c4ecf4aece403d005624c82a64a2d54d5d84720341dc6d45b3522ba5 |
| SHA512 | 7b0cb0959434437f31ab3e6df721be412de003979f19a66d3855ee4c87fe8a79d5cc4b42e6cf453be9289575854d2176d2bfff88a9308f5ab9f0895c0a899cfa |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll
| MD5 | 3e837b82501aa2f90cc774890656d02b |
| SHA1 | a62e967c006f6bf77fbe489b01ea30993e55fe5d |
| SHA256 | c85ca44b1ff1ad0af0ca3daf5f2302498846f3fdc2f48c6c7262f08280c6f5fc |
| SHA512 | a4a55fc0ef6ae87c5c73489993e2dc6e0e36f783de79dd7894966df3ebe13ae8341a5fe15dd0e26c72865b4a936247f34b08342769edd0a94ba2b90164b0d27d |
memory/2920-102-0x0000000006E30000-0x0000000006E49000-memory.dmp
memory/2920-100-0x0000000006E20000-0x0000000006E30000-memory.dmp
\??\Volume{57af6234-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{230d841a-a5b3-41d5-b8b8-8fc8bd059e50}_OnDiskSnapshotProp
| MD5 | ce3d5fd91a2c9e2b0124bdcda2431cd4 |
| SHA1 | b4d9dc40f6edb2b17781a1b242ab800be6aee454 |
| SHA256 | 1687862435229bce82c8eaccc97c9349d49f883e28aa8464efeaf3fa9ea200b0 |
| SHA512 | 0d30cd1be1e76fa81a95dc33a240a08cf53dcc585b4bf58b6d8906f130374a4eec38bc6e8c92c87be2f251f6f8c076b8741b7cb0ddcaa74fd5ab0571ed49d841 |
memory/2920-98-0x0000000006E10000-0x0000000006E1B000-memory.dmp
memory/2920-107-0x00000000071F0000-0x000000000720A000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Player.dll
| MD5 | 08c68e4121ceeac71745015bf17126cc |
| SHA1 | 103792ab800377092aabefbf4b94d0a882afdc3c |
| SHA256 | e18254dd1e074eb57971d91ab62502611dee96aba1203f2b21810d8d0e761b3a |
| SHA512 | d66c9db8a876260f4b86604dd71a52b72dd91d79b7d1da711c45577b0dddbda8e46802f6184c2cd63a202f58cdb04d51da865968b7b203b8c5c2a76a8cfb5bce |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SharpWnd.dll
| MD5 | a555f73041756d249093a1d6a6f28448 |
| SHA1 | bc75a0047342fb157047c19193c02a8149187656 |
| SHA256 | 2ad9292c875cb8b71a437b0da803d07867d2ed8deae4568f2be1f623755d5b60 |
| SHA512 | cb2166fcf3a73e60fef9b90102f6aba3a913cc0e84ca0a5c4cd43c52d21ad1696040215b302d2a46d61599024679cb2477fdaffedcc88396ae9c7ff1c649c84d |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | 9e9b13c1cb03e80f533ff20148e5788b |
| SHA1 | 1d5c06d4dedde17ca80700ec75843b0249e9bb7e |
| SHA256 | a1c6e7026d4fadf6b03ff6f12d8e9fd654c1e75adbe1f0bfcf357cf4c5d607d5 |
| SHA512 | a981c8bdd1990815ce7fbad157c5e960d7e2a1ef68b36aedc795e80552ffafa6ecdeeec077c2ece48027c584279ff65e217f7a4b156139194b6a09df99ad312e |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ImageZoom.dll
| MD5 | b01a100820095dc05fdaa0d1c3b5ca14 |
| SHA1 | 70af3c7337248cd4dc8c65d5ba1d18d3fba926b0 |
| SHA256 | ee7205fa96539f9d9e62f5a403a06004c6c7235b7caee368dcb0db3a765c21ad |
| SHA512 | 883891959202294edceb3a6360f450182d59e097bb4b0f9fe18b5316c6591aee04d0cd5bf01c1b23d1727b59eeee7c148e56eea2a7436902170993318386933a |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll
| MD5 | 71e603e402afd0fdba84a781c9934446 |
| SHA1 | b3a529f7e470e478a77404846d17c1ad2ff017cb |
| SHA256 | 5ff3186465a347ce8a13991fdb659f77ee21ae5dc9813b9fb2aadafda8a86491 |
| SHA512 | 45aba98b564e4c18bc8fccb71ad4cf1f03770a916c074c1cbf8546f1385dba6e041c67fd870f792a5eec233b8d19bbbe4c4d047015266ac5c060caf037af9c28 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\awebform.resources.dll
| MD5 | 0e77bfad6b92733c3296a04719375901 |
| SHA1 | 982674869e2e76ee10937e946aad828ebea818ff |
| SHA256 | 87810c5d06310b6e61398314300646a0582fad7a99dba8368a06c886a59a38af |
| SHA512 | 391f6558d5b3241b1e1490763c80633b288e0b8a770815116530b352fb81ab7d18784d9103669c903e6b5b501cb8a062517dc599609bb269b86bf16cb8e8e7bf |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll
| MD5 | 3f7663206ef2069d0cc16cc1e813d7aa |
| SHA1 | 2ef1cc5457cb36b4e50de36a9a86b8c7ddf02092 |
| SHA256 | 7896a7429e431a74eb43be3a235dfd1d6625e8634f6ad247c2eb13e8d3d298ff |
| SHA512 | 2e9f33bb0f776168e600d90a1fea188bc30d587e140b0cb2479384b347aa034152f242ff61e26f8e3fccaf473a2e940641e3db16570dfb1c15b5bc80f8593e34 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\templates\bank.wav
| MD5 | a60d3072a719260abb73a4011ff30642 |
| SHA1 | cfbf6fac5fdedd793c902b31359c7c94d8e85b52 |
| SHA256 | 523e7e3cc6be48a5f8ac28517a68557ce7d051d047c84d868a00e21ca600c1c8 |
| SHA512 | 425d425e78829b98476fe72b82204423aa52b64b7a0aca92550b371291e557118b3445c28d5494980539e894e1126380dd837eebcaaedfffddd36aaddaf717b9 |
memory/2920-120-0x0000000073990000-0x0000000074838000-memory.dmp
memory/2920-121-0x0000000074840000-0x0000000074B4E000-memory.dmp
memory/2920-122-0x0000000073790000-0x000000007391E000-memory.dmp
memory/2920-123-0x00000000723F0000-0x00000000725AE000-memory.dmp
memory/2920-125-0x0000000006820000-0x0000000006979000-memory.dmp
memory/2920-124-0x0000000000400000-0x0000000001554000-memory.dmp
memory/2920-128-0x0000000073920000-0x000000007398A000-memory.dmp
memory/2920-132-0x0000000073700000-0x000000007378B000-memory.dmp
memory/2920-134-0x00000000736D0000-0x00000000736F3000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\License.txt
| MD5 | cc5d000307075f7c16eb5cf2c8606c8d |
| SHA1 | 0169dbed302b8a3d142522e6bcb6040609d07232 |
| SHA256 | 66014baaf612e3aa3084b0c9d7fd95041606f6157236ea10e80865e7cee4cab4 |
| SHA512 | d8cc2a3ae2bda1ad7d07f5ca4645c60d67bbb719ea8c42696e749604205b43fbb8630060924a486fee7f8f38984e53ab9c9016eabf8a548f9eec177d5d8b268e |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Readme.txt
| MD5 | 969c656269ca1f8437d76200e7620bcd |
| SHA1 | 80c6b239567b19e358250c8cbda9f100e6b0c28a |
| SHA256 | dad36f230fb9f65767b07006df1f73d04ad55863f17c1d0343771ce6c5e2ccfc |
| SHA512 | 030ba239643d0d2e68283ec428dbf916021b7e3939d2ad7df4ef7101cf581341e50b7900dd6aed32582df8c66539d0d5032106b9e41a95cf2886a25941f15941 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest
| MD5 | ce3ab3bd3ff80fce88dcb0ea3d48a0c9 |
| SHA1 | c6ba2c252c6d102911015d0211f6cab48095931c |
| SHA256 | f7205c5c0a629d0cc60e30e288e339f08616be67b55757d4a403a2b54e23922b |
| SHA512 | 211e247ea82458fd68bcc91a6731e9e3630a9d5901f4be4af6099ad15a90caf2826e14846951fdd7d3b199994fd3ac97ca9e325cf0dfeb9474aea9b0d6339dd3 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Fitness.raw
| MD5 | 67565ca5e464eb4cf970fcff3d73d28a |
| SHA1 | 9ad642857222691f9e532727233d42a2ffa98330 |
| SHA256 | f8f5766d57653559927075c6328e613ea292a4da0e185feafbe3d353ef9cb27b |
| SHA512 | 7123d2177ec3250c85870f4ab51799ae506ad711528c298963396d5b90d93260bbeacc085b4d7a93c640a35b0d2de3873e72a8f23f75ada3378fe7ab34cc422c |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
| MD5 | 6bb5d2aad0ae1b4a82e7ddf7cf58802a |
| SHA1 | 70f7482f5f5c89ce09e26d745c532a9415cd5313 |
| SHA256 | 9e0220511d4ebdb014cc17ecb8319d57e3b0fea09681a80d8084aa8647196582 |
| SHA512 | 3ea373dacfd3816405f6268ac05886a7dc8709752c6d955ef881b482176f0671bcdc900906fc1ebdc22e9d349f6d5a8423d19e9e7c0e6f9f16b334c68137df2b |
memory/2920-143-0x0000000006820000-0x0000000006979000-memory.dmp
memory/2920-145-0x0000000006820000-0x0000000006979000-memory.dmp
memory/2920-144-0x00000000732D0000-0x0000000073307000-memory.dmp
memory/2920-146-0x0000000006820000-0x0000000006979000-memory.dmp
memory/2920-167-0x0000000006820000-0x0000000006979000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicl32.dll
| MD5 | d6f540f866ff3036054a48242a2a3683 |
| SHA1 | 8f92bcbacb1638b4f08113a6b47df42b20e15f40 |
| SHA256 | f093783dea9ee740bf130cf9fc18f03522f5f7aa08e847273e339e754dcf0ab9 |
| SHA512 | a29b2889cd0f41efa2dc940bdac70892c8f3f2866318f0f3f68493a56f4fc091a6f94fc712595e613613f2186d08f919f5fb6be703cb66b8ee8fdb3cc0a4582d |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\msvcr100.dll
| MD5 | 0e37fbfa79d349d672456923ec5fbbe3 |
| SHA1 | 4e880fc7625ccf8d9ca799d5b94ce2b1e7597335 |
| SHA256 | 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18 |
| SHA512 | 2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcichek.dll
| MD5 | a0b9388c5f18e27266a31f8c5765b263 |
| SHA1 | 906f7e94f841d464d4da144f7c858fa2160e36db |
| SHA256 | 313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a |
| SHA512 | 6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicapi.dll
| MD5 | dcde2248d19c778a41aa165866dd52d0 |
| SHA1 | 7ec84be84fe23f0b0093b647538737e1f19ebb03 |
| SHA256 | 9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917 |
| SHA512 | c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166 |
memory/2920-180-0x0000000006820000-0x0000000006979000-memory.dmp
memory/2920-182-0x0000000006990000-0x00000000069AB000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\nsm.lic
| MD5 | 7067af414215ee4c50bfcd3ea43c84f0 |
| SHA1 | c331d410672477844a4ca87f43a14e643c863af9 |
| SHA256 | 2050cc232710a2ea6a207bc78d1eac66a4042f2ee701cdfeee5de3ddcdc31d12 |
| SHA512 | 17b888087192bcea9f56128d0950423b1807e294d1c4f953d1bf0f5bd08e5f8e35afeee584ebf9233bfc44e0723db3661911415798159ac118c8a42aaf0b902f |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\htctl32.dll
| MD5 | 2d3b207c8a48148296156e5725426c7f |
| SHA1 | ad464eb7cf5c19c8a443ab5b590440b32dbc618f |
| SHA256 | edfe2b923bfb5d1088de1611401f5c35ece91581e71503a5631647ac51f7d796 |
| SHA512 | 55c791705993b83c9b26a8dbd545d7e149c42ee358ecece638128ee271e85b4fdbfd6fbae61d13533bf39ae752144e2cc2c5edcda955f18c37a785084db0860c |
memory/2920-207-0x0000000006820000-0x0000000006979000-memory.dmp
memory/2920-210-0x0000000006820000-0x0000000006979000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
| MD5 | 1162d5dd4c516bf2a942a64dfed19859 |
| SHA1 | 739c3ece91d29189ef98cd0e6dbf1a52c6b295c3 |
| SHA256 | c1218f70f6b8e17bcfb4c683acd2c090a330537014418217699b2c27887542a5 |
| SHA512 | 8987dcdba0bbb393ca4c9c03f356dcdbf4da263a0cc05ffc0b9ff73649a42fe0e95bb2255a552e940c36c52db6f74553ca634e9cb8e5d94e162f4ab5d54932e7 |
memory/2920-213-0x0000000006820000-0x0000000006979000-memory.dmp
memory/2920-214-0x0000000006820000-0x0000000006979000-memory.dmp
memory/2920-216-0x0000000006820000-0x0000000006979000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll
| MD5 | 5ee738a85936240e5418a45af62fe52e |
| SHA1 | 47afe3b0380ff0ce3800a23f296fb4fb9a1f278b |
| SHA256 | ec03b8e72f35200fba291c0b197812ebb61057b165edb5daedbe0a9fc2ca7756 |
| SHA512 | 7a37dd770e3ef3321ed27294263c05f60dd950ed623cdd7830b0f07693f5b62f0876b8ec1f0edc91f726f9bf4a9a3246d7e1f919c524f43e7c03ded4f9d850ca |
memory/4336-229-0x0000000006C40000-0x0000000006C4B000-memory.dmp
memory/4336-230-0x0000000006C60000-0x0000000006C79000-memory.dmp
memory/4336-231-0x0000000006C50000-0x0000000006C60000-memory.dmp
memory/4336-233-0x0000000007200000-0x000000000721A000-memory.dmp
memory/4336-235-0x0000000000400000-0x0000000001554000-memory.dmp
memory/4336-236-0x0000000074840000-0x0000000074B4E000-memory.dmp
memory/2920-250-0x0000000001CA0000-0x0000000001CA1000-memory.dmp
memory/4336-284-0x0000000003560000-0x0000000003561000-memory.dmp
memory/4336-285-0x0000000073990000-0x0000000074838000-memory.dmp
memory/4336-286-0x0000000073790000-0x000000007391E000-memory.dmp
memory/4336-289-0x0000000006970000-0x0000000006971000-memory.dmp
memory/4336-288-0x0000000009350000-0x00000000093DB000-memory.dmp
memory/4336-287-0x00000000723F0000-0x00000000725AE000-memory.dmp
memory/4336-311-0x00000000723F0000-0x00000000725AE000-memory.dmp
memory/4336-312-0x0000000009350000-0x00000000093DB000-memory.dmp