Analysis Overview
SHA256
34695d42d3d51e9099a78c92e578b38ad46e2eefc6953ab45727c66ba75559cc
Threat Level: Known bad
The file WinIconMakerFreeSetup.zip was found to be: Known bad.
Malicious Activity Summary
NetSupport
Modifies Windows Firewall
Blocklisted process makes network request
Enumerates connected drives
Maps connected drives based on registry
Adds Run key to start application
Executes dropped EXE
Drops file in Windows directory
Loads dropped DLL
Suspicious use of FindShellTrayWindow
Uses Volume Shadow Copy service COM API
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-01 16:13
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-01 16:13
Reported
2024-02-01 16:16
Platform
win7-20231215-en
Max time kernel
146s
Max time network
150s
Command Line
Signatures
NetSupport
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\IObit Workshop Ultimate = "C:\\Users\\Admin\\AppData\\Local\\Programs\\WinIcon Maker Free\\CPPlayer.exe" | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI3373.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f763160.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev3 | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev1 | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\f76315d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76315d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76315e.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76315e.ipi | C:\Windows\system32\msiexec.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
Loads dropped DLL
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\WinIconMakerFreeSetup.msi
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "0000000000000594" "00000000000005BC"
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
"C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
"C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="CPPlayer In Service" dir=in action=allow program="C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe" enable=yes
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="CPPlayer Out Service" dir=out action=allow program="C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe" enable=yes
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 128.138.140.44:37 | tcp | |
| US | 8.8.8.8:53 | geo.netsupportsoftware.com | udp |
| MD | 5.181.156.118:443 | tcp | |
| US | 104.26.0.231:80 | geo.netsupportsoftware.com | tcp |
| N/A | 127.0.0.1:49364 | tcp | |
| US | 128.138.140.44:37 | tcp | |
| N/A | 127.0.0.1:49504 | tcp | |
| US | 8.8.8.8:53 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1576.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar1615.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2adfa3502611f2ebbd1a13995748b14 |
| SHA1 | e5ecd6a8168f6b5b7b32284f67830e0a0092b459 |
| SHA256 | 772b43c387f5f7f05006f6662153d6280c2b19d5822ca06cd8fbbbfbecf3ed02 |
| SHA512 | 677039ddc846b97b16f4406290526082650beef36b596b1d0827f63a1e1f162df52dfd55ad54b51ce1b61099820ec3940baafd3bc7e163cf9676ab688196d4fa |
C:\Config.Msi\f76315f.rbs
| MD5 | 0336026df7b45575bf724e0e8ff49a54 |
| SHA1 | 1528dee73b8bac473386910c22282aca228561db |
| SHA256 | a4afe8d5dbefd2f7d90c7d95fc25a8d2b17daed1b617147144659559c72ef42f |
| SHA512 | e3699722b93c7a6c785f696bd3978d8f1333b71bef86b203c59d4b6546d2ee28a1d71dc12c60f294ae89bc7dfe1fc743478118928747203e0c47d2e31055ae9f |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
| MD5 | fface80400a0b1af30180f97b18f8197 |
| SHA1 | e254f2aeb4798e279c6ffcfe4f8a483cd4c4765d |
| SHA256 | d624d373db4b0f0ac9b794c09c63b8b0b341601a68f87e758f70576b91d0d9b0 |
| SHA512 | dff1160ab3b7cb6bd80e1e468aa5dd21e7a251ed2f3b36d331c55fcb52151e4f0ca01cf862d55e737b461c9311d7b24844116c4e500c5b974d97945e34b2f75e |
C:\Windows\Installer\f76315d.msi
| MD5 | aaac45f0543dfd7175ce3c22a39d5591 |
| SHA1 | 81342b7bf24ab0aec2a5328b7d2bf9fabc6890d5 |
| SHA256 | 64983b383b0cd01bf567f6d54120f34e87aba30b3d7049c4fc3299d1f6488eb5 |
| SHA512 | 7bbfa35892f13eb3da22c05f4e6f74f8ce629f5b6defd6b35a45ee7933d53114fb979602fbc025e462ccd37fe577557d085b31c1627cd015ef76eba193023232 |
memory/2720-111-0x00000000001C0000-0x00000000001C1000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll
| MD5 | f366a4e73d6b075f9e1d640be7aca0f3 |
| SHA1 | 5846dfc6a8997b90d76ce43f3aa7357a2c996826 |
| SHA256 | 4c871531c4dc0a618fb48ab1349af655f5fbfee0db7513588b7e179c551270bd |
| SHA512 | e4c36ce028de2f4816c213c07f47ef5ddb8bc7a2364df2276c0f89056d62ed6d8e293b14004968d5c5f61f1f1a94f8afa994c6f967520e1554671d8437df022e |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll
| MD5 | 03bd793859607f418b9efe5082a2f9bc |
| SHA1 | 38e87c8991e9baffa83bb981482d72d5aed1bf55 |
| SHA256 | bdf8d1e587a998c23f4b37f017236fae621d389c27302e5ecf59034e3905f84f |
| SHA512 | 1b503d06951ce73c22a57b30416983cd02fdce2d76c23b95e98b79887f5a6fea439b81355447c585ef1a657af7f58a9a947c0c6061ac488354a900cff247c52b |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll
| MD5 | ec6c5648fcc7e7f094040ba42216a072 |
| SHA1 | 64e0add1580329093a0a8139878c3cd97d20427d |
| SHA256 | aba3b629a3a95d9a539b889d4f4af82dbea2feb09a35b32bda1c91fe708d0108 |
| SHA512 | c45ab4a92a31b7226eb20a95527a17672d3be7f10610963f4f068e62ad947b97b7cf5cbb5237f419f2869f15ee89187b2afb6dac2883ec4a34ff7513169cd3cd |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll
| MD5 | adc017f3283426b53e28737f959d3b83 |
| SHA1 | 974338560f93222a097dbe23255c0d8161b7a14d |
| SHA256 | a4a40232c80430a911b4be4ebf35694dbd1b530fc3c8428d1ca92039ca34528b |
| SHA512 | cd52bc260b41a969a2f6395395797b7e59663feefad4f59c64410bce7caae31c01b04b37e2449b73c51db720c95e2a2619dbddf8ebafd871d236ed14a563c31a |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadGC2.dll
| MD5 | 6f346d712c867cf942d6b599adb61081 |
| SHA1 | 24d942dfc2d0c7256c50b80204bb30f0d98b887a |
| SHA256 | 72e6c8dd77fa7e10a7b05ef6c3e21d3f7e4147301b0bf6e416b2d33d4e19a9c3 |
| SHA512 | 1f95a211d5dd3e58d4e2682f6bf2c5380b230e9907e2882097b77b99520cd2c788f43ad2abcce617dd8ded0043e4ef1c8b6e083c44688b23109868e6cdd2364c |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll
| MD5 | afc69a24aa7759960dcd4a171ae0cc52 |
| SHA1 | 65214018ecee6d847c00ea6027c4052d209f0322 |
| SHA256 | 54a3d8828992dd8e23ac51f660f32522f80f4489b173ff241668b736913d3180 |
| SHA512 | 62b02afbbd0d4a7e712997749d44a2abcf195f4e34f7d4dae143214125f70c6d77207c6f112a07960185dfc464895399fb7ccc070524d807cfdc5a8f37906b76 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll
| MD5 | bbd1bcf9c93d99eb2c0dde607e6d9bca |
| SHA1 | efa956d6e7db6a4209ce22e6968a8cfa2f5df831 |
| SHA256 | 812494bdd197b3291c0712d39821cc61630be861ce31ad3f6a0d2ac5408cfde5 |
| SHA512 | 16b8910102929d918456a4481a86ac18037f03a974977934d409b3c5b8d0b9fc82bc0da6106e82774b7e522df15d3c49755eef42f2d866efe246398f59d84323 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll
| MD5 | a7881a0afdc32297a3e5dda3f7740a81 |
| SHA1 | 7fb34510d0cdf3e1e4b9c6ac082928314094987f |
| SHA256 | a9308d1daa967c2ca4b635e735f2d61d3c141afb22ac0740751aad8299758a81 |
| SHA512 | 137085a4a387ce0adbed737c9cef4daa7db8868ec633c87ca3c05189d275a2d77db2cf1086d800b87c31f1a351803af4bdbc940c492c80fc6b9f5eef2b3413bf |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swresample-0.dll
| MD5 | 77bceb240f65c91d26299a334a0cf8e1 |
| SHA1 | de9d588a25252d9660fe0247508eadfa6f8a7834 |
| SHA256 | d179c01c646d821cf745ae5e66ffc7ed394a61a595ecc2bccf27dc144ba91a2c |
| SHA512 | b380b592c39fd22302fc4a36aa6f773a79253230f0dd73ad129500654dbdf24c5a0b0ae3b2a4ffd762da4f9705a0c8e48ad4372d85cdb6271c5d3f315c82a281 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avutil-52.dll
| MD5 | f832d24b70a2f4583c57a5fa9b6f0d68 |
| SHA1 | 092ce5cb6bfe6eadde62c4cfb911eab2474196f8 |
| SHA256 | 67a0f7d47ceff1407b9c4851032346a9b81a75fee6569274f15d092610f04cdc |
| SHA512 | 41048c023871b485718ae219f0d79bbe01a0704f8d2107d68ead2262e3f66737718afbb636b02109d1a2b427aab04dd394ef82d8014298fa3fdee0c61bfab185 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\postproc-52.dll
| MD5 | f75d1b175e1687ee0a9b9e4a7abd123b |
| SHA1 | 026f4db79aa8db651964acf17233302d1809de1e |
| SHA256 | 72180a408b13b7d98c0bc2395b886a5c3aa0b2dea39ef081e193f60ef373365f |
| SHA512 | 200aec20c95b1ec2e7d1bb33ed89d846a128847b82c9d09aa2788b258967e750718414f05bdec0cf2e4f9c7af697404e19caccac354a1a62db52e76c6a45886b |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll
| MD5 | 2985c39796fb4a5f4357a1a7a134ad45 |
| SHA1 | 305dc537a03e0137a529dc30bfd2fc6c185402a3 |
| SHA256 | 4f17b1ceea162390f64f54a3d13de4bb9e553da1e51ae7061545b7843ddad9ca |
| SHA512 | 4764dbf01defe417d587adbee16901bf374e0548d4a00f4f977f058dbe00c54712fd25162e1bf1986b55521cc2f005e7ed8e78db15e6cabfddc6b6924ec423b8 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadVC2.dll
| MD5 | 54aeddc619eed2faeee9533d58f778b9 |
| SHA1 | ca9d723b87e0c688450b34f2a606c957391fbbf4 |
| SHA256 | ee15e6e3f82c48461eb638c1ea11019ae9e3e303e067e879115c6272139026e7 |
| SHA512 | 7cec39f32804109b3d502027d1ec42a594c1e4a2d93512195c60bd41aad7e32a8b0eb21a0ee859fecb403ee939eebc4608d9d27a4002b8c282de32f696136506 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll
| MD5 | 3e837b82501aa2f90cc774890656d02b |
| SHA1 | a62e967c006f6bf77fbe489b01ea30993e55fe5d |
| SHA256 | c85ca44b1ff1ad0af0ca3daf5f2302498846f3fdc2f48c6c7262f08280c6f5fc |
| SHA512 | a4a55fc0ef6ae87c5c73489993e2dc6e0e36f783de79dd7894966df3ebe13ae8341a5fe15dd0e26c72865b4a936247f34b08342769edd0a94ba2b90164b0d27d |
memory/2720-140-0x0000000005EC0000-0x0000000005ED9000-memory.dmp
memory/2720-145-0x0000000005EF0000-0x0000000005F0A000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Player.dll
| MD5 | 08c68e4121ceeac71745015bf17126cc |
| SHA1 | 103792ab800377092aabefbf4b94d0a882afdc3c |
| SHA256 | e18254dd1e074eb57971d91ab62502611dee96aba1203f2b21810d8d0e761b3a |
| SHA512 | d66c9db8a876260f4b86604dd71a52b72dd91d79b7d1da711c45577b0dddbda8e46802f6184c2cd63a202f58cdb04d51da865968b7b203b8c5c2a76a8cfb5bce |
memory/2720-147-0x0000000073130000-0x0000000073FD8000-memory.dmp
memory/2720-153-0x00000000742B0000-0x000000007443E000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ImageZoom.dll
| MD5 | b01a100820095dc05fdaa0d1c3b5ca14 |
| SHA1 | 70af3c7337248cd4dc8c65d5ba1d18d3fba926b0 |
| SHA256 | ee7205fa96539f9d9e62f5a403a06004c6c7235b7caee368dcb0db3a765c21ad |
| SHA512 | 883891959202294edceb3a6360f450182d59e097bb4b0f9fe18b5316c6591aee04d0cd5bf01c1b23d1727b59eeee7c148e56eea2a7436902170993318386933a |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll
| MD5 | f1e5a1b32f7df572c98effef4aad4f0b |
| SHA1 | a91853c28345fc6be278323d778c26b069f785fb |
| SHA256 | 31a02f62727bd52d10cbdcb944efdb110e6b6442771e37a6f0935dcf3cad36ae |
| SHA512 | 17bfbf269d05a27b9baf9e8388ca4d579c68adea19859151192110445b69bc0ba2eac62d05e4f0648489127260cbc93def2d84adc04d6a3116b2c4473ae8dd49 |
memory/2720-148-0x0000000074A90000-0x0000000074D9E000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll
| MD5 | 511e6705a69e977eaa2eaaf88ec708e4 |
| SHA1 | e33e678e27cc7fe58d14f5df92e74e24df5a927f |
| SHA256 | 562224031baaadcc6ecd552bbbc1b025247d34b118478b51f3750bb7c57ad1e7 |
| SHA512 | c1c60d28b326165d215d9baff18512e9081e07b523c512ebcb55cd963c42430ab198190d8c15566d230e74e87be1ba8d1d82bc15eb64da7aa5544e0f37a9247e |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SharpWnd.dll
| MD5 | a555f73041756d249093a1d6a6f28448 |
| SHA1 | bc75a0047342fb157047c19193c02a8149187656 |
| SHA256 | 2ad9292c875cb8b71a437b0da803d07867d2ed8deae4568f2be1f623755d5b60 |
| SHA512 | cb2166fcf3a73e60fef9b90102f6aba3a913cc0e84ca0a5c4cd43c52d21ad1696040215b302d2a46d61599024679cb2477fdaffedcc88396ae9c7ff1c649c84d |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corez.dll
| MD5 | 355f1b97cad97743a8e70dd2803e2f9d |
| SHA1 | c7c12bc74483874cbdd39343d149509be355c2d9 |
| SHA256 | 00d4986dfff92cfdd45576da9100d49f374a8dba1a476cfc8dc7cf50f5a6735f |
| SHA512 | eb7f8d7b68ab01a95de5aad0023fc4c51c3828138610b488c92ca3ab5c320305f295467972b542c7fe436d08e21ba7926a997702e4383ce5f4cbc674f62479b7 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\awebform.resources.dll
| MD5 | 0e77bfad6b92733c3296a04719375901 |
| SHA1 | 982674869e2e76ee10937e946aad828ebea818ff |
| SHA256 | 87810c5d06310b6e61398314300646a0582fad7a99dba8368a06c886a59a38af |
| SHA512 | 391f6558d5b3241b1e1490763c80633b288e0b8a770815116530b352fb81ab7d18784d9103669c903e6b5b501cb8a062517dc599609bb269b86bf16cb8e8e7bf |
memory/2720-160-0x00000000729A0000-0x0000000072B5E000-memory.dmp
memory/2720-161-0x00000000074E0000-0x0000000007639000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll
| MD5 | 1c4379d0104843f1709e785657537a26 |
| SHA1 | 656b26ec415dab00c39d9b83aa06cc75c22e8941 |
| SHA256 | 2409ff01fc945ea56513dfc21ad299bd9688b660a059328d2dc7dae0f23cd28f |
| SHA512 | 528c62f61c25fb5c481c573450a58bb9cdd106b704776645a76eee5d5b9e8d4b8a1cd65ba19920d38c1fcb9b7975d0d5ffa5cf08e71e3938e2f552ac4ec4b23a |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll
| MD5 | afa8bcf04df7d8d0a657e5cedae188db |
| SHA1 | 367bc65de869368986fee7004efec2342b436d03 |
| SHA256 | c406691900e4ee726534dfe20b4cd2d38683f10c6bf464b146d6553411d0285d |
| SHA512 | 07e95915355f058de0d62e7ca3f1d04e419359a375fda0fb5dd17d150a16fdc0415d1db29d0d4d599a9fa74429a52ea5ece9799b301bbac9f7d7890a646f144f |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\templates\bank.wav
| MD5 | f19d1d83df0e4e5fca0afbb6a3ef73af |
| SHA1 | 6fd02bc6a9ca72295303b5361fb08b8f25d7934f |
| SHA256 | c7c3af517e59e883f8fb3fc921c00f5a682860a3905331dc14db183a5d60e647 |
| SHA512 | e1de664fbeda95f9b69c6dc0d1fd7c167377ce2820777de14dfaa13b6ae475c375b6b9b2c5311a0136d3efed73519f1ac3131b92e977b03537794c9e1cc26cd5 |
memory/2720-137-0x0000000005EB0000-0x0000000005EC0000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corem.dll
| MD5 | 71f601f8151e34ef31307ab4e46e902d |
| SHA1 | 1f3d312e2f4755b7f2decca1dedb91bc795288ea |
| SHA256 | deac6221d0abe480012e836e5e9dd915828ae55401f0c46fb7ce8049c380c698 |
| SHA512 | 377e6c9540616cad77cf151a31f6461338910d441a12b26175d8bcc2020eba83f621b0df1756123b58fb4358786fcb6a3e187af11123f100a91255218a616aa9 |
memory/2720-134-0x0000000005EA0000-0x0000000005EAB000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll
| MD5 | db139ba3660bb08ed6a485b47eb5ca59 |
| SHA1 | dc46fabb7ea3cca197cd8e42b640fc0ed2ceab25 |
| SHA256 | 7fab224f47ec9069395dd62d401acbe138cd80a9cbbd0830ee0b909dddb7932e |
| SHA512 | d4ccbf27461748801bffe3581adc8969b90cca0ddc36ccc21cd5a1005d0ec4b0980d10e7135473ca5a825dd1b9d9f6ca8a5796fe4fa6f4e367b235888d5910b6 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll
| MD5 | 3e35c4d41a7224e44218057f3f91243c |
| SHA1 | 932927c584271b7aea1cbb05d22ed5a1509420ee |
| SHA256 | 6a63a8b8f7e1bd8d3dfabb43e06c1ff970a7f57e59c6e886dcb57e68a9fd6acc |
| SHA512 | b0020c8a85fc3b2839b759daac91b9842f64d215ed3366865f6dcd4f1f93b07fc9f18868302180e4baa1c43532ae815b80673eff0bf437fe2b78bdb470406479 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll
| MD5 | 6074595d4174e3241a223b7fdf61826f |
| SHA1 | 78d58c4ab8ab729706b06ed9258e978a3033764a |
| SHA256 | ea5ec3d2132e80a2e8a9449bf7219bad43f26dddecb3e8a2001458827f56fd7f |
| SHA512 | 33df11572fd29199067a3f671a15db9a43591fd2f825396d0167f057cf9d58b756e3577efd3c31989ecdb56a73bfac8555454b0862bf371e8b6b32f26f84b81d |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Fitness.raw
| MD5 | 9d75270acda1b926711e556321f575e3 |
| SHA1 | 5b12e96cf09cb02e440a677b0820e7d423349b52 |
| SHA256 | 29bd43908f4a26050dc1d8e27ffc36b5a8d90724cf0d9dc46408941f97645d7d |
| SHA512 | 361d28fcb7f7886f31b3471b9f3eae396ede1bbfe11190dfc78ca7bf054efc01f735ea9ad53bbbf6ce1438f496a04ab163aa3f555b6d2d8acabfe1eafb74de01 |
memory/2720-174-0x00000000074E0000-0x0000000007639000-memory.dmp
memory/2720-172-0x00000000074E0000-0x0000000007639000-memory.dmp
memory/2720-173-0x00000000074E0000-0x0000000007639000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\License.txt
| MD5 | cc5d000307075f7c16eb5cf2c8606c8d |
| SHA1 | 0169dbed302b8a3d142522e6bcb6040609d07232 |
| SHA256 | 66014baaf612e3aa3084b0c9d7fd95041606f6157236ea10e80865e7cee4cab4 |
| SHA512 | d8cc2a3ae2bda1ad7d07f5ca4645c60d67bbb719ea8c42696e749604205b43fbb8630060924a486fee7f8f38984e53ab9c9016eabf8a548f9eec177d5d8b268e |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Readme.txt
| MD5 | 969c656269ca1f8437d76200e7620bcd |
| SHA1 | 80c6b239567b19e358250c8cbda9f100e6b0c28a |
| SHA256 | dad36f230fb9f65767b07006df1f73d04ad55863f17c1d0343771ce6c5e2ccfc |
| SHA512 | 030ba239643d0d2e68283ec428dbf916021b7e3939d2ad7df4ef7101cf581341e50b7900dd6aed32582df8c66539d0d5032106b9e41a95cf2886a25941f15941 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest
| MD5 | ce3ab3bd3ff80fce88dcb0ea3d48a0c9 |
| SHA1 | c6ba2c252c6d102911015d0211f6cab48095931c |
| SHA256 | f7205c5c0a629d0cc60e30e288e339f08616be67b55757d4a403a2b54e23922b |
| SHA512 | 211e247ea82458fd68bcc91a6731e9e3630a9d5901f4be4af6099ad15a90caf2826e14846951fdd7d3b199994fd3ac97ca9e325cf0dfeb9474aea9b0d6339dd3 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
| MD5 | 6bb5d2aad0ae1b4a82e7ddf7cf58802a |
| SHA1 | 70f7482f5f5c89ce09e26d745c532a9415cd5313 |
| SHA256 | 9e0220511d4ebdb014cc17ecb8319d57e3b0fea09681a80d8084aa8647196582 |
| SHA512 | 3ea373dacfd3816405f6268ac05886a7dc8709752c6d955ef881b482176f0671bcdc900906fc1ebdc22e9d349f6d5a8423d19e9e7c0e6f9f16b334c68137df2b |
memory/2720-177-0x0000000000400000-0x0000000001554000-memory.dmp
memory/2720-185-0x0000000074000000-0x000000007408B000-memory.dmp
memory/2720-184-0x0000000074270000-0x00000000742A7000-memory.dmp
memory/2720-182-0x0000000074440000-0x0000000074463000-memory.dmp
memory/2720-181-0x0000000074470000-0x00000000744DA000-memory.dmp
memory/2720-196-0x00000000074E0000-0x0000000007639000-memory.dmp
memory/2720-208-0x00000000074E0000-0x0000000007639000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicapi.dll
| MD5 | dcde2248d19c778a41aa165866dd52d0 |
| SHA1 | 7ec84be84fe23f0b0093b647538737e1f19ebb03 |
| SHA256 | 9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917 |
| SHA512 | c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166 |
memory/2720-209-0x00000000074E0000-0x0000000007639000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\msvcr100.dll
| MD5 | ec54f862601c0dea19147bce824ef291 |
| SHA1 | e313241be2aa3c1967c6dd651d02a1670fa4b746 |
| SHA256 | d45ab7666da097dbcfae98f3c32aa14d464140a0b31ea5803f43ca6aa7a6064b |
| SHA512 | b2d3b3e8fc6e07d0deed7824b0dc63ba74859975b581e0ecf4a13011f937c4f7d9be6a296af662b3ad5c565f283518f47d39246ddedbd52f1f597fd6720f957a |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcichek.dll
| MD5 | a0b9388c5f18e27266a31f8c5765b263 |
| SHA1 | 906f7e94f841d464d4da144f7c858fa2160e36db |
| SHA256 | 313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a |
| SHA512 | 6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\htctl32.dll
| MD5 | 2d3b207c8a48148296156e5725426c7f |
| SHA1 | ad464eb7cf5c19c8a443ab5b590440b32dbc618f |
| SHA256 | edfe2b923bfb5d1088de1611401f5c35ece91581e71503a5631647ac51f7d796 |
| SHA512 | 55c791705993b83c9b26a8dbd545d7e149c42ee358ecece638128ee271e85b4fdbfd6fbae61d13533bf39ae752144e2cc2c5edcda955f18c37a785084db0860c |
memory/2720-222-0x00000000068C0000-0x00000000068DB000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\nsm.lic
| MD5 | 7067af414215ee4c50bfcd3ea43c84f0 |
| SHA1 | c331d410672477844a4ca87f43a14e643c863af9 |
| SHA256 | 2050cc232710a2ea6a207bc78d1eac66a4042f2ee701cdfeee5de3ddcdc31d12 |
| SHA512 | 17b888087192bcea9f56128d0950423b1807e294d1c4f953d1bf0f5bd08e5f8e35afeee584ebf9233bfc44e0723db3661911415798159ac118c8a42aaf0b902f |
memory/2720-211-0x00000000001C0000-0x00000000001C1000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicl32.dll
| MD5 | b3ba577902036fd56725620791bbb69a |
| SHA1 | 1299b8e7a2e0e2bf3e65f4fbf7f9a560eae59f0c |
| SHA256 | 979202bb80a7abd91dd99fe20fe9c9742b0d296e79d58296b129509710539a6f |
| SHA512 | 1b15c74c9d3337081d02cd0e8c6d0e24053d427515f9545be0018f103a397e46b7fe85877053f477f4f28c140416bf2a967eecc6d5540ba838bfefde6c80091c |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
| MD5 | c3f7f61aa17290b2970c27a5d25dfb7f |
| SHA1 | dbf867a4ac9bc1d159c15373a1c04f56dc1132ed |
| SHA256 | 8155be5491d85354076e17891ad0c9b15f704896d2f711de6a8a631d835b37b1 |
| SHA512 | 414378de8379bcedba6dbbed0f93ec7878389432fa515f3db5fa801c2047f2cc0766c866943d0b09b897dc9396a011d40767d641a68d0dbf6425ff27783986d3 |
memory/2720-237-0x00000000074E0000-0x0000000007639000-memory.dmp
memory/2720-239-0x00000000074E0000-0x0000000007639000-memory.dmp
memory/2720-244-0x00000000074E0000-0x0000000007639000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll
| MD5 | 21200862c6bc45d1b6487fb8d8d899e9 |
| SHA1 | 8f3667c5491b9c615b4b257c2c08320c3053906c |
| SHA256 | c929407e63868eeaf5ef7f6988459af0de385fcbf7d388de593f3e14d4053e10 |
| SHA512 | ab258fe0c76f79e254791992fee556a35ae8a9be4aa4ecb91d74b41b3f83344e8614b5d742d45b328a0d7b4b85ee15ad7a299706b2089fa8b921363ab0dd5092 |
memory/1676-264-0x0000000006120000-0x000000000612B000-memory.dmp
memory/1676-266-0x0000000006130000-0x0000000006140000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll
| MD5 | 2e4cee5472a0d5a809bffb52f4e7fc67 |
| SHA1 | 4d4bfdb33af59456d98eef3538b5f9372ac24232 |
| SHA256 | c9c8887821316a781a92f11ee49d92f08b296b178a8e6f67b768611f810398be |
| SHA512 | 39fe6cc1cbc234957f14d091c04a8f1d48463bdc8b9e92554e217666c707a1b0a7b06ce221601f4a363511089aec0f50be76e6747a3347c9d7fec87bcbca8667 |
memory/1676-268-0x0000000006140000-0x0000000006159000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\postproc-52.dll
| MD5 | 129ccaec602d3502c310a9f839c3d6f5 |
| SHA1 | de1a51a6b2c6af0c23970e63d0cdc322b60b32cb |
| SHA256 | b02df92df123d64a4ed28eb01aa5f716c7d2ae25b2731ef3dbe6eaea71d8fae3 |
| SHA512 | 638f29def1bf356b598615100b7e5422f8d3164e695e56325107c975167ae372bb331e1ff7652d6bd68f89af71b500c95f2653d30d297952b8b24eb5f7f727d0 |
memory/1676-270-0x00000000063B0000-0x00000000063CA000-memory.dmp
memory/1676-273-0x0000000074A90000-0x0000000074D9E000-memory.dmp
memory/1676-272-0x0000000000400000-0x0000000001554000-memory.dmp
memory/1676-275-0x0000000073130000-0x0000000073FD8000-memory.dmp
memory/1676-280-0x0000000074000000-0x000000007408B000-memory.dmp
memory/1676-279-0x0000000074270000-0x00000000742A7000-memory.dmp
memory/1676-278-0x00000000742B0000-0x000000007443E000-memory.dmp
memory/1676-277-0x0000000074440000-0x0000000074463000-memory.dmp
memory/1676-276-0x0000000074470000-0x00000000744DA000-memory.dmp
memory/1676-290-0x00000000001C0000-0x00000000001C1000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll
| MD5 | 6dba131006fa9fe0d23034dcdcf25242 |
| SHA1 | 59cf30650fd5988cecdb0806d4b47f2cefe64380 |
| SHA256 | 3c94e69a162563f8f9f760ce977707ff92e4c990cedf82959df5161f8f578198 |
| SHA512 | 89721a320a746cf5d66eab6fcb915bbd7962ce0a9685d4b3adae4977d6917803f1ab760545598940040cb65c0bfe786fc3d4e83a0ecaab12585ba33ff8f556b0 |
memory/1676-291-0x00000000729A0000-0x0000000072B5E000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll
| MD5 | 0b724ae3e435463bb4d812bf464d4214 |
| SHA1 | 476f941dfefe1c49ef1aa9cb702b0d2c6c2f92ef |
| SHA256 | 188dfa7e6e73cd97f9546538a6d76e7f089a6eb8ceb4cc7ce386fa13cdf284b1 |
| SHA512 | 18a1b8e8c63245761da3b2077f521b65d84dc7d4afcc7a4d8f51bb2b998205de00113754ec762bb1adc26f17c16a6c4e9e4685e8b7f95b705ead6e7078e8a0ae |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll
| MD5 | d1db179d63ea72694984b32ad8ba4d57 |
| SHA1 | 2e533ef472b87bb2785da5ef8ee5def79f7d3d14 |
| SHA256 | 8f3b1b04a0d980d4eac5bdd1cbab5e54a5ecf0c535b62a6f1796286155e9810c |
| SHA512 | e63581df4809e9f60f93876773dd7215c5ea81d68067f15bd3718f41356db3032f9362aca0470baa20666fad07dd4e17b40f38af4005a33485c0f74775dfb798 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll
| MD5 | d312d28d3796b277f88aa56aa6e066a7 |
| SHA1 | 3292753f54b8f22a5a23366085aac2b37f584f02 |
| SHA256 | 8ac9ba29d3381a11e61cbd4d2fe91f3d0924c672c95e0325363e09b72692f7bb |
| SHA512 | ec7a3995f233b748945a2a3029906594d50057de0793ed21669f33a0324d335ec563d39857a10c7dabb04ef2dbd6dcf45e7adab17d88e5d6ac29806dffe76f7b |
memory/1676-316-0x0000000008270000-0x00000000082FB000-memory.dmp
memory/1676-318-0x00000000067D0000-0x00000000067D1000-memory.dmp
memory/1676-327-0x00000000729A0000-0x0000000072B5E000-memory.dmp
memory/2064-367-0x0000000070A90000-0x000000007103B000-memory.dmp
memory/2064-369-0x0000000002FB0000-0x0000000002FF0000-memory.dmp
memory/2064-371-0x0000000002FB0000-0x0000000002FF0000-memory.dmp
memory/2064-370-0x0000000002FB0000-0x0000000002FF0000-memory.dmp
memory/2064-368-0x0000000070A90000-0x000000007103B000-memory.dmp
memory/2064-372-0x0000000070A90000-0x000000007103B000-memory.dmp
memory/2720-386-0x00000000729A0000-0x0000000072B5E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-01 16:13
Reported
2024-02-01 16:16
Platform
win10v2004-20231215-en
Max time kernel
150s
Max time network
163s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\e599745.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e599745.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{DCE33C24-54AC-4134-8C0C-AA3D26865F9C} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9E59.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e599747.msi | C:\Windows\system32\msiexec.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
Loads dropped DLL
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000003462af5746133e160000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800003462af570000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809003462af57000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d3462af57000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000003462af5700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1052 wrote to memory of 4768 | N/A | C:\Windows\system32\msiexec.exe | C:\Windows\system32\srtasks.exe |
| PID 1052 wrote to memory of 4768 | N/A | C:\Windows\system32\msiexec.exe | C:\Windows\system32\srtasks.exe |
| PID 1052 wrote to memory of 1384 | N/A | C:\Windows\system32\msiexec.exe | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe |
| PID 1052 wrote to memory of 1384 | N/A | C:\Windows\system32\msiexec.exe | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe |
| PID 1052 wrote to memory of 1384 | N/A | C:\Windows\system32\msiexec.exe | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe |
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\WinIconMakerFreeSetup.msi
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
"C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x2c8
Network
| Country | Destination | Domain | Proto |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 210.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 128.138.140.44:37 | tcp | |
| US | 8.8.8.8:53 | 213.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.140.138.128.in-addr.arpa | udp |
Files
C:\Config.Msi\e599746.rbs
| MD5 | 09a4f87773874ee39d6bba5fd9fc5740 |
| SHA1 | ed9b5339faa78e3440acebeb232a6c0864c10a88 |
| SHA256 | 04a63fc62029ad22e1fe267ae4cb4853b45608ec57152250e67abe327c4150ce |
| SHA512 | 0002c6d078f6570b6e9dcdf57b24f8fd8c13e69d3d48af4ebce898d023bb2be287a3024e4fd13050fbd2a048258988f6b2cfbcc878c6f992394feb1459ffd178 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
| MD5 | b39fb3cf854f8628c2f38298e0965687 |
| SHA1 | 5931c9f88231e2cbb86010224a4d8604809e7fc7 |
| SHA256 | fa203e315d9cf5190da708dea03ff34c1df172c992df671aa3db2f5513a70d76 |
| SHA512 | 133c98145e4bc2012198593bfe23c0b3b965a69e3bec7eab4718832daf9013cbe96f040acd64ea0b1d46631ef96c1f779b7f0d5b1b5ca32c14b20c5b8995c2b2 |
C:\Windows\Installer\e599745.msi
| MD5 | 1414b254f44bba8e17b01983dc22adde |
| SHA1 | a12059b028647968a03d9483815dc5c13bb4b841 |
| SHA256 | 474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045 |
| SHA512 | 1ea087707ab1f63af26950714d11376bd284984dca4069ab5adf5e35b766b82c6f65447d770ada792a4d1e334e6f5952c0f917e227f3b318986bea819f33e899 |
memory/1384-67-0x0000000001740000-0x0000000001741000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll
| MD5 | 00098438ab2cc364ce45d98902fb2b2a |
| SHA1 | 2a88a24a659f9a7962a4b6602b96d12249d2c790 |
| SHA256 | bffea8bdb7811b3d52473c07ef2c539dcac00df6bce60c7cafebf8c7beefa52b |
| SHA512 | ca430ad171f53bbf3e7d670a9ba2961e3a0777abb640fa64cb722a1eb434f4c86bb71e2b3f6be9f1e3081e13a21fb38fb491a53134e9ac84f71c5fec237abf5b |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll
| MD5 | 80f62731b82aa5931296957d40642e45 |
| SHA1 | c22970049da19835cd34dd921ba2050b14332003 |
| SHA256 | f34d2d4417d85775d275a94ee8fe7a92832edc05a86bdb96669d869cfefbee3a |
| SHA512 | 8f1c4d370891e161f765fd6226347d840e0095438795c999154ea6a01d1d214affeae1022a41487dc1c777844396ebdc6fabc6c2c30b1f69ef03911439ed7c4d |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll
| MD5 | a96e92ad76bc8611f5ea30f41f2a29ed |
| SHA1 | d670228fb2a75f283d7824de2e9386d1361206e3 |
| SHA256 | cea72c9c4ca13869e87f1f08d157c403b0620d6108f141436c7ff93b8ff50eb4 |
| SHA512 | 9d8627bfa0975b66f16cf37b9383bffb6f059634913b4394e2bd14943b224dcb757736afd3e78125c6a5732e011c1bde44269c3c3781af14c45e9344c3156723 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\postproc-52.dll
| MD5 | f75d1b175e1687ee0a9b9e4a7abd123b |
| SHA1 | 026f4db79aa8db651964acf17233302d1809de1e |
| SHA256 | 72180a408b13b7d98c0bc2395b886a5c3aa0b2dea39ef081e193f60ef373365f |
| SHA512 | 200aec20c95b1ec2e7d1bb33ed89d846a128847b82c9d09aa2788b258967e750718414f05bdec0cf2e4f9c7af697404e19caccac354a1a62db52e76c6a45886b |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll
| MD5 | 977c024c0d72dd6cb5261fa7ea4270d3 |
| SHA1 | 07a47547dd5ba980132b7d3149b21bc58164399a |
| SHA256 | b1eaa24faff0030197c411a78edb17054591638aab14e6e716c8ad52ac832490 |
| SHA512 | dde60a85adf890af914546a462c2c6e73b14da334d35930d7d426c91dec8c2af4909242dc61e1b97efaaf18f5fa0efd52264535a7efb8a923eff79c2c94a7a3e |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll
| MD5 | effb49b87af8fd83cb8bfb7f459d12ea |
| SHA1 | b37534f95317a09994e25090236470aa576e0ce0 |
| SHA256 | a5b48cb35fdc6574d6727386f861d797db38f90731c5bf93db74506f11c41e4f |
| SHA512 | bc30333e61a972e259d7778603664985aaad7ef5683115de8ca867b610ca1003bdc8b8369877a0e3e741366be2497a5a2ff5698861f1c221f2d790a5b913a73e |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll
| MD5 | 167cae09a71fa46febe0a2cb522db79a |
| SHA1 | f6d158bcf00242182c7845000d7aebdeddaf7518 |
| SHA256 | 18c53d1c428652a490062716bdf3f0506b99b32ae5c1e474263c436218e1c9ac |
| SHA512 | 8e3fd84851952c95654a93beb74cfbc35ff51c5aaf49997e15607e6d1b0802c5bd995119046919c6f82991d5f34273c71f84c041179f6ac5c6758cd97b627ef9 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadGC2.dll
| MD5 | 6f346d712c867cf942d6b599adb61081 |
| SHA1 | 24d942dfc2d0c7256c50b80204bb30f0d98b887a |
| SHA256 | 72e6c8dd77fa7e10a7b05ef6c3e21d3f7e4147301b0bf6e416b2d33d4e19a9c3 |
| SHA512 | 1f95a211d5dd3e58d4e2682f6bf2c5380b230e9907e2882097b77b99520cd2c788f43ad2abcce617dd8ded0043e4ef1c8b6e083c44688b23109868e6cdd2364c |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corez.dll
| MD5 | 355f1b97cad97743a8e70dd2803e2f9d |
| SHA1 | c7c12bc74483874cbdd39343d149509be355c2d9 |
| SHA256 | 00d4986dfff92cfdd45576da9100d49f374a8dba1a476cfc8dc7cf50f5a6735f |
| SHA512 | eb7f8d7b68ab01a95de5aad0023fc4c51c3828138610b488c92ca3ab5c320305f295467972b542c7fe436d08e21ba7926a997702e4383ce5f4cbc674f62479b7 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corem.dll
| MD5 | 71f601f8151e34ef31307ab4e46e902d |
| SHA1 | 1f3d312e2f4755b7f2decca1dedb91bc795288ea |
| SHA256 | deac6221d0abe480012e836e5e9dd915828ae55401f0c46fb7ce8049c380c698 |
| SHA512 | 377e6c9540616cad77cf151a31f6461338910d441a12b26175d8bcc2020eba83f621b0df1756123b58fb4358786fcb6a3e187af11123f100a91255218a616aa9 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swresample-0.dll
| MD5 | 77bceb240f65c91d26299a334a0cf8e1 |
| SHA1 | de9d588a25252d9660fe0247508eadfa6f8a7834 |
| SHA256 | d179c01c646d821cf745ae5e66ffc7ed394a61a595ecc2bccf27dc144ba91a2c |
| SHA512 | b380b592c39fd22302fc4a36aa6f773a79253230f0dd73ad129500654dbdf24c5a0b0ae3b2a4ffd762da4f9705a0c8e48ad4372d85cdb6271c5d3f315c82a281 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadVC2.dll
| MD5 | 54aeddc619eed2faeee9533d58f778b9 |
| SHA1 | ca9d723b87e0c688450b34f2a606c957391fbbf4 |
| SHA256 | ee15e6e3f82c48461eb638c1ea11019ae9e3e303e067e879115c6272139026e7 |
| SHA512 | 7cec39f32804109b3d502027d1ec42a594c1e4a2d93512195c60bd41aad7e32a8b0eb21a0ee859fecb403ee939eebc4608d9d27a4002b8c282de32f696136506 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avutil-52.dll
| MD5 | f832d24b70a2f4583c57a5fa9b6f0d68 |
| SHA1 | 092ce5cb6bfe6eadde62c4cfb911eab2474196f8 |
| SHA256 | 67a0f7d47ceff1407b9c4851032346a9b81a75fee6569274f15d092610f04cdc |
| SHA512 | 41048c023871b485718ae219f0d79bbe01a0704f8d2107d68ead2262e3f66737718afbb636b02109d1a2b427aab04dd394ef82d8014298fa3fdee0c61bfab185 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll
| MD5 | 2985c39796fb4a5f4357a1a7a134ad45 |
| SHA1 | 305dc537a03e0137a529dc30bfd2fc6c185402a3 |
| SHA256 | 4f17b1ceea162390f64f54a3d13de4bb9e553da1e51ae7061545b7843ddad9ca |
| SHA512 | 4764dbf01defe417d587adbee16901bf374e0548d4a00f4f977f058dbe00c54712fd25162e1bf1986b55521cc2f005e7ed8e78db15e6cabfddc6b6924ec423b8 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll
| MD5 | 6b007bedabaa20fb6d445bc62f1091d3 |
| SHA1 | d3905661051c4415ac92bd5492100a5f2df6f659 |
| SHA256 | bfc20232c4ecf4aece403d005624c82a64a2d54d5d84720341dc6d45b3522ba5 |
| SHA512 | 7b0cb0959434437f31ab3e6df721be412de003979f19a66d3855ee4c87fe8a79d5cc4b42e6cf453be9289575854d2176d2bfff88a9308f5ab9f0895c0a899cfa |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll
| MD5 | 40a07cb8bdaf977efec40f317e740cab |
| SHA1 | 50096e564d19a8799b4eb136f3282c4ed6aa59e8 |
| SHA256 | 3a57bc0b97b9b376e75dc674e3a58303db2cb3bfd4a3933e1a75f16bd6bc31c8 |
| SHA512 | c64e866365f0bd94ecd588f886429df9387b985fee2d03d8fb03bae799266a14d4f02249c01aff6214f7072cd678700a9ad3abedb8c3e81977837255a4741bc2 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll
| MD5 | 54b0221dc97992b5170cac659aa60ae6 |
| SHA1 | 8a0df459f134cee59cc442c3d98386fc2f6a532c |
| SHA256 | b66dadc8e64a0179e7af465800092937ecb020dba8f0b12efe7001d004b9ca7b |
| SHA512 | cecea736365373a5ebfecf18e2fd4d8a0052cb14e31247461cac99d8b0d50c50139fb610e68553379aba3e6839cb314b02b4c84e2313f44758d864066078f464 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll
| MD5 | fb9763ac3b3f51551b4a77e833c395fb |
| SHA1 | 9a3f8e9225f214b31b4e703fe428b0537a7cac63 |
| SHA256 | c0fb1896ee5838e9f8bd1e4495367baffa0e71aa2d3785944d5b470f29aec53a |
| SHA512 | 6eecdf0d290e259fcb1c8aa9da5f3ca32f760c9039b84b11f40b63b39b1119152bde54d2c6e1c7d0a1af9f64c6a340501f934000a2f3e232612f525dd9b0c7fd |
\??\Volume{57af6234-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{af1c25b7-61ba-4f68-810c-87667473f5b7}_OnDiskSnapshotProp
| MD5 | 7b6e600369e1adeb53aacfe2e2a6c43e |
| SHA1 | 68503d1e77f06ca3c02bd422222b7db00696d043 |
| SHA256 | b686c1ff746598d1a34ff6ce77ac651504c763eb06b057995fabe997100117b4 |
| SHA512 | 46671e4098f159af22aa0ec6acf904f19c2ba40e869d8aa3fd1c1763e83d4e4ea31aa71aba3cb35ab070f28f1a179269b64404538d2c9c7b828aa3736dd44e09 |
memory/1384-103-0x0000000006D80000-0x0000000006D99000-memory.dmp
memory/1384-101-0x0000000006D70000-0x0000000006D80000-memory.dmp
memory/1384-99-0x0000000006D60000-0x0000000006D6B000-memory.dmp
memory/1384-107-0x0000000006EB0000-0x0000000006ECA000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Player.dll
| MD5 | 08c68e4121ceeac71745015bf17126cc |
| SHA1 | 103792ab800377092aabefbf4b94d0a882afdc3c |
| SHA256 | e18254dd1e074eb57971d91ab62502611dee96aba1203f2b21810d8d0e761b3a |
| SHA512 | d66c9db8a876260f4b86604dd71a52b72dd91d79b7d1da711c45577b0dddbda8e46802f6184c2cd63a202f58cdb04d51da865968b7b203b8c5c2a76a8cfb5bce |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SharpWnd.dll
| MD5 | a555f73041756d249093a1d6a6f28448 |
| SHA1 | bc75a0047342fb157047c19193c02a8149187656 |
| SHA256 | 2ad9292c875cb8b71a437b0da803d07867d2ed8deae4568f2be1f623755d5b60 |
| SHA512 | cb2166fcf3a73e60fef9b90102f6aba3a913cc0e84ca0a5c4cd43c52d21ad1696040215b302d2a46d61599024679cb2477fdaffedcc88396ae9c7ff1c649c84d |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | 72a2c5e7b9f1fc17755d89fc86715a66 |
| SHA1 | 8a65380c0c8aba0068c628840e4a51c1cf8e9519 |
| SHA256 | af3ea8aae21a13ac89ae224dfb00d4289bde46698892d2d6f3f706ff8af84446 |
| SHA512 | ea8ff88b812fc8d77ecd61ccc9b0bcde986fc0f1fa0fdf9ec02ed46f8e9989538472223aea9640ca6bcb2ccc3a3999ac3e72adf3b2d02a76ed67c1c5f96bf766 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ImageZoom.dll
| MD5 | b01a100820095dc05fdaa0d1c3b5ca14 |
| SHA1 | 70af3c7337248cd4dc8c65d5ba1d18d3fba926b0 |
| SHA256 | ee7205fa96539f9d9e62f5a403a06004c6c7235b7caee368dcb0db3a765c21ad |
| SHA512 | 883891959202294edceb3a6360f450182d59e097bb4b0f9fe18b5316c6591aee04d0cd5bf01c1b23d1727b59eeee7c148e56eea2a7436902170993318386933a |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll
| MD5 | 71e603e402afd0fdba84a781c9934446 |
| SHA1 | b3a529f7e470e478a77404846d17c1ad2ff017cb |
| SHA256 | 5ff3186465a347ce8a13991fdb659f77ee21ae5dc9813b9fb2aadafda8a86491 |
| SHA512 | 45aba98b564e4c18bc8fccb71ad4cf1f03770a916c074c1cbf8546f1385dba6e041c67fd870f792a5eec233b8d19bbbe4c4d047015266ac5c060caf037af9c28 |
memory/1384-115-0x0000000073280000-0x0000000074128000-memory.dmp
memory/1384-116-0x00000000741A0000-0x00000000744AE000-memory.dmp
memory/1384-117-0x0000000000400000-0x0000000001554000-memory.dmp
memory/1384-120-0x00000000730F0000-0x000000007327E000-memory.dmp
memory/1384-121-0x0000000074130000-0x000000007419A000-memory.dmp
memory/1384-122-0x0000000073060000-0x00000000730EB000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll
| MD5 | 3f7663206ef2069d0cc16cc1e813d7aa |
| SHA1 | 2ef1cc5457cb36b4e50de36a9a86b8c7ddf02092 |
| SHA256 | 7896a7429e431a74eb43be3a235dfd1d6625e8634f6ad247c2eb13e8d3d298ff |
| SHA512 | 2e9f33bb0f776168e600d90a1fea188bc30d587e140b0cb2479384b347aa034152f242ff61e26f8e3fccaf473a2e940641e3db16570dfb1c15b5bc80f8593e34 |
memory/1384-128-0x0000000073030000-0x0000000073053000-memory.dmp
memory/1384-130-0x0000000072C30000-0x0000000072C67000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\templates\bank.wav
| MD5 | a60d3072a719260abb73a4011ff30642 |
| SHA1 | cfbf6fac5fdedd793c902b31359c7c94d8e85b52 |
| SHA256 | 523e7e3cc6be48a5f8ac28517a68557ce7d051d047c84d868a00e21ca600c1c8 |
| SHA512 | 425d425e78829b98476fe72b82204423aa52b64b7a0aca92550b371291e557118b3445c28d5494980539e894e1126380dd837eebcaaedfffddd36aaddaf717b9 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\awebform.resources.dll
| MD5 | 0e77bfad6b92733c3296a04719375901 |
| SHA1 | 982674869e2e76ee10937e946aad828ebea818ff |
| SHA256 | 87810c5d06310b6e61398314300646a0582fad7a99dba8368a06c886a59a38af |
| SHA512 | 391f6558d5b3241b1e1490763c80633b288e0b8a770815116530b352fb81ab7d18784d9103669c903e6b5b501cb8a062517dc599609bb269b86bf16cb8e8e7bf |
memory/1384-131-0x0000000006820000-0x0000000006979000-memory.dmp
memory/1384-133-0x0000000071D50000-0x0000000071F0E000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
| MD5 | 6bb5d2aad0ae1b4a82e7ddf7cf58802a |
| SHA1 | 70f7482f5f5c89ce09e26d745c532a9415cd5313 |
| SHA256 | 9e0220511d4ebdb014cc17ecb8319d57e3b0fea09681a80d8084aa8647196582 |
| SHA512 | 3ea373dacfd3816405f6268ac05886a7dc8709752c6d955ef881b482176f0671bcdc900906fc1ebdc22e9d349f6d5a8423d19e9e7c0e6f9f16b334c68137df2b |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\License.txt
| MD5 | cc5d000307075f7c16eb5cf2c8606c8d |
| SHA1 | 0169dbed302b8a3d142522e6bcb6040609d07232 |
| SHA256 | 66014baaf612e3aa3084b0c9d7fd95041606f6157236ea10e80865e7cee4cab4 |
| SHA512 | d8cc2a3ae2bda1ad7d07f5ca4645c60d67bbb719ea8c42696e749604205b43fbb8630060924a486fee7f8f38984e53ab9c9016eabf8a548f9eec177d5d8b268e |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Readme.txt
| MD5 | 969c656269ca1f8437d76200e7620bcd |
| SHA1 | 80c6b239567b19e358250c8cbda9f100e6b0c28a |
| SHA256 | dad36f230fb9f65767b07006df1f73d04ad55863f17c1d0343771ce6c5e2ccfc |
| SHA512 | 030ba239643d0d2e68283ec428dbf916021b7e3939d2ad7df4ef7101cf581341e50b7900dd6aed32582df8c66539d0d5032106b9e41a95cf2886a25941f15941 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest
| MD5 | ce3ab3bd3ff80fce88dcb0ea3d48a0c9 |
| SHA1 | c6ba2c252c6d102911015d0211f6cab48095931c |
| SHA256 | f7205c5c0a629d0cc60e30e288e339f08616be67b55757d4a403a2b54e23922b |
| SHA512 | 211e247ea82458fd68bcc91a6731e9e3630a9d5901f4be4af6099ad15a90caf2826e14846951fdd7d3b199994fd3ac97ca9e325cf0dfeb9474aea9b0d6339dd3 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Fitness.raw
| MD5 | 67565ca5e464eb4cf970fcff3d73d28a |
| SHA1 | 9ad642857222691f9e532727233d42a2ffa98330 |
| SHA256 | f8f5766d57653559927075c6328e613ea292a4da0e185feafbe3d353ef9cb27b |
| SHA512 | 7123d2177ec3250c85870f4ab51799ae506ad711528c298963396d5b90d93260bbeacc085b4d7a93c640a35b0d2de3873e72a8f23f75ada3378fe7ab34cc422c |
memory/1384-144-0x0000000006820000-0x0000000006979000-memory.dmp
memory/1384-143-0x0000000006820000-0x0000000006979000-memory.dmp
memory/1384-145-0x0000000006820000-0x0000000006979000-memory.dmp
memory/1384-147-0x0000000000400000-0x0000000001554000-memory.dmp