f972e0585513e0f18ea89b5eb3208892974f0c0f6c359449c5d491d63e3b6bbe

Analysis

max time kernel
29s
max time network
36s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/10/2024, 00:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

winiso/winiso.exe
Size

6.7MB
MD5

ffe131a36defcc2054e7478f15ba6f75
SHA1

8588e0a8c76facedb15e9bc1dfb7c58404d40620
SHA256

3af0ffef5beddcd906f5ac52a89a9b70834c79b0123623e2adcaed5206e7466b
SHA512

780922d941c62f847cc4b263712aa85f23bd3a5d96e2662629349354a6b0bc2ac09e609474e4e8990fc2cd7f25ab2dad6f54a3dde71d411bc64da9aab30fd6b7
SSDEEP

196608:1MNnpS2rQnelFLLbCGRt6Hqf0LC9sV7DuYHemav0zd+ZsWCBkQ0rfL:1M1pS2rRFLLxySf2+Syvi+mFSL

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\drivers\WinisoCDBus.sys	wmnt.exe
File created	C:\Windows\system32\drivers\WinisoCDBus.sys	wmnt.exe

Executes dropped EXE 4 IoCs

pid	Process
1168	wmnt.exe
3020	winiso.exe
1800	winiso.exe
1824	updater.exe

Loads dropped DLL 64 IoCs

pid	Process
584	winiso.exe
584	winiso.exe
584	winiso.exe
584	winiso.exe
584	winiso.exe
584	winiso.exe
3020	winiso.exe
3020	winiso.exe
3020	winiso.exe
3020	winiso.exe
3020	winiso.exe
3020	winiso.exe
3020	winiso.exe
3020	winiso.exe
3020	winiso.exe
3020	winiso.exe
3020	winiso.exe
3020	winiso.exe
3020	winiso.exe
3020	winiso.exe
3020	winiso.exe
3020	winiso.exe
3020	winiso.exe
3020	winiso.exe
3020	winiso.exe
3020	winiso.exe
3020	winiso.exe
3020	winiso.exe
3020	winiso.exe
3020	winiso.exe
3020	winiso.exe
3020	winiso.exe
3020	winiso.exe
584	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe
1800	winiso.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 56 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\WinISO Computing\WinISO\Resources\langs\de.qm	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\QtNetwork4.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\filesystem\cdfs.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\uninst.exe	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\Resources\langs\es.qm	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\filesystem\udf.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\imageformats\qgif4.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\setup\setup.exe	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\Resources\langs\id.qm	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\Resources\langs\it.qm	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\baseio.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\codecs\qkrcodecs4.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\core\core.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\mnt\WinisoCDBus32.sys	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\mnt\wmnt.exe	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\Resources\langs\ko.qm	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\format\nrg.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\Resources\aff.dat	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\Resources\langs\en.qm	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\Resources\langs\pl.qm	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\msvcp100.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\updater.exe	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\Resources\meta.dat	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\Resources\langs\ar.qm	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\icores.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\codecs\qcncodecs4.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\Resources\langs\fr.qm	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\QtGui4.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\format\ccd.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\mnt\WinisoCDBus64.sys	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\Resources\langs\ru.qm	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\libeay32.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\Resources\langs\zh_CN.qm	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\imageformats\qjpeg4.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\Resources\langs\hu.qm	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\Resources\langs\pt_BR.qm	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\Resources\langs\tr.qm	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\codecs\qjpcodecs4.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\Resources\style.bin	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\codecs\qtwcodecs4.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\format\cue.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\format\drive.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\winiso.exe	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\filesystem\hfsplus.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\imageformats\qsvg4.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\imageformats\qico4.dll	winiso.exe
File opened for modification	C:\Program Files (x86)\WinISO Computing\WinISO\website.url	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\Resources\langs\es_MX.qm	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\Resources\langs\ja.qm	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\Resources\langs\zh_TW.qm	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\QtCore4.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\msvcr100.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\updater.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\format\iso.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\format\mds.dll	winiso.exe
File created	C:\Program Files (x86)\WinISO Computing\WinISO\bin\mnt\mnt.dll	winiso.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winiso.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winiso.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmnt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winiso.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinISO.iso\shell\open\command\ = "\"C:\\Program Files (x86)\\WinISO Computing\\WinISO\\bin\\winiso.exe\" \"%1\""	winiso.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinISO.iso\shell\edit	winiso.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinISO.iso\DefaultIcon	winiso.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinISO.iso	winiso.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinISO.iso\DefaultIcon\ = "\"C:\\Program Files (x86)\\WinISO Computing\\WinISO\\bin\\icores.dll\",-1"	winiso.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinISO.iso\shell\open\command	winiso.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinISO.iso\shell	winiso.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinISO.iso\shell\open	winiso.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinISO.iso\shell\edit\command	winiso.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinISO.iso\shell\edit\command\ = "\"C:\\Program Files (x86)\\WinISO Computing\\WinISO\\bin\\winiso.exe\" \"%1\""	winiso.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
468	Process not Found

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1824	updater.exe
1824	updater.exe
1824	updater.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1824	updater.exe
1824	updater.exe
1824	updater.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3020	winiso.exe
1800	winiso.exe
1824	updater.exe
1824	updater.exe
1824	updater.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 584 wrote to memory of 1168	584	winiso.exe	30
PID 584 wrote to memory of 1168	584	winiso.exe	30
PID 584 wrote to memory of 1168	584	winiso.exe	30
PID 584 wrote to memory of 1168	584	winiso.exe	30
PID 584 wrote to memory of 3020	584	winiso.exe	32
PID 584 wrote to memory of 3020	584	winiso.exe	32
PID 584 wrote to memory of 3020	584	winiso.exe	32
PID 584 wrote to memory of 3020	584	winiso.exe	32
PID 1800 wrote to memory of 1824	1800	winiso.exe	34
PID 1800 wrote to memory of 1824	1800	winiso.exe	34
PID 1800 wrote to memory of 1824	1800	winiso.exe	34
PID 1800 wrote to memory of 1824	1800	winiso.exe	34
PID 1800 wrote to memory of 1824	1800	winiso.exe	34
PID 1800 wrote to memory of 1824	1800	winiso.exe	34
PID 1800 wrote to memory of 1824	1800	winiso.exe	34

C:\Users\Admin\AppData\Local\Temp\winiso\winiso.exe
"C:\Users\Admin\AppData\Local\Temp\winiso\winiso.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:584
- C:\Program Files (x86)\WinISO Computing\WinISO\bin\mnt\wmnt.exe
  "C:\Program Files (x86)\WinISO Computing\WinISO\bin\mnt\wmnt.exe" /install
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1168
- C:\Program Files (x86)\WinISO Computing\WinISO\bin\winiso.exe
  "C:\Program Files (x86)\WinISO Computing\WinISO\bin\winiso.exe" -install
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3020

C:\Program Files (x86)\WinISO Computing\WinISO\bin\winiso.exe
"C:\Program Files (x86)\WinISO Computing\WinISO\bin\winiso.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1800
- C:\Users\Admin\AppData\Local\WinISO Computing\WinISO\update_2318\bin\updater.exe
  "C:\Users\Admin\AppData\Local\WinISO Computing\WinISO\update_2318\bin\updater.exe" winavi_upd_29345
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\WinISO Computing\WinISO\Resources\aff.dat

Filesize
312B

MD5
03a0dd68100b5343aace52308787308a

SHA1
865a2e03f65f88b140817b1f7942790d2a0ef751

SHA256
b4ae553a177904eaec83abc7856c20f0b3c7f272395de4817a3c97bb769fb5aa

SHA512
d1f5066538da075c1ba191aaa4cd2e6c1a9d2d2517a889d5e555a301ea91ba37f9d3cecb03b973c2cec3bbe14776a95f38b0fd86b162f1cfc1062ff9a9e800e2

Download Submit
C:\Program Files (x86)\WinISO Computing\WinISO\Resources\meta.dat

Filesize
514B

MD5
b77aa34e00db54aa019cc5116dba31cd

SHA1
2576f5b051cf6f1caef9f80e1b3f30de8a742ee9

SHA256
1854bf921ce97a6d9e52e47e5b6ae8eafe7261eee98cb29e66f70859c02cee3d

SHA512
32d6071eeda21c4ca9a076940340b02823cbbe8216781da33a6482bd01b3488e99c3a20e2e5f8ddbc11cbbe04a00e67b89210c341e44854d7cceb985b4e8bbd1

Download Submit
C:\Program Files (x86)\WinISO Computing\WinISO\bin\LIBEAY32.dll

Filesize
1.1MB

MD5
19db2790aece5b15d5d26899674d29f5

SHA1
6b00e74ca106a72b509dc5e73afab5460712a790

SHA256
ec796c58fa7c46d51eb0e81039cff02ea62c381cbc0477ae283e0da6c3ca0046

SHA512
97206cea3ab357743242ef06d462033b48774cbb6e04708d15c4efa60035c2587d5a2fed1995909be524d2f523e6fcbe73aff942a52da7854c9e32f77c4b0e67

Download Submit
C:\Program Files (x86)\WinISO Computing\WinISO\bin\MSVCR100.dll

Filesize
755KB

MD5
0e37fbfa79d349d672456923ec5fbbe3

SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

Download Submit
C:\Program Files (x86)\WinISO Computing\WinISO\bin\QtCore4.dll

Filesize
2.5MB

MD5
38076ac0f13aef3aebee2b63125e4470

SHA1
928e64ed4f551d9f406d7ea4a32fef70ca080d86

SHA256
74ae26018084791df388f702063519cdaec65b22675cf57c96281eb95b63d119

SHA512
7b1681899c44f53911de267c0af830e4bfc5081b92bb51f55e57e179d6e622ccfe1878367e433852f211e61179fd192ce4cdcb3ce27698843bc05ee642ce26ee

Download Submit
C:\Program Files (x86)\WinISO Computing\WinISO\bin\QtGui4.dll

Filesize
8.2MB

MD5
ed555c555ddfc9567ae5ab6cc7cbc604

SHA1
ba38ad7539315b51c3809326fae2f4045b818a0e

SHA256
76b3292006d9e9f0adb21eda44de5a10d76833162a138cdade2a2fad8e4d60f3

SHA512
0f2709521dd61b3a5861493e47a52559c0a30c2385117476874587b3b4857e52d08c255d5c4d4e879a93082720f18a4b6b31d7c848598954dcf8bf171e742109

Download Submit
C:\Program Files (x86)\WinISO Computing\WinISO\bin\QtNetwork4.dll

Filesize
1.0MB

MD5
cc21b79dd81dc8eba20b1180601d0b00

SHA1
ce998a7a99a3a093e9cffd0ad0a039c81ac6898c

SHA256
d8d16f347d54333e74a5dc7ee64af89010251605f1968de1d2ef7c5983892e76

SHA512
faf42be6c8938bea30b5557c63cfa12306e37b2a8d1d181fca82634f41982efbbd91cc374b4efd9c03329b1af0e6b947c2ed1d310f16bb16602476e70f33121e

Download Submit
C:\Program Files (x86)\WinISO Computing\WinISO\bin\filesystem\cdfs.dll

Filesize
75KB

MD5
4b1c96c85be3d4120dc12f27c80a4864

SHA1
414075f7f9daef2ef00b3e2bad4f0bad4c591c51

SHA256
79ca326e98c50f6f88142dc12ccf17dc5f9fef08f03cec6b9c6e614a2f87bfbd

SHA512
17111db8a9e05d6e3c4742d815f63728cf0c5cf8bd211121e7cbd869ca8ef186bd5b90a40ec4738338e2475734d750511734708c64a338bf260ab928da11a1ce

Download Submit
C:\Program Files (x86)\WinISO Computing\WinISO\bin\filesystem\hfsplus.dll

Filesize
50KB

MD5
1a2ef3e48c704a746c5f0db12ea5b67b

SHA1
b307a91f57f616d08dabf550f41b6c6e4b127565

SHA256
23f599058e32ed2fa906155ca0d5b3866943bb25eb32d384ddf4d71901980740

SHA512
5ad3296328b9ffed94ea9c0c5282d11caf975055ec54071f2e23739e03eeded13dbee27da52f766a1236cae43f00825e65bed5ef31532e01d82388ebc189b80a

Download Submit
C:\Program Files (x86)\WinISO Computing\WinISO\bin\filesystem\udf.dll

Filesize
59KB

MD5
805cd44b8bea7725c5b73f91e3653109

SHA1
f268f53f75ac19c7ecae57a877cb409a878b8064

SHA256
18648e73f3876dca78a2686dd1c39cf36b118bb206e1900f1219bb61b0c64ca5

SHA512
b391f32454f752e7022ce782bc49043df6deb0c83176eef30b4eab0e4df3522568084c566ca41a24b9d587a89d6b7999fadf5db7f0411dafcb34850c50660e3a

Download Submit
C:\Program Files (x86)\WinISO Computing\WinISO\bin\format\ccd.dll

Filesize
33KB

MD5
1f769ec639cd4fd66aa354104712aa76

SHA1
52b3a157add9f928c0960c7cd6920a84a54a1180

SHA256
edfeb462b279dc221aaa11f10f97c504470fa9e527ad563c2faf645ece81f4e4

SHA512
f138de5ff25d19e09074a58c3f24d69e201f6b3a248d79cfb44d8e8d55de67becdfd58fa9245ad024583471105eaba90cf350068119c1fe23996bfc8652a996b

Download Submit
C:\Program Files (x86)\WinISO Computing\WinISO\bin\format\drive.dll

Filesize
24KB

MD5
1243ed2bc7f617fdd0c0be2a5bd1216d

SHA1
3459be9ab3d2c14d0bce345b898bde598e7cae13

SHA256
8971be20966f83f1a011fceae010bb2ff33713ed15fe1bf112dd981f0569d1ec

SHA512
5e5c6ac2443e3544ca5c8dcac79b22528cea90cfd5931441da64ad9e1c0093ff4d1f4096364a8183e41c6fbefbafa55adf99ee83aa21677283e781e242edabe8

Download Submit
C:\Program Files (x86)\WinISO Computing\WinISO\bin\format\mds.dll

Filesize
29KB

MD5
2043229a2b394d299d510265c7975048

SHA1
d525de3ee5895feba7aad1a1ba4051e0d7a4db21

SHA256
99a36a6b4772b138f141e8cdedb124f63fda57376c44b1ba0c94034df3560ef9

SHA512
a58f3c6d5de92a82ec91168fed08b485b7d0d19c368e77bea28b0b8b332afd64f15fa037c691f4cacf02e351362153c62d173483eee4536343f275a4e1d798dc

Download Submit
C:\Program Files (x86)\WinISO Computing\WinISO\bin\format\nrg.dll

Filesize
22KB

MD5
69a7cdcb8446dca614d50bc0c25e6252

SHA1
17d422e6c2edd60624a81c923a26824f413faee4

SHA256
b43916e92710d3006b98da2a5684c68fd528e1bb498ffa750941465266dc0834

SHA512
8d218300427b06665d581409e117fc367e335d38e186db6c42f090baf7af05ca2d21246107132a784772e56c8c10ccc600e4ce056201d8a2549cf379ea56d35f

Download Submit
C:\Program Files (x86)\WinISO Computing\WinISO\bin\mnt\WinisoCDBus64.sys

Filesize
199KB

MD5
bc67c1e4b36063968e54c3b2e4db8978

SHA1
480044bd0dbe69a2c85b52cc612908128d2cdc00

SHA256
ff4725171c6d4bde6b258fd19949c7d624f1f8693a26ab1e2e04103fc46484cb

SHA512
d45f2a7a7cf5b732a48b21ab176820952986c97f7b036d4d47684b453ac9848d2d3a25b8422b05af52997f4ccc3027fe1a110114bf9b7c4a64285d38b64f0035

Download Submit
C:\Program Files (x86)\WinISO Computing\WinISO\setup\setup.exe

Filesize
6.7MB

MD5
ffe131a36defcc2054e7478f15ba6f75

SHA1
8588e0a8c76facedb15e9bc1dfb7c58404d40620

SHA256
3af0ffef5beddcd906f5ac52a89a9b70834c79b0123623e2adcaed5206e7466b

SHA512
780922d941c62f847cc4b263712aa85f23bd3a5d96e2662629349354a6b0bc2ac09e609474e4e8990fc2cd7f25ab2dad6f54a3dde71d411bc64da9aab30fd6b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso8FF1.tmp\modern-wizard.bmp

Filesize
150KB

MD5
1f7d268bb8cde42daf81f3b6d57124ac

SHA1
090b91413bb22e61ff7318826d75d4c680ea477d

SHA256
1dfc772f08d40b658a5d9df77f75286ae7419b395f66b0973071045a18a1f4b9

SHA512
d7154feb7d2661c683f10f41e6155ccc9cf26bc925df8d8e35f521179118b22be63a043f23673e10045b5a16242bedfa44d27eeb8c5d04bee15577499f5abdc1

Download Submit
C:\Users\Admin\AppData\Local\WinISO Computing\WinISO\update_2318\bin\updater.exe

Filesize
107KB

MD5
d64e326a83156b326f3777a5967c851b

SHA1
d5170bac88cfc4ca496a412e3c0fd50f338c43a3

SHA256
6d2394d950007dca6b666dbb4aceb862d4ea9405a453674c342a9a920b20b9e1

SHA512
5378acd0db7e11d060f934789f86bc9b36faf80b7a901760023f5d9eadc213172d6cf28a5778c55c8bef0e0dea91caa866101f7b4a671f33b4afc92e8a927a90

Download Submit
\Program Files (x86)\WinISO Computing\WinISO\bin\baseio.dll

Filesize
48KB

MD5
e37eea0f9c47f5bd9e7110521e21f709

SHA1
5901616e486e5bec9db629cb9b7bb65f4bc8f9af

SHA256
5d1242a1ef8e05946ea60f838e221ddc2a4d504bc33fa13d44704fc43a0f33ce

SHA512
fcd9cc2cdf295126c7ec52bf293a6e2b06daa073400157b35308f31ccb82ac163d507d87fe04b28956199c3ba3973854975745081030c2cdb22f5ad7ccea9255

Download Submit
\Program Files (x86)\WinISO Computing\WinISO\bin\core\core.dll

Filesize
115KB

MD5
316373abde9dd560975cb8ba7f793bee

SHA1
00027a1d88537fba615cf6ea3b47ac45c68c4e58

SHA256
366cef6ac37bd894c28ea4641e077355686113d405aee59db7744b4911f01874

SHA512
4efec249d239a870ec9d8dc8d246197b2ec6445dba1a87973ae4bdc7d9a9e5d5f2cf1d376602d00a211874be0782812638a4b1d61ebdcb8d4fe68ec0f4799c89

Download Submit
\Program Files (x86)\WinISO Computing\WinISO\bin\format\cue.dll

Filesize
26KB

MD5
8cf1a353feabbc527f6d04c9ff72f860

SHA1
91108777ee16c8bb0e3fcad1cbf026190ade2339

SHA256
469c8683066865c1715ce9e6675afece8e06abfc87edb5ac83fe89d22d3a9c77

SHA512
a3e9f00180035cf2729d87b8efea2a4dde45bc199b09ec3287f2c078271618d8634c26a96a4d71f0022aebb27d957bd9946ce06dc2d283cd4702b20ac0560514

Download Submit
\Program Files (x86)\WinISO Computing\WinISO\bin\format\iso.dll

Filesize
14KB

MD5
a4551723687de9b63d81ab6268857fa1

SHA1
a831131005bb9d2f85c0497ae05a14d93d402920

SHA256
cbf2b2d80fcda644914449d6f9dde64827d70988724f2631f6e51a12cd06b4cb

SHA512
20aa75ff0f9f684bc22200fae1237ecd02f274258875ccef4b13c894f270a6ccd2ad52acaf2224b918d2382b63b744075dcb2e289ee9a61669f53ba594eaf385

Download Submit
\Program Files (x86)\WinISO Computing\WinISO\bin\mnt\wmnt.exe

Filesize
101KB

MD5
662c67d895dcaa61fdf89244694aa0f8

SHA1
3a9a16141cb497c76cc17a3ea709bac50766a6e3

SHA256
549fa43526e6ad5327af7e2643beb30fc3c42427cdcade103ec29bb3aad33fee

SHA512
ac254dae72e2e790cede25392a3b302d54352fe068d502214ef61975db8f7c9c7c65bb942ff4f6d5650a68f96fdf569c3f830a7efc900a8b6fb888ce9c87bcc1

Download Submit
\Program Files (x86)\WinISO Computing\WinISO\bin\msvcp100.dll

Filesize
411KB

MD5
bc83108b18756547013ed443b8cdb31b

SHA1
79bcaad3714433e01c7f153b05b781f8d7cb318d

SHA256
b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671

SHA512
6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011

Download Submit
\Program Files (x86)\WinISO Computing\WinISO\bin\winiso.exe

Filesize
1.1MB

MD5
2ef62a82c049c1e31062569d34483bba

SHA1
b58535ff35a411013e7a43266b514e0dbdbcb132

SHA256
a54b13bf30c2ecc761314d88da2464acb83bddee0c1d3ff68557f1d315290a0c

SHA512
a924aae002a5823f45b6b18258f61de98d3622bfc75e6e72155f56da6c47f58cc389ffb410716cb46b71cb2afed5cf610563c0e6462dd230550a731309287f35

Download Submit
\Users\Admin\AppData\Local\Temp\nso8FF1.tmp\ShellExecAsUser.dll

Filesize
8KB

MD5
b097e2c1d916411e3a32031e4d4e9481

SHA1
15e3db5b2263c53f545451e19d11a005f4650eda

SHA256
fd16be229c013ba83d757b88974f9c1f01834eb8158e32f68c8042bdd156077a

SHA512
ee33900f3911953b0b4ce9624a3a45bcd171316048f4b6c5f048ebe1249ccaf8fb77c62077c0a40405a658733d764b8bf83046f77c00593cedaae183dbe21549

Download Submit
\Users\Admin\AppData\Local\Temp\nso8FF1.tmp\System.dll

Filesize
11KB

MD5
959ea64598b9a3e494c00e8fa793be7e

SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0

SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

Download Submit
\Users\Admin\AppData\Local\Temp\nso8FF1.tmp\nsDialogs.dll

Filesize
9KB

MD5
f7b92b78f1a00a872c8a38f40afa7d65

SHA1
872522498f69ad49270190c74cf3af28862057f2

SHA256
2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e

SHA512
3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79

Download Submit
memory/584-200-0x0000000000710000-0x0000000000712000-memory.dmp

Filesize
8KB

Download