Analysis Overview
SHA256
e180a6af920dd1910d277e1d969d0d3367d221ee7dd84331b2f98b98be3b853b
Threat Level: Known bad
The file 1414b254f44bba8e17b01983dc22adde.bin was found to be: Known bad.
Malicious Activity Summary
NetSupport
Maps connected drives based on registry
Modifies Windows Firewall
Enumerates connected drives
Blocklisted process makes network request
Adds Run key to start application
Executes dropped EXE
Drops file in Windows directory
Loads dropped DLL
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Checks SCSI registry key(s)
Uses Volume Shadow Copy service COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-03 01:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-03 01:02
Reported
2024-02-03 01:05
Platform
win7-20231215-en
Max time kernel
137s
Max time network
154s
Command Line
Signatures
NetSupport
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\IObit Workshop Ultimate = "C:\\Users\\Admin\\AppData\\Local\\Programs\\WinIcon Maker Free\\CPPlayer.exe" | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA2C9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f769cfc.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev3 | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev1 | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\f769cfb.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f769cfb.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\f769cfc.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f769cfe.msi | C:\Windows\system32\msiexec.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
Loads dropped DLL
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045.msi
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000003C8" "00000000000003C4"
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
"C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
"C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="CPPlayer In Service" dir=in action=allow program="C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe" enable=yes
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="CPPlayer Out Service" dir=out action=allow program="C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe" enable=yes
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 128.138.140.44:37 | tcp | |
| N/A | 127.0.0.1:49364 | tcp | |
| MD | 5.181.156.118:443 | tcp | |
| US | 8.8.8.8:53 | geo.netsupportsoftware.com | udp |
| US | 172.67.68.212:80 | geo.netsupportsoftware.com | tcp |
| US | 128.138.140.44:37 | tcp | |
| N/A | 127.0.0.1:49480 | tcp | |
| MD | 5.181.156.118:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab4AB8.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar4B86.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42cdddb939ecd4b92fe7c9c28cdda96c |
| SHA1 | fd0ac6af4008a2fb4e52bded0022bce9fd2c5c05 |
| SHA256 | 2216f73d73c7e412836c89cbe8a19d0564d571e6ca39dd532fab6dcb03163dab |
| SHA512 | baf1f7d89524775dc9ff88c10c1bc6efb6474a63c5d4a3f5f67a03050fab257277db2a9a12360c592b207f58125523a8f1e3ae33c21715fc08c63f2d1e701d84 |
C:\Config.Msi\f769cfd.rbs
| MD5 | 4479ba9a62af112db37c0eb20c40161f |
| SHA1 | aa419cdbfc309c15ec603bc62dc28bc36ec8a9c0 |
| SHA256 | e820a8a39f65bcba1528fa5b3cffb69a624aa367b4d9791fd899c57469d96d38 |
| SHA512 | e68486f55ef3d4e6c84e39d6d064574c37b0146c388c2565b9cf9a5d25b29c2cb21c6ba14a1fc71f9f1dc408c0ef1ffa9772095ce6d08fb805c85f04d20b423e |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
| MD5 | bf4f582955a63e6f5bd77cf29be0f175 |
| SHA1 | 6ad9ac5a6df06123cdd9069618b3018204d70d68 |
| SHA256 | 9551fad7beaa93e763dcba13c15a754c505d1700654d39dcc8d0418f65ef6d23 |
| SHA512 | 9b04a9c02b248b8e401fbac9df7ee5463768ce2491f863fac987358fa6bffc8519554f6ac08711fc4afc90461b4512030d037c1bb7d75eb6e817ad825ba776c4 |
C:\Windows\Installer\f769cfb.msi
| MD5 | b974b02a6874bf2fee34f15cd7b7253e |
| SHA1 | 7994892d3104d9645ae8119c3becad03d8a1e5a9 |
| SHA256 | 374f9f28c448424774dd3b3d24c11fc437e372f45c48855c18f3a84f5f585dcb |
| SHA512 | baa13d89c129ad87d4ebd5672763af206be61879126383508b65aaddc98c1a5506de8852a429e744362bc803126ce844300bd58b8f253681b32968662467b48d |
memory/3016-111-0x0000000000230000-0x0000000000231000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll
| MD5 | a9c41f8d5882f9652cf6df7fe9faf4c3 |
| SHA1 | f8fa29fbc9aefe16c11c03811d17f32bbdd38f8e |
| SHA256 | a447946b0d66d261834f864c93a6f716107c4542b9a1699547d6aa9ad8afd223 |
| SHA512 | 00f966d9cac5b84bec52105455834ec94be3916c805ad1b8202599c4595d4551f67ff5c3d10d1523d7f30fa6b8d14a303a9ef5532b5e0fed7b25b476fae62e0e |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll
| MD5 | e2193bba2b20854758ad129c97a37037 |
| SHA1 | ab6e5bf4dd6fe138d00e4168b2b3086cb27899cb |
| SHA256 | b38c1d50f4560bf2748a15f20e21d04062fdae7c697326abe7a78d24a813cdbf |
| SHA512 | 3e387a39792ea9f896b6e60772352419ab92a084a5b57a67caf30aefa546854027967e6d53af50fa3e500a60ac117f7f81b030b3d639d3e7ae9ff2d49ac31f46 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll
| MD5 | 3dd935dee99f1c6e39b33cf5078cb0a6 |
| SHA1 | 9a8bfe1a3d9fed51329fdd892839885294d2e926 |
| SHA256 | 50359d692db0a3e7fbf37f112964e48d18997761ebaf3db355b00e5bb8257497 |
| SHA512 | 51706ee2c78f6519debea13967200e300f473edd27772f1c4b1a57bfe4dc2b89ec30d43bba61094fc7fda99776b4aa306ab519e1f846c23e0ef7ea3c1295dd2d |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadGC2.dll
| MD5 | 6f346d712c867cf942d6b599adb61081 |
| SHA1 | 24d942dfc2d0c7256c50b80204bb30f0d98b887a |
| SHA256 | 72e6c8dd77fa7e10a7b05ef6c3e21d3f7e4147301b0bf6e416b2d33d4e19a9c3 |
| SHA512 | 1f95a211d5dd3e58d4e2682f6bf2c5380b230e9907e2882097b77b99520cd2c788f43ad2abcce617dd8ded0043e4ef1c8b6e083c44688b23109868e6cdd2364c |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll
| MD5 | 7cc1bb46f4150478eb2c204f9a4ee21b |
| SHA1 | ab5f46761c911870e32431de92d0071f06b92ab0 |
| SHA256 | 14fd3db89c06363e8aae25b2ab304cf93b13938f857c9ab5c2754e4be0a4cdf0 |
| SHA512 | 16c68509d6f89ba48b08fe208625c32be013c51e1b87355120e29d78cbeb58cba94f1dc5987b87942c19e5b3e116d06485bb215129fd6ec6970f9cf144558a55 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll
| MD5 | c8a868ef16c4b8af1f11d2ece91a933a |
| SHA1 | cbf5ad08482c51dcfa249e110e3de8459d274e92 |
| SHA256 | f6a94ae34f369b9dda2cfaa469d34f418c6aa22ef14b163892240c2755716ec9 |
| SHA512 | 4368fcc16fba9c80f67ba5b3ad32f772dfdd2fb4aebe1007bbe86ff7f216e4476c8f2ca831f4efe970d4d51e6f669bf1a54f8cc9830f2daab138b6a37fd0b759 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll
| MD5 | fcb2fdfac9c0371f27914af2e8bf7db5 |
| SHA1 | 06f405668a7f08c81df660c2a61cdd4d2e492798 |
| SHA256 | d6ad6a32bcec409d56e4391ac27d5a1c70c083e319824b95cdd48454cf286238 |
| SHA512 | 666728a0e4cf8430df347918606467d41b7ca360e73b96dcbdbf7675d26d66779928d5d02506213a33036fa3ed967e4a56874a26b4693f5a914c7c368814fa34 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll
| MD5 | 63c4a9ec3ea194bddeff7e3c49745d33 |
| SHA1 | 25b3fd09a969a90f0b7fa5bd2cf011ffbe26d3f0 |
| SHA256 | 8c2aac49c0c789f3fe97e4123651b2aff27973529367bbcd9d1a41db052342f5 |
| SHA512 | f813799752052d527d9114118f7cda9b90e076a901288d5b8f285e1c30edc2f5c8b5a103347629a0e034841101be316b24be9b2584a47535eb387fe1c11f67fb |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll
| MD5 | c59aac37d518bf39d15fbf74b3070b03 |
| SHA1 | b9db3d05619e564345584a5c144e604e18cfdc05 |
| SHA256 | 1be603a8cf22cb6d0d8aef08e4047cb87af55eb64774e6fc24c343d3369711ba |
| SHA512 | 55eb242ec8cf00492f65f51a27f2f06c318ce0818980c2d0fdca72b7dc3cf3f0e96139224d6618a35be7f63511fe73d7de425c0ea127316df11aa2c5caf97252 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avutil-52.dll
| MD5 | ed21cb2fb7260cc5b204a2dcca0882ec |
| SHA1 | fc94e2a5786b435139a0e8c5c7e9f8047742972c |
| SHA256 | da8e315c0082a56f578e0b17a8b9ad32ad28de8c8904e163543c1c46ce5fdd9f |
| SHA512 | 2c6f88a762cb166ba5249c585866dae73907e19d2803a469f5c892f8b8d4f02d83aaa4141e5337ab0ced8d08bf189494d10466e595c11e016b6c25402e1a4bf0 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll
| MD5 | abe5ff1117f8ffe63ca9eda95c689e96 |
| SHA1 | e9fe4ccaacbd6ef9eb73bd5ce489869cf9828dfb |
| SHA256 | cfd8445dc4bb85f5d8b3fafe2d05ad4cda25c931d574d69e86f3a3995b49646f |
| SHA512 | ef816f700dd6840d5ac7743bc1021bfdb2c4e7999fde9942cb569a752c8bab3eb1b3a33c2f6816d82c54f3aa168aec5226b89fde14cc1055e10aaaa3b1acfa70 |
memory/3016-134-0x0000000005AC0000-0x0000000005ACB000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corem.dll
| MD5 | b1599f49643217e9e71d2ab67b557a74 |
| SHA1 | bd2c49422fbbbc7d6c5dd4b1bdd7c5fdfb44ddbd |
| SHA256 | be173ca97cd23e82146d80060da16947fd3bed8ba586dee6ddb0a202f4a2702c |
| SHA512 | 6e9ac9a3d6e0ed73c02421ed24218991b04637445f93e74bfd5b19a9c5b246126e47b0a5173a8cd067901a1fae6fed964271a912fb3abcf857ef7a3e3667dc5e |
memory/3016-140-0x0000000005D60000-0x0000000005D79000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corez.dll
| MD5 | 355f1b97cad97743a8e70dd2803e2f9d |
| SHA1 | c7c12bc74483874cbdd39343d149509be355c2d9 |
| SHA256 | 00d4986dfff92cfdd45576da9100d49f374a8dba1a476cfc8dc7cf50f5a6735f |
| SHA512 | eb7f8d7b68ab01a95de5aad0023fc4c51c3828138610b488c92ca3ab5c320305f295467972b542c7fe436d08e21ba7926a997702e4383ce5f4cbc674f62479b7 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll
| MD5 | 1cf5aff7cf078a12c8b61d939344137d |
| SHA1 | a80a4f3fa234c28d7f7ec7098a2ba595666bed42 |
| SHA256 | ac77248649a3ead28ecf0b92468c199e73e6d3d79797121deffbb56a3618b2e2 |
| SHA512 | d4d0a1b19455e5d51159e1c6d91e2916a8614ac7ac0e962316c9219972ceac991aa63d73c752c6a8b5808786366c58e16927b39f80ed7b7923663d571a447c9e |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll
| MD5 | 2bfde296a36314cf1a5debef1c53750f |
| SHA1 | bf9e8dfabe5ce130595a5f40d96ab48b20418cd5 |
| SHA256 | 7d5ff07ef899a861a66deece8d0b879df8d29d08457e0ebefb08116a59b0271b |
| SHA512 | ea6e3488dbe2d9b316c7900bb6519f867e3397b565c022d01ed53e4892c9c1809b5652a38619838194b2de211541368e13cfa6f9da8d6c72114ce5e33f9042a5 |
memory/3016-137-0x0000000005AD0000-0x0000000005AE0000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corem.dll
| MD5 | 71f601f8151e34ef31307ab4e46e902d |
| SHA1 | 1f3d312e2f4755b7f2decca1dedb91bc795288ea |
| SHA256 | deac6221d0abe480012e836e5e9dd915828ae55401f0c46fb7ce8049c380c698 |
| SHA512 | 377e6c9540616cad77cf151a31f6461338910d441a12b26175d8bcc2020eba83f621b0df1756123b58fb4358786fcb6a3e187af11123f100a91255218a616aa9 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ImageZoom.dll
| MD5 | a18318cd9b29a755adb1d14db06ea527 |
| SHA1 | eadddd96a981a0d81d6906962d48a0a5197d15c2 |
| SHA256 | 0d9da879ac5d4c8702a84d3b54e41631da32433b1d9d5e1b5e527699d5fec10a |
| SHA512 | 938120c2ec7cd96da6cac8a2dcf4f2ce84aedb1848b39803e27bb1c249e9ab279a23ca5c254ef793c92e91929ea60eacdcbc5cbb8b894bebf6c42ed83a9f16b5 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ImageZoom.dll
| MD5 | 2fe28fef080213035f0bb5ee70b6d715 |
| SHA1 | cd5616deecb67545b06f78eccfe35b2348b84cad |
| SHA256 | f3ce65b391bb78b5bf0b6eaac213f83261b39882ca292917b33f2b896d8e14e1 |
| SHA512 | 3434b9ef29bcf862e06d7cb133da5db86b9610a489482c9c86da7d8069bc5e0a75744ef2c38d7b0ea5821649eaeb9cea00d2b1c9ca0a5b051f5f208f2d91bfb0 |
memory/3016-150-0x0000000072DE0000-0x0000000073C88000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll
| MD5 | 66317d9d2656b3997ec9a291c6097e6a |
| SHA1 | 9f6643289df92d0eb18e7d648c323bc976d178b1 |
| SHA256 | cd06b42da99fd4f70e8de7387c324ba1d1934341e404673a7865f000e86f8ccf |
| SHA512 | d9c01477bedb93f07015e7462f2b531bd2ecb5b9f923c11e3a3745527fcac161855a508d17d5cf7759f3c4cc63067c55086fc8f78900d4f4acc39d961ceaf581 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SharpWnd.dll
| MD5 | d2769ec79a5dd9581fc936e7df72e5f9 |
| SHA1 | 2829a06662e31147f920a82fe8184319204bb86d |
| SHA256 | 0d5ef6fea41ccf163f4f46742516e9960fab0454f2fc89117a9e073d745c4285 |
| SHA512 | d910c25cb94c35f9c27f320e6ba4c4886e30e5e87887a322a3fe78f98509eae2842e7eae8181006967439b7f315e21caa2783b248183c1f0f79aec46e99d6075 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SharpWnd.dll
| MD5 | a555f73041756d249093a1d6a6f28448 |
| SHA1 | bc75a0047342fb157047c19193c02a8149187656 |
| SHA256 | 2ad9292c875cb8b71a437b0da803d07867d2ed8deae4568f2be1f623755d5b60 |
| SHA512 | cb2166fcf3a73e60fef9b90102f6aba3a913cc0e84ca0a5c4cd43c52d21ad1696040215b302d2a46d61599024679cb2477fdaffedcc88396ae9c7ff1c649c84d |
memory/3016-151-0x0000000074770000-0x0000000074A7E000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll
| MD5 | 71e603e402afd0fdba84a781c9934446 |
| SHA1 | b3a529f7e470e478a77404846d17c1ad2ff017cb |
| SHA256 | 5ff3186465a347ce8a13991fdb659f77ee21ae5dc9813b9fb2aadafda8a86491 |
| SHA512 | 45aba98b564e4c18bc8fccb71ad4cf1f03770a916c074c1cbf8546f1385dba6e041c67fd870f792a5eec233b8d19bbbe4c4d047015266ac5c060caf037af9c28 |
memory/3016-145-0x0000000005EE0000-0x0000000005EFA000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Player.dll
| MD5 | 08c68e4121ceeac71745015bf17126cc |
| SHA1 | 103792ab800377092aabefbf4b94d0a882afdc3c |
| SHA256 | e18254dd1e074eb57971d91ab62502611dee96aba1203f2b21810d8d0e761b3a |
| SHA512 | d66c9db8a876260f4b86604dd71a52b72dd91d79b7d1da711c45577b0dddbda8e46802f6184c2cd63a202f58cdb04d51da865968b7b203b8c5c2a76a8cfb5bce |
memory/3016-154-0x0000000073F80000-0x000000007410E000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\postproc-52.dll
| MD5 | f75d1b175e1687ee0a9b9e4a7abd123b |
| SHA1 | 026f4db79aa8db651964acf17233302d1809de1e |
| SHA256 | 72180a408b13b7d98c0bc2395b886a5c3aa0b2dea39ef081e193f60ef373365f |
| SHA512 | 200aec20c95b1ec2e7d1bb33ed89d846a128847b82c9d09aa2788b258967e750718414f05bdec0cf2e4f9c7af697404e19caccac354a1a62db52e76c6a45886b |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll
| MD5 | 6b007bedabaa20fb6d445bc62f1091d3 |
| SHA1 | d3905661051c4415ac92bd5492100a5f2df6f659 |
| SHA256 | bfc20232c4ecf4aece403d005624c82a64a2d54d5d84720341dc6d45b3522ba5 |
| SHA512 | 7b0cb0959434437f31ab3e6df721be412de003979f19a66d3855ee4c87fe8a79d5cc4b42e6cf453be9289575854d2176d2bfff88a9308f5ab9f0895c0a899cfa |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swresample-0.dll
| MD5 | 77bceb240f65c91d26299a334a0cf8e1 |
| SHA1 | de9d588a25252d9660fe0247508eadfa6f8a7834 |
| SHA256 | d179c01c646d821cf745ae5e66ffc7ed394a61a595ecc2bccf27dc144ba91a2c |
| SHA512 | b380b592c39fd22302fc4a36aa6f773a79253230f0dd73ad129500654dbdf24c5a0b0ae3b2a4ffd762da4f9705a0c8e48ad4372d85cdb6271c5d3f315c82a281 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadVC2.dll
| MD5 | 54aeddc619eed2faeee9533d58f778b9 |
| SHA1 | ca9d723b87e0c688450b34f2a606c957391fbbf4 |
| SHA256 | ee15e6e3f82c48461eb638c1ea11019ae9e3e303e067e879115c6272139026e7 |
| SHA512 | 7cec39f32804109b3d502027d1ec42a594c1e4a2d93512195c60bd41aad7e32a8b0eb21a0ee859fecb403ee939eebc4608d9d27a4002b8c282de32f696136506 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll
| MD5 | 2985c39796fb4a5f4357a1a7a134ad45 |
| SHA1 | 305dc537a03e0137a529dc30bfd2fc6c185402a3 |
| SHA256 | 4f17b1ceea162390f64f54a3d13de4bb9e553da1e51ae7061545b7843ddad9ca |
| SHA512 | 4764dbf01defe417d587adbee16901bf374e0548d4a00f4f977f058dbe00c54712fd25162e1bf1986b55521cc2f005e7ed8e78db15e6cabfddc6b6924ec423b8 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avutil-52.dll
| MD5 | f832d24b70a2f4583c57a5fa9b6f0d68 |
| SHA1 | 092ce5cb6bfe6eadde62c4cfb911eab2474196f8 |
| SHA256 | 67a0f7d47ceff1407b9c4851032346a9b81a75fee6569274f15d092610f04cdc |
| SHA512 | 41048c023871b485718ae219f0d79bbe01a0704f8d2107d68ead2262e3f66737718afbb636b02109d1a2b427aab04dd394ef82d8014298fa3fdee0c61bfab185 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\awebform.resources.dll
| MD5 | 0e77bfad6b92733c3296a04719375901 |
| SHA1 | 982674869e2e76ee10937e946aad828ebea818ff |
| SHA256 | 87810c5d06310b6e61398314300646a0582fad7a99dba8368a06c886a59a38af |
| SHA512 | 391f6558d5b3241b1e1490763c80633b288e0b8a770815116530b352fb81ab7d18784d9103669c903e6b5b501cb8a062517dc599609bb269b86bf16cb8e8e7bf |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll
| MD5 | b03cf8fe42c2ee29087c799a04c08749 |
| SHA1 | 134af6acb27b3d5b5290fdb2b24802de7bdb6e2e |
| SHA256 | b4cc3e7a263e6c40df546724cecac5b916024f74b1ee7b4cc599bc7bf5c0d974 |
| SHA512 | ac29cc227e796017330d9f35d85dd4b11b60b052ba7a2cf6e691dcc74fc20c888e3dbba365e222fc1d2c0dc7c0d49285d99c0bc047a272d40d7586dc601c55a4 |
memory/3016-160-0x0000000072670000-0x000000007282E000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll
| MD5 | c4a030541c00965596af0cd4795865b1 |
| SHA1 | 23c8a71836e999649c151a205cea1eeac0f69492 |
| SHA256 | 3d6d9809d1b3691fe3c5501d4262fada7f882fe4d1555aaa51a532c329c00635 |
| SHA512 | 9ff867d97912e30f1a48156a19f52e19623c0c057d067230019712c3d2ed3a6c033d5519111a6b8e4f9b82fd9f1703ef74c52d41a72a5af0ced45f7e25066bc9 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\templates\bank.wav
| MD5 | 9199dae281cb793f8e3446a5ce1d53af |
| SHA1 | 719b055c066b08d488bd8086888077c96c6cfcea |
| SHA256 | dc8c343cc72ea6c0875a8e17d9aa81b5dac847a16d36cf8ad61d3f2099bab392 |
| SHA512 | 913fa880bcb3b57180a405a59b669e6065018de1ce5e6e1c7dbe0749e7cb7a06e42b60ac156e84137d8f2b7b4918bb754cae96697fd4cdcd5991269338b371ae |
memory/3016-161-0x0000000007250000-0x00000000073A9000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\License.txt
| MD5 | cc5d000307075f7c16eb5cf2c8606c8d |
| SHA1 | 0169dbed302b8a3d142522e6bcb6040609d07232 |
| SHA256 | 66014baaf612e3aa3084b0c9d7fd95041606f6157236ea10e80865e7cee4cab4 |
| SHA512 | d8cc2a3ae2bda1ad7d07f5ca4645c60d67bbb719ea8c42696e749604205b43fbb8630060924a486fee7f8f38984e53ab9c9016eabf8a548f9eec177d5d8b268e |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Fitness.raw
| MD5 | 700b118ad080616eb90b48fbc58b922d |
| SHA1 | 581acd1a2c42fdf5a9c04bc1a358062da0dfc44e |
| SHA256 | cfebb00eeacccf259812262a204c0b5c06d91caa40ab4890cb4d99eb9a70e32c |
| SHA512 | 97476d0600aafafaaed1f6049e1802cb2e5d8393d59dc582d221b03c8358f5161d8237cb8a6374d3f5737a8ff4c3a46a0d2232ad078516acddd0f90f06145ac9 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Readme.txt
| MD5 | 969c656269ca1f8437d76200e7620bcd |
| SHA1 | 80c6b239567b19e358250c8cbda9f100e6b0c28a |
| SHA256 | dad36f230fb9f65767b07006df1f73d04ad55863f17c1d0343771ce6c5e2ccfc |
| SHA512 | 030ba239643d0d2e68283ec428dbf916021b7e3939d2ad7df4ef7101cf581341e50b7900dd6aed32582df8c66539d0d5032106b9e41a95cf2886a25941f15941 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest
| MD5 | ce3ab3bd3ff80fce88dcb0ea3d48a0c9 |
| SHA1 | c6ba2c252c6d102911015d0211f6cab48095931c |
| SHA256 | f7205c5c0a629d0cc60e30e288e339f08616be67b55757d4a403a2b54e23922b |
| SHA512 | 211e247ea82458fd68bcc91a6731e9e3630a9d5901f4be4af6099ad15a90caf2826e14846951fdd7d3b199994fd3ac97ca9e325cf0dfeb9474aea9b0d6339dd3 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
| MD5 | 6bb5d2aad0ae1b4a82e7ddf7cf58802a |
| SHA1 | 70f7482f5f5c89ce09e26d745c532a9415cd5313 |
| SHA256 | 9e0220511d4ebdb014cc17ecb8319d57e3b0fea09681a80d8084aa8647196582 |
| SHA512 | 3ea373dacfd3816405f6268ac05886a7dc8709752c6d955ef881b482176f0671bcdc900906fc1ebdc22e9d349f6d5a8423d19e9e7c0e6f9f16b334c68137df2b |
memory/3016-172-0x0000000007250000-0x00000000073A9000-memory.dmp
memory/3016-174-0x0000000007250000-0x00000000073A9000-memory.dmp
memory/3016-173-0x0000000007250000-0x00000000073A9000-memory.dmp
memory/3016-177-0x0000000000400000-0x0000000001554000-memory.dmp
memory/3016-182-0x0000000074110000-0x0000000074133000-memory.dmp
memory/3016-184-0x0000000073F40000-0x0000000073F77000-memory.dmp
memory/3016-185-0x0000000073CB0000-0x0000000073D3B000-memory.dmp
memory/3016-181-0x0000000074140000-0x00000000741AA000-memory.dmp
memory/3016-196-0x0000000007250000-0x00000000073A9000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicl32.dll
| MD5 | 00587238d16012152c2e951a087f2cc9 |
| SHA1 | c4e27a43075ce993ff6bb033360af386b2fc58ff |
| SHA256 | 63aa18c32af7144156e7ee2d5ba0fa4f5872a7deb56894f6f96505cbc9afe6f8 |
| SHA512 | 637950a1f78d3f3d02c30a49a16e91cf3dfccc59104041876789bd7fdf9224d187209547766b91404c67319e13d1606da7cec397315495962cbf3e2ccd5f1226 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcichek.dll
| MD5 | a0b9388c5f18e27266a31f8c5765b263 |
| SHA1 | 906f7e94f841d464d4da144f7c858fa2160e36db |
| SHA256 | 313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a |
| SHA512 | 6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\msvcr100.dll
| MD5 | 0e37fbfa79d349d672456923ec5fbbe3 |
| SHA1 | 4e880fc7625ccf8d9ca799d5b94ce2b1e7597335 |
| SHA256 | 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18 |
| SHA512 | 2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicapi.dll
| MD5 | dcde2248d19c778a41aa165866dd52d0 |
| SHA1 | 7ec84be84fe23f0b0093b647538737e1f19ebb03 |
| SHA256 | 9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917 |
| SHA512 | c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166 |
memory/3016-207-0x0000000007250000-0x00000000073A9000-memory.dmp
memory/3016-210-0x0000000000230000-0x0000000000231000-memory.dmp
memory/3016-212-0x00000000062A0000-0x00000000062BB000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\nsm.lic
| MD5 | 7067af414215ee4c50bfcd3ea43c84f0 |
| SHA1 | c331d410672477844a4ca87f43a14e643c863af9 |
| SHA256 | 2050cc232710a2ea6a207bc78d1eac66a4042f2ee701cdfeee5de3ddcdc31d12 |
| SHA512 | 17b888087192bcea9f56128d0950423b1807e294d1c4f953d1bf0f5bd08e5f8e35afeee584ebf9233bfc44e0723db3661911415798159ac118c8a42aaf0b902f |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\htctl32.dll
| MD5 | 2d3b207c8a48148296156e5725426c7f |
| SHA1 | ad464eb7cf5c19c8a443ab5b590440b32dbc618f |
| SHA256 | edfe2b923bfb5d1088de1611401f5c35ece91581e71503a5631647ac51f7d796 |
| SHA512 | 55c791705993b83c9b26a8dbd545d7e149c42ee358ecece638128ee271e85b4fdbfd6fbae61d13533bf39ae752144e2cc2c5edcda955f18c37a785084db0860c |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
| MD5 | e8798daef7e0c7895563ea617cc413ea |
| SHA1 | 8f6cf6ead9a99b8dac26ad6c60bd5bf6cdb611e3 |
| SHA256 | 949a86ab77380051ee57d48591a4d41440551a9aebcbb6bed2ab38b6e0b80c6a |
| SHA512 | bf9be5164e5e4a082aa4f1cd1a98f07c99c938f7b4456f97f98d3f421e6635c7a413e4feb14b8ebc3feb8421c62987b5fbc1943267498d440549c712de25a1e0 |
memory/3016-238-0x0000000007250000-0x00000000073A9000-memory.dmp
memory/3016-239-0x0000000007250000-0x00000000073A9000-memory.dmp
memory/3016-244-0x0000000007250000-0x00000000073A9000-memory.dmp
memory/668-274-0x0000000005D40000-0x0000000005D4B000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll
| MD5 | 31980dfba9e1f25fb243131c3b1ea877 |
| SHA1 | f5a115bf24ea4c2cf289df74644de9ef2691b611 |
| SHA256 | 87e6ec9896c296786d1baeb2716a8a56036a81cb1bbad34dfdfc138ce3e69099 |
| SHA512 | 902501947ed738eb47b5d64692ab0eac93ce375203f44ce11871602b97ec8391ed7841ce99b0dea7ebe79b610a263bae8979e38acf5d24b9f06b2fb7435e1bdc |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll
| MD5 | 57daec207c981b9175e411173aea716b |
| SHA1 | 1776b4a3c568a94c2310361244828f0de87c439f |
| SHA256 | 75f24fcad76b8647c28032204593534d0bf0025db40d6f1a22f6bcdea6d7917e |
| SHA512 | eb16cd8ade3c0c4378331b8a37bba56bdc42ebb669fab787948600e8bb30897e7bc583eeff7c255cc08fb6c2579435eb5278d45b6315c5f4ba38511ae386bf85 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll
| MD5 | 9b3d5e889bee7c66beed89dd7773de8f |
| SHA1 | 7396aa1425b535601a5fedba0fb04732d4a867e7 |
| SHA256 | 83caa588105d6ffd0c8ba366e0f62de3b8f5f9789ab3db6548996340a9143a4f |
| SHA512 | 18612c1a6963e06df92798bbc1a4a645c50c65a8d832142c23b82f28524bf259337fa56d96629c205a9d4caf84d493926e220efa967a696e6e4d7f5fa88332e0 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll
| MD5 | da676bd98323ec610486963481e8b37b |
| SHA1 | 2d391527a345f9cff787c6ff6221163cffe25f09 |
| SHA256 | d1994e8b0bcee72f8012d30e24d0237d982099070faf794dda01e41c8be64b57 |
| SHA512 | 6a009398d0a04d8eac23e7b1fc73edae7f2cbdf0e99c76fbb9dab7a1d6652f32154a0c323bee48af0ba2075605ca06755eed099f1ae987fdf31731ebf82d0066 |
memory/668-275-0x0000000005D50000-0x0000000005D60000-memory.dmp
memory/668-278-0x0000000005FF0000-0x000000000600A000-memory.dmp
memory/668-280-0x0000000007100000-0x0000000007259000-memory.dmp
memory/668-286-0x0000000007100000-0x0000000007259000-memory.dmp
memory/668-287-0x0000000007100000-0x0000000007259000-memory.dmp
memory/668-288-0x0000000007100000-0x0000000007259000-memory.dmp
memory/668-289-0x0000000007100000-0x0000000007259000-memory.dmp
memory/668-291-0x0000000007100000-0x0000000007259000-memory.dmp
memory/668-305-0x0000000072DE0000-0x0000000073C88000-memory.dmp
memory/668-306-0x0000000074770000-0x0000000074A7E000-memory.dmp
memory/668-307-0x0000000073F80000-0x000000007410E000-memory.dmp
memory/668-308-0x0000000072670000-0x000000007282E000-memory.dmp
memory/668-309-0x0000000007B70000-0x0000000007BFB000-memory.dmp
memory/2220-313-0x0000000071560000-0x0000000071B0B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-03 01:02
Reported
2024-02-03 01:05
Platform
win10v2004-20231215-en
Max time kernel
155s
Max time network
164s
Command Line
Signatures
NetSupport
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{DCE33C24-54AC-4134-8C0C-AA3D26865F9C} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1F7A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e581be2.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e581be0.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e581be0.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
Loads dropped DLL
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000006c2b12180e4adb550000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800006c2b12180000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809006c2b1218000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d6c2b1218000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000006c2b121800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045.msi
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
"C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2c8 0x4c8
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
"C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 128.138.140.44:37 | tcp | |
| US | 8.8.8.8:53 | 44.140.138.128.in-addr.arpa | udp |
| MD | 5.181.156.118:443 | tcp | |
| US | 8.8.8.8:53 | geo.netsupportsoftware.com | udp |
| US | 172.67.68.212:80 | geo.netsupportsoftware.com | tcp |
| US | 8.8.8.8:53 | 212.68.67.172.in-addr.arpa | udp |
| US | 128.138.140.44:37 | tcp | |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telldruggcommitetter.shop | udp |
| US | 104.21.5.9:443 | telldruggcommitetter.shop | tcp |
| US | 8.8.8.8:53 | gemcreedarticulateod.shop | udp |
| US | 104.21.80.171:443 | gemcreedarticulateod.shop | tcp |
| US | 8.8.8.8:53 | secretionsuitcasenioise.shop | udp |
| US | 104.21.16.152:443 | secretionsuitcasenioise.shop | tcp |
| US | 8.8.8.8:53 | 9.5.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | claimconcessionrebe.shop | udp |
| US | 104.21.58.31:443 | claimconcessionrebe.shop | tcp |
| US | 8.8.8.8:53 | liabilityarrangemenyit.shop | udp |
| US | 104.21.83.220:443 | liabilityarrangemenyit.shop | tcp |
| US | 8.8.8.8:53 | 152.16.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.58.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.83.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.73.50.20.in-addr.arpa | udp |
| MD | 5.181.156.118:443 | tcp |
Files
C:\Config.Msi\e581be1.rbs
| MD5 | 3759dcf9ef56e35ffcbef6fa89b34f2e |
| SHA1 | c353ac3a969d1a27e20b0d5ba948e6c35d8e8d65 |
| SHA256 | a4239c62d3027abf60cf4db181b617d71ce69769680aec3fbc1d9c2136919703 |
| SHA512 | 3cdc83d33ecbf4c14dda121d1c5c22369d464c494bd5ab4b163f90a0149db3e0d3ec93ef675fbcaac0b23df7ef67a1d1e9d4d39f095bca43d66e283bdd07d3c4 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
| MD5 | cbcd3c3dc29a8e47388aa17dd1281258 |
| SHA1 | 4581c75abb73a76fb8c65346a6f0f651ad672df8 |
| SHA256 | 2243647e813bcf3de1277e5b3c6a20c47106d252a3214bb57279cd9d81c30a96 |
| SHA512 | d3590d76d6868390363d758c9a5b612e8c1753e1219dc8783a58914124c7dc8f82e84699ddc0a73d8b4fc8b16ab87c571f47cc83f8a1fbabfaf6f7ca59c8932e |
C:\Windows\Installer\e581be0.msi
| MD5 | d6f2e938a0685fb5f149031dc39ab725 |
| SHA1 | 5c6a895a1b70e9a94f82f59231e0379c983fed19 |
| SHA256 | e0241eb5e24ece8398939d05a2b0ed8dc0118f67c55f2f4e65aa2b06c0c2c8d5 |
| SHA512 | 182f01e719fd41fc807c06fbac827d3450c7e2f5864e09400084248a6d7cd3bd958f1b4571c23307ea081278a656aa5dd04ab9a7b3bba1309c613d7dd5aecc72 |
memory/4872-62-0x00000000016A0000-0x00000000016A1000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll
| MD5 | 7c8e9f0afd0f3ce1d6ed59a9c3cde901 |
| SHA1 | 68315edec882d05de09f1e1942d4ca84a497dcba |
| SHA256 | 6a2b43665d879eec9b20781fec9d7775e9d92aa151de0b4c2f83f01f7ed7ef2f |
| SHA512 | d24c5c0c5b1d187668e4e425f08948a75059f1deb115a225d5a1eef18847724d82db9000239b5c187edcf19c1f4a34872ace2d1e23fea0b9e1f8759d1b703d23 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll
| MD5 | dbdb5903c27f3bca64720171078b7429 |
| SHA1 | c9232c75af45d6dbf04d7b58969d7c2a4cdd9398 |
| SHA256 | 49617860f595f7d29716a4957f21a4c780d75b9429caca8c7aca697c98aa4232 |
| SHA512 | 3915608722c9222b2f93069a8f07d9d31d1884e6eabfafd8aa0cc298df03d0a011bf03556127df38aef4965721ae3e644bba1e05725dac98fcf97cff626e9924 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll
| MD5 | 5e44863c4103e1d7c29a9043c208d78c |
| SHA1 | df664bc5d56c11fe27a04addd1630352080b0b09 |
| SHA256 | 74d0c361d7375d1773afc4a909092a30a3f58cb207f1e5b991cad2c059937b69 |
| SHA512 | 8877941a83e78d86c250a3d343b91eb188e35c65d8fba1c5d0dadadd6b0bd181182c5908bce1645dd7a9c90a5e37c38a8ea00fcc0d540cae5ac3665e49926a8c |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll
| MD5 | 3a44ff16930e21d0c0ee90f7d7b08dd3 |
| SHA1 | aba1324eb8b42ec4860cce0f907540e790afe9bf |
| SHA256 | 4057b1ab2fff01852b2c829720929e9194ff59602f95da0c4173483edea86361 |
| SHA512 | 96ddbb5687f328d6c8191b9d07a393306e0eb9ae04ba94a73f77fac75f7dde44343b6d792228d9eb871be7c11d17da58cf770521b79b58ded2d64420df3463e4 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadGC2.dll
| MD5 | 6f346d712c867cf942d6b599adb61081 |
| SHA1 | 24d942dfc2d0c7256c50b80204bb30f0d98b887a |
| SHA256 | 72e6c8dd77fa7e10a7b05ef6c3e21d3f7e4147301b0bf6e416b2d33d4e19a9c3 |
| SHA512 | 1f95a211d5dd3e58d4e2682f6bf2c5380b230e9907e2882097b77b99520cd2c788f43ad2abcce617dd8ded0043e4ef1c8b6e083c44688b23109868e6cdd2364c |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll
| MD5 | 3e837b82501aa2f90cc774890656d02b |
| SHA1 | a62e967c006f6bf77fbe489b01ea30993e55fe5d |
| SHA256 | c85ca44b1ff1ad0af0ca3daf5f2302498846f3fdc2f48c6c7262f08280c6f5fc |
| SHA512 | a4a55fc0ef6ae87c5c73489993e2dc6e0e36f783de79dd7894966df3ebe13ae8341a5fe15dd0e26c72865b4a936247f34b08342769edd0a94ba2b90164b0d27d |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corez.dll
| MD5 | 355f1b97cad97743a8e70dd2803e2f9d |
| SHA1 | c7c12bc74483874cbdd39343d149509be355c2d9 |
| SHA256 | 00d4986dfff92cfdd45576da9100d49f374a8dba1a476cfc8dc7cf50f5a6735f |
| SHA512 | eb7f8d7b68ab01a95de5aad0023fc4c51c3828138610b488c92ca3ab5c320305f295467972b542c7fe436d08e21ba7926a997702e4383ce5f4cbc674f62479b7 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\postproc-52.dll
| MD5 | f75d1b175e1687ee0a9b9e4a7abd123b |
| SHA1 | 026f4db79aa8db651964acf17233302d1809de1e |
| SHA256 | 72180a408b13b7d98c0bc2395b886a5c3aa0b2dea39ef081e193f60ef373365f |
| SHA512 | 200aec20c95b1ec2e7d1bb33ed89d846a128847b82c9d09aa2788b258967e750718414f05bdec0cf2e4f9c7af697404e19caccac354a1a62db52e76c6a45886b |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corem.dll
| MD5 | 71f601f8151e34ef31307ab4e46e902d |
| SHA1 | 1f3d312e2f4755b7f2decca1dedb91bc795288ea |
| SHA256 | deac6221d0abe480012e836e5e9dd915828ae55401f0c46fb7ce8049c380c698 |
| SHA512 | 377e6c9540616cad77cf151a31f6461338910d441a12b26175d8bcc2020eba83f621b0df1756123b58fb4358786fcb6a3e187af11123f100a91255218a616aa9 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadVC2.dll
| MD5 | 54aeddc619eed2faeee9533d58f778b9 |
| SHA1 | ca9d723b87e0c688450b34f2a606c957391fbbf4 |
| SHA256 | ee15e6e3f82c48461eb638c1ea11019ae9e3e303e067e879115c6272139026e7 |
| SHA512 | 7cec39f32804109b3d502027d1ec42a594c1e4a2d93512195c60bd41aad7e32a8b0eb21a0ee859fecb403ee939eebc4608d9d27a4002b8c282de32f696136506 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll
| MD5 | 4c846a970700b8b6bb6ede515bc379a9 |
| SHA1 | 3c30739f46094b34357ac27411e2cc1d14e2c26e |
| SHA256 | 33b5b93206d36105c84e30fb080d643cbfcdd4b2a084952578a21c1afb514929 |
| SHA512 | 7a4d0d492be56007dda825f80b8a7083e76eb2c3d64885f57a227cdd347f7835fa885ca5d21ff032becd3585eaaca5f06675cf52ad236d997734ae4ed4be5c52 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swresample-0.dll
| MD5 | 77bceb240f65c91d26299a334a0cf8e1 |
| SHA1 | de9d588a25252d9660fe0247508eadfa6f8a7834 |
| SHA256 | d179c01c646d821cf745ae5e66ffc7ed394a61a595ecc2bccf27dc144ba91a2c |
| SHA512 | b380b592c39fd22302fc4a36aa6f773a79253230f0dd73ad129500654dbdf24c5a0b0ae3b2a4ffd762da4f9705a0c8e48ad4372d85cdb6271c5d3f315c82a281 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll
| MD5 | 2985c39796fb4a5f4357a1a7a134ad45 |
| SHA1 | 305dc537a03e0137a529dc30bfd2fc6c185402a3 |
| SHA256 | 4f17b1ceea162390f64f54a3d13de4bb9e553da1e51ae7061545b7843ddad9ca |
| SHA512 | 4764dbf01defe417d587adbee16901bf374e0548d4a00f4f977f058dbe00c54712fd25162e1bf1986b55521cc2f005e7ed8e78db15e6cabfddc6b6924ec423b8 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll
| MD5 | b5a893d0d363e013dbf144b56042d6d4 |
| SHA1 | b1b837518f73668fcb0375bbf25f80e7accd2a50 |
| SHA256 | d85b26096b79557d975de3b463088d289a5f0aa5564c5d4416727bc119c93d97 |
| SHA512 | fc6473da03ea415615be8ac9cb3914719c376d04b8e326c4ee86c52eca1b1f7d12e2f5f13022a356859672423289519cf7338ac14635cbe6d690b5793a366581 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avutil-52.dll
| MD5 | f832d24b70a2f4583c57a5fa9b6f0d68 |
| SHA1 | 092ce5cb6bfe6eadde62c4cfb911eab2474196f8 |
| SHA256 | 67a0f7d47ceff1407b9c4851032346a9b81a75fee6569274f15d092610f04cdc |
| SHA512 | 41048c023871b485718ae219f0d79bbe01a0704f8d2107d68ead2262e3f66737718afbb636b02109d1a2b427aab04dd394ef82d8014298fa3fdee0c61bfab185 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll
| MD5 | 1cc51620d532c15b3a4ba84a113328bf |
| SHA1 | 0d1a22b301ad9cb18a82fc1046a64d98c64304ec |
| SHA256 | f15bf963da43dc20265bd43a694e1eced126c92df39dbbe396ed7b96f27e0eb5 |
| SHA512 | 8e162573386551fff33f2a13e9d6ebdc50a17feaab38ee3ae3f8cc74f2142b216492a5f9e5e3124eb4f1cc4889a56394d8e3d1ffcc0997d8055e35545e07f3cb |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll
| MD5 | 446a4ed2307c91075817d21d48de5841 |
| SHA1 | dc923247fad4b4ca397277247256f3ac2df142b1 |
| SHA256 | a850be808a098be21f139585e0809a03f96a13431c9501bf004cadb1d0336af4 |
| SHA512 | 3c333c247184c9b07c1981bbb78937b5c5efe6ba825b7c8040277814da948fa1cbd28de6df05af9191346bcc680846dcf29f6a9541ad6f3863b7236c0e11adf5 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll
| MD5 | 96a14349ab803fa52c4a0517340634cf |
| SHA1 | 75fa2782aa24fee96658dce259923d440834f24f |
| SHA256 | 3e9112234b1f990cb16c4229d08b9ef2f04cc00511d0bc8e31a413e357dfed0f |
| SHA512 | 1310b54078f5d7d6c4628fa3ed54caabde7408142fab3c312f4168a86b0111ef7a4f4c73e52f8f5ce3fc0771daa8b722a978a21e1b969fbf1e8bad6b0aa83988 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll
| MD5 | c52a212ef61694015bc08d54bc9f7097 |
| SHA1 | 9e3da2dce930fea5076663ba11a4ece0322381fa |
| SHA256 | b040ba055b899b6d7fa8faf4bcb0333023558fd8fc4d79fcee2a6c2340b07578 |
| SHA512 | 8bca48addb9e20f96793679fc53bcded3c285924d85789d2f67016903b20ec0a2bd07f4ba40d7df7674717a4fa7c54af92a7f7b20dca4bce275cd18ef696988f |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll
| MD5 | 1a0071702d427a9b124696aa0873c4c1 |
| SHA1 | 3132517036ce36dc3bbdd51121d0ee24973ba928 |
| SHA256 | cb70db06942f250f56f42918021740efa91e43b3eda500eda3a8051fde66d6a1 |
| SHA512 | 282521701da0735413302ff2f8b4a7dc1767a3425e33a512fa58cffd9cc4afea4ccb0cd856f474ed6d41f7726c522e109774f5dc1d38741a552757d3234a53e9 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll
| MD5 | 002b6bb0bb83fe702f99deb0daa6420d |
| SHA1 | 6ac0c913f9961b27444d574147cd64a760f21f55 |
| SHA256 | f0cdfa81f41cbb5dc619299ad7548f567ffb35c73586c12208c88e39b7036928 |
| SHA512 | f04af10f45715fca2bae099c238ddf7301adbf749fc41aef65879b5a85e5793fe1939123a5495bdd35eba81d747533ad81cc0418c5197c81ce2b14df6249bce1 |
memory/4872-94-0x0000000006DE0000-0x0000000006DEB000-memory.dmp
memory/4872-97-0x0000000006F70000-0x0000000006F89000-memory.dmp
memory/4872-98-0x0000000006F60000-0x0000000006F70000-memory.dmp
memory/4872-102-0x00000000071F0000-0x000000000720A000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll
| MD5 | 90a9c2e3f316705e6fa783d9b83212a3 |
| SHA1 | 93e379d410c6cc74b1ffdfa111459449106651c4 |
| SHA256 | c141d3f7c5aa1db290c824f32e1d552e3192b2b9970cbc98c40f4e9af97e6f35 |
| SHA512 | ac1ceef13bd78b6c93be426d5b35209d1a0289abaf3e30ce364fd47ea9f11f94e736302ded4a45d0f2102b7dbcca7949ded794788778a32d8f2932dba4117843 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SharpWnd.dll
| MD5 | a555f73041756d249093a1d6a6f28448 |
| SHA1 | bc75a0047342fb157047c19193c02a8149187656 |
| SHA256 | 2ad9292c875cb8b71a437b0da803d07867d2ed8deae4568f2be1f623755d5b60 |
| SHA512 | cb2166fcf3a73e60fef9b90102f6aba3a913cc0e84ca0a5c4cd43c52d21ad1696040215b302d2a46d61599024679cb2477fdaffedcc88396ae9c7ff1c649c84d |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ImageZoom.dll
| MD5 | b01a100820095dc05fdaa0d1c3b5ca14 |
| SHA1 | 70af3c7337248cd4dc8c65d5ba1d18d3fba926b0 |
| SHA256 | ee7205fa96539f9d9e62f5a403a06004c6c7235b7caee368dcb0db3a765c21ad |
| SHA512 | 883891959202294edceb3a6360f450182d59e097bb4b0f9fe18b5316c6591aee04d0cd5bf01c1b23d1727b59eeee7c148e56eea2a7436902170993318386933a |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll
| MD5 | 8c7af48b328d48a3d77bdfb752d53f75 |
| SHA1 | e7b14bfa5043c90fcca9ddf13f045612c72edc38 |
| SHA256 | 1530a033a8ff67f1a35570157ff54e75c844e05d9b2d0d13cb3f10d8cd214b45 |
| SHA512 | a48ba28419c2ee17e49dcb9837cd71a898b6e56634c19c6e133d46afdfde0f0618e406a03c47a696654b891af9efc802961b0e2624a1b41ebb198232f14ec655 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Player.dll
| MD5 | 08c68e4121ceeac71745015bf17126cc |
| SHA1 | 103792ab800377092aabefbf4b94d0a882afdc3c |
| SHA256 | e18254dd1e074eb57971d91ab62502611dee96aba1203f2b21810d8d0e761b3a |
| SHA512 | d66c9db8a876260f4b86604dd71a52b72dd91d79b7d1da711c45577b0dddbda8e46802f6184c2cd63a202f58cdb04d51da865968b7b203b8c5c2a76a8cfb5bce |
memory/4872-109-0x0000000073950000-0x00000000747F8000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\awebform.resources.dll
| MD5 | 45cdf6f89a44a6657fa3f4bc8765c272 |
| SHA1 | 4ea708ce5d5f849768b8c5495b0696c9e060425d |
| SHA256 | 63106c7e177d6a758772aa4086b1d172b8e030f390d5444377616246720c488e |
| SHA512 | d542971b289169ed368fd2d69e64777b4876f178848343b2ca1a499b5c856bfbdd16c18c39b8f788f8b2ba6cc3f4855630ac450919c06b56e5a5c291779eacf5 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll
| MD5 | a08a7ab131b6a1175ce99729084200cd |
| SHA1 | d9a496556c9454735598f518b82f224cbd4cd308 |
| SHA256 | 61870f26cfe8bae984ea1b74bcd4ae76210eaf439f5b8d2932724f369a78f646 |
| SHA512 | b38e44a9658ad7a2532baccd11273144deffb505c160ed5d505aa12a57c443225c5551c5d937e9e67d8b8ddbc08cb5880c799f5441c46aa405ba8b95e5235c96 |
memory/4872-115-0x0000000074B90000-0x0000000074E9E000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll
| MD5 | eac7bf8fb5a54164e0c629acfdd3dcd4 |
| SHA1 | a258b0bea374c6c1e38777b27bf69d13e58609c2 |
| SHA256 | 413bfdf7c856fdbde4a267047ef8fe88af73d1a3066bc5ce53a6e31240035ec6 |
| SHA512 | bdcedc54812aa93468eb40cffc2ff61dc6ec8c80729c424ab4b79b4bbdb74eb408bffea1f961ebb43573db561c689a415710a73488ca97d0e93af428c970148b |
memory/4872-116-0x0000000074990000-0x0000000074B1E000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\templates\bank.wav
| MD5 | ec65ec9068a0d26945b00e23f25f620b |
| SHA1 | 2747d715e23ddb2bd028e18cddfa08245d016742 |
| SHA256 | c0feaa7f5f57669433b80d76ddb75eca1073f37d000505c3d9f54bab5a7b8020 |
| SHA512 | 9ee6b13bdd5f9664d3c3b9fe129021a5936120364a4c5fcd80dcff6a6865cb44e128f3cd7c5e887c9cf795f347fa393246518e8f5057946f4bd598fcf063d8f5 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\awebform.resources.dll
| MD5 | 7d024eaf9d9e7a38900f665aecc531b9 |
| SHA1 | fb0453e4b81d1e4b5d9bf5ab56dde12ddea43c00 |
| SHA256 | 4cb55b45b6cc5beb7886aa828d1efffe1355d8081c31a20834caff9172ba280d |
| SHA512 | f8fa47d9e304a10dcbbe22c034cdd91a3382a49f5f67396f79ff546f509f622fc276047b628930278fef8248d9938a96b114c731fe09076c7c933ed96faff308 |
memory/4872-117-0x0000000006820000-0x0000000006979000-memory.dmp
memory/4872-118-0x0000000072740000-0x00000000728FE000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\License.txt
| MD5 | cc5d000307075f7c16eb5cf2c8606c8d |
| SHA1 | 0169dbed302b8a3d142522e6bcb6040609d07232 |
| SHA256 | 66014baaf612e3aa3084b0c9d7fd95041606f6157236ea10e80865e7cee4cab4 |
| SHA512 | d8cc2a3ae2bda1ad7d07f5ca4645c60d67bbb719ea8c42696e749604205b43fbb8630060924a486fee7f8f38984e53ab9c9016eabf8a548f9eec177d5d8b268e |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Readme.txt
| MD5 | 969c656269ca1f8437d76200e7620bcd |
| SHA1 | 80c6b239567b19e358250c8cbda9f100e6b0c28a |
| SHA256 | dad36f230fb9f65767b07006df1f73d04ad55863f17c1d0343771ce6c5e2ccfc |
| SHA512 | 030ba239643d0d2e68283ec428dbf916021b7e3939d2ad7df4ef7101cf581341e50b7900dd6aed32582df8c66539d0d5032106b9e41a95cf2886a25941f15941 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Fitness.raw
| MD5 | aba81aad8d97d6195b34c4469b884852 |
| SHA1 | 39da62ceb8129b28bd737ed37a76ee4565920589 |
| SHA256 | b5b4b2227a381b5ad6bc8f71f050845259dc5cd4065da34273fc1978a6849db9 |
| SHA512 | 029bb736106e25d073d71d806643056402b285474d866686e963ac8c91c5c0625dcdaa1d6ead3be99a3c9e55200ece446dd7e04e2d6f2b4a45fc18dda83973fe |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest
| MD5 | ce3ab3bd3ff80fce88dcb0ea3d48a0c9 |
| SHA1 | c6ba2c252c6d102911015d0211f6cab48095931c |
| SHA256 | f7205c5c0a629d0cc60e30e288e339f08616be67b55757d4a403a2b54e23922b |
| SHA512 | 211e247ea82458fd68bcc91a6731e9e3630a9d5901f4be4af6099ad15a90caf2826e14846951fdd7d3b199994fd3ac97ca9e325cf0dfeb9474aea9b0d6339dd3 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
| MD5 | 6bb5d2aad0ae1b4a82e7ddf7cf58802a |
| SHA1 | 70f7482f5f5c89ce09e26d745c532a9415cd5313 |
| SHA256 | 9e0220511d4ebdb014cc17ecb8319d57e3b0fea09681a80d8084aa8647196582 |
| SHA512 | 3ea373dacfd3816405f6268ac05886a7dc8709752c6d955ef881b482176f0671bcdc900906fc1ebdc22e9d349f6d5a8423d19e9e7c0e6f9f16b334c68137df2b |
memory/4872-129-0x0000000006820000-0x0000000006979000-memory.dmp
memory/4872-131-0x0000000006820000-0x0000000006979000-memory.dmp
memory/4872-130-0x0000000006820000-0x0000000006979000-memory.dmp
\??\Volume{18122b6c-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{f0ff6695-d9e1-4cfd-b5e1-2f793b9adcb0}_OnDiskSnapshotProp
| MD5 | 8f0b0c09228270e5e8fe77bd69142a53 |
| SHA1 | 3fbad79cef7d4c0ccabd42755f04bd8c51bdffdd |
| SHA256 | a34ec109a5a2fc2ea12eb788512fb4dcf2c5975ef7b6939bb941ac4512de4dfa |
| SHA512 | 22036ad28728d14f1240052a425d08cbb37411558501d0c01e07de56cf1198acf7fbc9842475df1c2f1731075bdfe3df0d34df21162a72ddb70109faeb218823 |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | b5a17aec450bd5f1933333edcf2e574c |
| SHA1 | 7c69d946283907b4afc84f017a88e555f555291c |
| SHA256 | 34f2d93e245fab5c764799d6faf1ba2fad61330decbe2374f7135bd4aa32f3f2 |
| SHA512 | cfc34c178158e91d56ea817d163061b80bfba1b67e0ef7d71f9af136dc174a196f406018195a32bca564ddc866f9c223e06c95d13a3cac85f712ba5f40dc6fdd |
memory/4872-138-0x0000000074900000-0x000000007498B000-memory.dmp
memory/4872-142-0x0000000074800000-0x0000000074837000-memory.dmp
memory/4872-139-0x00000000748D0000-0x00000000748F3000-memory.dmp
memory/4872-137-0x0000000074B20000-0x0000000074B8A000-memory.dmp
memory/4872-135-0x0000000000400000-0x0000000001554000-memory.dmp
memory/4872-154-0x0000000006820000-0x0000000006979000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicl32.dll
| MD5 | 8f8bf31cc21f2bea82af9ea0cb881c01 |
| SHA1 | 5c6c431faa85c2742ff2efd306dc55b738392dfe |
| SHA256 | 86b915b86b076488404605da1e6bf43bc7b730e3000dfeca52ff1316de928ae9 |
| SHA512 | 38e83963cea77aaa1e7fc2fc321e5ec487eca2de933076f3d540b8bd394b801dce63891b94e6c2fa0f3bbcfdef42d46341fdd9f5272466e6e3a50a490ed60d98 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\msvcr100.dll
| MD5 | f55986f4cd4c675d2bddc5e5c6e1d9d6 |
| SHA1 | ac2808d5f7f54b96ea9430213384d086bec92ada |
| SHA256 | f6fd5a6f4944b6a49eccef6aac1738701fe70c7bdb66d2cc2a4b3f10fe2ccf49 |
| SHA512 | 697995e42ea263041daa7c2c323c32739b1126713df9b8f4c77c055cef36cf51b4c0f55d7e5db9508b3b49430ade76039de18f90d49303a600fb03b67bf3f44d |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\msvcr100.dll
| MD5 | ec684c179ba89160c180cbbc795bedb6 |
| SHA1 | c52350e9807d5a2f0f32fd9ab9325897f07308c4 |
| SHA256 | 799ce2beaf81cbaf677e5f9755162a5d30461dbacedc343255e2f8363b71e021 |
| SHA512 | 9f19a1f9584105a6d2030ea4ec5499f3129024a98be4e2140c5d8308e1edb117d11a7f8d50e2ddafca269531c158998ae85b20f1d3c8d5063c474c647e9f64e4 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicapi.dll
| MD5 | dcde2248d19c778a41aa165866dd52d0 |
| SHA1 | 7ec84be84fe23f0b0093b647538737e1f19ebb03 |
| SHA256 | 9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917 |
| SHA512 | c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcichek.dll
| MD5 | a0b9388c5f18e27266a31f8c5765b263 |
| SHA1 | 906f7e94f841d464d4da144f7c858fa2160e36db |
| SHA256 | 313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a |
| SHA512 | 6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd |
memory/4872-167-0x0000000006820000-0x0000000006979000-memory.dmp
memory/4872-170-0x0000000007950000-0x000000000796B000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\nsm.lic
| MD5 | 7067af414215ee4c50bfcd3ea43c84f0 |
| SHA1 | c331d410672477844a4ca87f43a14e643c863af9 |
| SHA256 | 2050cc232710a2ea6a207bc78d1eac66a4042f2ee701cdfeee5de3ddcdc31d12 |
| SHA512 | 17b888087192bcea9f56128d0950423b1807e294d1c4f953d1bf0f5bd08e5f8e35afeee584ebf9233bfc44e0723db3661911415798159ac118c8a42aaf0b902f |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\htctl32.dll
| MD5 | bdae04bb43583744839d656fdb6b0c46 |
| SHA1 | d03188974b97a1c42f66d6d8601dc69fbf059fae |
| SHA256 | cf196050f83a7af23e8f5da72ad10d9539936d6b5eb684c9cd8b93fbce68395e |
| SHA512 | 629b65147f39ae22ea286585bfa27939acd115c1b6d2e849f1e8ec5e04090725cb8f440fd804f4a00f0964e1a0de812dcc9d581d260d91da9bc395c4258883d4 |
memory/4872-194-0x00000000016A0000-0x00000000016A1000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
| MD5 | 87486e2a69c91123a6aeec69b3481b90 |
| SHA1 | 53982fc795c00a5bff19c6a223a3a8cf47831406 |
| SHA256 | c5f4b4cf3eab65416b9b56818db951d2957a34a0bb5882e83ac94d8d3e40995c |
| SHA512 | 866553350d5abf58f06123bc3ff3347769b7a683a405bb64a04aa9cc5d8e395fd51b65a78efb08fb263f67226a028159e4e972c0f89c463652aee4f5ca041284 |
memory/4872-200-0x0000000006820000-0x0000000006979000-memory.dmp
memory/4872-197-0x0000000006820000-0x0000000006979000-memory.dmp
memory/4872-203-0x0000000006820000-0x0000000006979000-memory.dmp
memory/4872-204-0x0000000006820000-0x0000000006979000-memory.dmp
memory/4872-209-0x0000000006820000-0x0000000006979000-memory.dmp
memory/3332-225-0x0000000006F80000-0x0000000006F99000-memory.dmp
memory/3332-224-0x0000000006C70000-0x0000000006C80000-memory.dmp
memory/3332-223-0x0000000006E70000-0x0000000006E7B000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll
| MD5 | ca2d01c0367373f63419e752bc35b160 |
| SHA1 | af788baed58d45716d2aadc6007e276bf41e4208 |
| SHA256 | 19ff14ef2e7d59722556b4dc483d1fb386340678234acb78178d2c33e5ef4bcf |
| SHA512 | 96f05fff8c1e88a30127a7b67a20c1eb1d6e1d651de46b685dcf5e85a61cd9dc927358164c63002c6af1348494102f27d2d828f014beb8fc2c0f5b7153ee8130 |
memory/3332-227-0x0000000007200000-0x000000000721A000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll
| MD5 | 0c6e5ca2f36b29406f68e19634fc66df |
| SHA1 | cbfdb21b25516c3a708352bab4ebe2bb9ebc5c14 |
| SHA256 | ca3caf771b85e4283f85afa3efc047d5e88b68bdd624051073b3359e3554c327 |
| SHA512 | 6489d05d3df967c539b228617da696fdddd92f6b89367d91e24ec4e31eefdc8351fcf4cc59608d770d4c4f3aae23b0909276872cdbe30b0b9155cacdb54d69c3 |
memory/3332-226-0x0000000000400000-0x0000000001554000-memory.dmp
memory/3332-228-0x0000000074B90000-0x0000000074E9E000-memory.dmp
memory/3332-229-0x0000000073950000-0x00000000747F8000-memory.dmp
memory/3332-230-0x0000000074B20000-0x0000000074B8A000-memory.dmp
memory/3332-231-0x0000000074990000-0x0000000074B1E000-memory.dmp
memory/3332-232-0x0000000074900000-0x000000007498B000-memory.dmp
memory/3332-233-0x00000000748D0000-0x00000000748F3000-memory.dmp
memory/3332-235-0x0000000074800000-0x0000000074837000-memory.dmp
memory/4016-297-0x0000000003200000-0x0000000003236000-memory.dmp
memory/4016-303-0x0000000005A70000-0x0000000006098000-memory.dmp
memory/4016-308-0x0000000005730000-0x0000000005752000-memory.dmp
memory/4016-311-0x0000000006140000-0x00000000061A6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ubox20ac.ed0.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4016-318-0x00000000061B0000-0x0000000006216000-memory.dmp
memory/4016-326-0x0000000006320000-0x0000000006674000-memory.dmp
memory/3332-337-0x0000000001810000-0x0000000001811000-memory.dmp
memory/4016-338-0x0000000006800000-0x000000000681E000-memory.dmp
memory/4016-339-0x0000000006840000-0x000000000688C000-memory.dmp
memory/4016-340-0x0000000070D20000-0x00000000714D0000-memory.dmp
memory/4016-341-0x0000000005430000-0x0000000005440000-memory.dmp
memory/3332-342-0x0000000009250000-0x00000000092DB000-memory.dmp
memory/3332-343-0x0000000003DD0000-0x0000000003DD1000-memory.dmp
memory/4016-344-0x0000000005430000-0x0000000005440000-memory.dmp
memory/3332-345-0x0000000072740000-0x00000000728FE000-memory.dmp
memory/3332-360-0x0000000009250000-0x00000000092DB000-memory.dmp
memory/4016-368-0x0000000005430000-0x0000000005440000-memory.dmp
memory/4016-370-0x000000007F5B0000-0x000000007F5C0000-memory.dmp
memory/4016-371-0x000000006D500000-0x000000006D54C000-memory.dmp
memory/4016-369-0x00000000079D0000-0x0000000007A02000-memory.dmp
memory/4016-381-0x0000000006DB0000-0x0000000006DCE000-memory.dmp
memory/4016-382-0x0000000007AA0000-0x0000000007B43000-memory.dmp
memory/4016-383-0x00000000081D0000-0x000000000884A000-memory.dmp
memory/4016-384-0x0000000007A50000-0x0000000007A6A000-memory.dmp
memory/4016-385-0x0000000007B90000-0x0000000007B9A000-memory.dmp
memory/4016-386-0x0000000007D80000-0x0000000007E16000-memory.dmp
memory/4016-387-0x0000000007D10000-0x0000000007D21000-memory.dmp
memory/4016-388-0x0000000007D40000-0x0000000007D4E000-memory.dmp
memory/4016-389-0x0000000007D50000-0x0000000007D64000-memory.dmp
memory/4016-390-0x0000000007E40000-0x0000000007E5A000-memory.dmp
memory/4016-391-0x0000000007E30000-0x0000000007E38000-memory.dmp
memory/4016-394-0x0000000070D20000-0x00000000714D0000-memory.dmp