Overview

overview

10

Static

static

1

474fbd180a...45.msi

windows7-x64

10

474fbd180a...45.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-12-2024 14:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045.msi

  • Size

    35.2MB

  • MD5

    1414b254f44bba8e17b01983dc22adde

  • SHA1

    a12059b028647968a03d9483815dc5c13bb4b841

  • SHA256

    474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045

  • SHA512

    1ea087707ab1f63af26950714d11376bd284984dca4069ab5adf5e35b766b82c6f65447d770ada792a4d1e334e6f5952c0f917e227f3b318986bea819f33e899

  • SSDEEP

    786432:XotrfQO1b8zWttlyhgMglwI4nFbZ2s7i4iOXmditJf0nnPl1x:4trPozWtPyhXJdi4i7EtW91

Score
10/10
lummanetsupportdiscoveryexecutionpersistenceprivilege_escalationratstealer

Malware Config

Extracted

Family

lumma

C2

https://secretionsuitcasenioise.shop/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport
  • Netsupport family
    netsupport
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Blocklisted process makes network request 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in Windows directory 8 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 56 IoCs
  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2632
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:444
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:4860
      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
        "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
        2⤵
        • Adds Run key to start application
        • Maps connected drives based on registry
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:4708
        • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
          "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:4960
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1312
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
            4⤵
            • Command and Scripting Interpreter: PowerShell
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            PID:1784
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      PID:3024
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x4ec 0x510
      1⤵
        PID:3116

      Network

      MITRE ATT&CK Enterprise v15

      Reconnaissance

      Resource Development

      Initial Access

      Execution

      Command and Scripting Interpreter

      1
      T1059

      PowerShell

      1
      T1059.001

      Persistence

      Boot or Logon Autostart Execution

      1
      T1547

      Registry Run Keys / Startup Folder

      1
      T1547.001

      Event Triggered Execution

      1
      T1546

      Installer Packages

      1
      T1546.016

      Privilege Escalation

      Boot or Logon Autostart Execution

      1
      T1547

      Registry Run Keys / Startup Folder

      1
      T1547.001

      Event Triggered Execution

      1
      T1546

      Installer Packages

      1
      T1546.016

      Defense Evasion

      Modify Registry

      1
      T1112

      System Binary Proxy Execution

      1
      T1218

      Msiexec

      1
      T1218.007

      Credential Access

      Discovery

      Peripheral Device Discovery

      3
      T1120

      Query Registry

      3
      T1012

      System Information Discovery

      3
      T1082

      System Location Discovery

      1
      T1614

      System Language Discovery

      1
      T1614.001

      Lateral Movement

      Collection

      Command and Control

      Exfiltration

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Config.Msi\e57b595.rbs
        Filesize

        15KB

        MD5

        f77b27feb6351b3a6ad940573df2d84e

        SHA1

        69d69b1e474186082a4af17d23b06e67b5b9c4e1

        SHA256

        3f1e700cff6fdc4b8b63b36d71bf4645fee99ecc4cdb556875b679bdb4165b10

        SHA512

        1ceb6267ec0a0de9ba93587d22266559d9bc33dca46599428d276fe8fc4b7ce859451ecc433ad7b004dcd2765ef67f1114494f69c165e74f8289ff8324265f59

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll
        Filesize

        3.2MB

        MD5

        00098438ab2cc364ce45d98902fb2b2a

        SHA1

        2a88a24a659f9a7962a4b6602b96d12249d2c790

        SHA256

        bffea8bdb7811b3d52473c07ef2c539dcac00df6bce60c7cafebf8c7beefa52b

        SHA512

        ca430ad171f53bbf3e7d670a9ba2961e3a0777abb640fa64cb722a1eb434f4c86bb71e2b3f6be9f1e3081e13a21fb38fb491a53134e9ac84f71c5fec237abf5b

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
        Filesize

        17.3MB

        MD5

        b39fb3cf854f8628c2f38298e0965687

        SHA1

        5931c9f88231e2cbb86010224a4d8604809e7fc7

        SHA256

        fa203e315d9cf5190da708dea03ff34c1df172c992df671aa3db2f5513a70d76

        SHA512

        133c98145e4bc2012198593bfe23c0b3b965a69e3bec7eab4718832daf9013cbe96f040acd64ea0b1d46631ef96c1f779b7f0d5b1b5ca32c14b20c5b8995c2b2

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Fitness.raw
        Filesize

        5.8MB

        MD5

        67565ca5e464eb4cf970fcff3d73d28a

        SHA1

        9ad642857222691f9e532727233d42a2ffa98330

        SHA256

        f8f5766d57653559927075c6328e613ea292a4da0e185feafbe3d353ef9cb27b

        SHA512

        7123d2177ec3250c85870f4ab51799ae506ad711528c298963396d5b90d93260bbeacc085b4d7a93c640a35b0d2de3873e72a8f23f75ada3378fe7ab34cc422c

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll
        Filesize

        543KB

        MD5

        3e837b82501aa2f90cc774890656d02b

        SHA1

        a62e967c006f6bf77fbe489b01ea30993e55fe5d

        SHA256

        c85ca44b1ff1ad0af0ca3daf5f2302498846f3fdc2f48c6c7262f08280c6f5fc

        SHA512

        a4a55fc0ef6ae87c5c73489993e2dc6e0e36f783de79dd7894966df3ebe13ae8341a5fe15dd0e26c72865b4a936247f34b08342769edd0a94ba2b90164b0d27d

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ImageZoom.dll
        Filesize

        283KB

        MD5

        b01a100820095dc05fdaa0d1c3b5ca14

        SHA1

        70af3c7337248cd4dc8c65d5ba1d18d3fba926b0

        SHA256

        ee7205fa96539f9d9e62f5a403a06004c6c7235b7caee368dcb0db3a765c21ad

        SHA512

        883891959202294edceb3a6360f450182d59e097bb4b0f9fe18b5316c6591aee04d0cd5bf01c1b23d1727b59eeee7c148e56eea2a7436902170993318386933a

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\License.txt
        Filesize

        3KB

        MD5

        cc5d000307075f7c16eb5cf2c8606c8d

        SHA1

        0169dbed302b8a3d142522e6bcb6040609d07232

        SHA256

        66014baaf612e3aa3084b0c9d7fd95041606f6157236ea10e80865e7cee4cab4

        SHA512

        d8cc2a3ae2bda1ad7d07f5ca4645c60d67bbb719ea8c42696e749604205b43fbb8630060924a486fee7f8f38984e53ab9c9016eabf8a548f9eec177d5d8b268e

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
        Filesize

        524B

        MD5

        6bb5d2aad0ae1b4a82e7ddf7cf58802a

        SHA1

        70f7482f5f5c89ce09e26d745c532a9415cd5313

        SHA256

        9e0220511d4ebdb014cc17ecb8319d57e3b0fea09681a80d8084aa8647196582

        SHA512

        3ea373dacfd3816405f6268ac05886a7dc8709752c6d955ef881b482176f0671bcdc900906fc1ebdc22e9d349f6d5a8423d19e9e7c0e6f9f16b334c68137df2b

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest
        Filesize

        548B

        MD5

        ce3ab3bd3ff80fce88dcb0ea3d48a0c9

        SHA1

        c6ba2c252c6d102911015d0211f6cab48095931c

        SHA256

        f7205c5c0a629d0cc60e30e288e339f08616be67b55757d4a403a2b54e23922b

        SHA512

        211e247ea82458fd68bcc91a6731e9e3630a9d5901f4be4af6099ad15a90caf2826e14846951fdd7d3b199994fd3ac97ca9e325cf0dfeb9474aea9b0d6339dd3

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Player.dll
        Filesize

        84KB

        MD5

        08c68e4121ceeac71745015bf17126cc

        SHA1

        103792ab800377092aabefbf4b94d0a882afdc3c

        SHA256

        e18254dd1e074eb57971d91ab62502611dee96aba1203f2b21810d8d0e761b3a

        SHA512

        d66c9db8a876260f4b86604dd71a52b72dd91d79b7d1da711c45577b0dddbda8e46802f6184c2cd63a202f58cdb04d51da865968b7b203b8c5c2a76a8cfb5bce

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Readme.txt
        Filesize

        1KB

        MD5

        969c656269ca1f8437d76200e7620bcd

        SHA1

        80c6b239567b19e358250c8cbda9f100e6b0c28a

        SHA256

        dad36f230fb9f65767b07006df1f73d04ad55863f17c1d0343771ce6c5e2ccfc

        SHA512

        030ba239643d0d2e68283ec428dbf916021b7e3939d2ad7df4ef7101cf581341e50b7900dd6aed32582df8c66539d0d5032106b9e41a95cf2886a25941f15941

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll
        Filesize

        1.2MB

        MD5

        71e603e402afd0fdba84a781c9934446

        SHA1

        b3a529f7e470e478a77404846d17c1ad2ff017cb

        SHA256

        5ff3186465a347ce8a13991fdb659f77ee21ae5dc9813b9fb2aadafda8a86491

        SHA512

        45aba98b564e4c18bc8fccb71ad4cf1f03770a916c074c1cbf8546f1385dba6e041c67fd870f792a5eec233b8d19bbbe4c4d047015266ac5c060caf037af9c28

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SharpWnd.dll
        Filesize

        281KB

        MD5

        a555f73041756d249093a1d6a6f28448

        SHA1

        bc75a0047342fb157047c19193c02a8149187656

        SHA256

        2ad9292c875cb8b71a437b0da803d07867d2ed8deae4568f2be1f623755d5b60

        SHA512

        cb2166fcf3a73e60fef9b90102f6aba3a913cc0e84ca0a5c4cd43c52d21ad1696040215b302d2a46d61599024679cb2477fdaffedcc88396ae9c7ff1c649c84d

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll
        Filesize

        9.3MB

        MD5

        54b0221dc97992b5170cac659aa60ae6

        SHA1

        8a0df459f134cee59cc442c3d98386fc2f6a532c

        SHA256

        b66dadc8e64a0179e7af465800092937ecb020dba8f0b12efe7001d004b9ca7b

        SHA512

        cecea736365373a5ebfecf18e2fd4d8a0052cb14e31247461cac99d8b0d50c50139fb610e68553379aba3e6839cb314b02b4c84e2313f44758d864066078f464

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll
        Filesize

        1.5MB

        MD5

        6b007bedabaa20fb6d445bc62f1091d3

        SHA1

        d3905661051c4415ac92bd5492100a5f2df6f659

        SHA256

        bfc20232c4ecf4aece403d005624c82a64a2d54d5d84720341dc6d45b3522ba5

        SHA512

        7b0cb0959434437f31ab3e6df721be412de003979f19a66d3855ee4c87fe8a79d5cc4b42e6cf453be9289575854d2176d2bfff88a9308f5ab9f0895c0a899cfa

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll
        Filesize

        3.0MB

        MD5

        fb9763ac3b3f51551b4a77e833c395fb

        SHA1

        9a3f8e9225f214b31b4e703fe428b0537a7cac63

        SHA256

        c0fb1896ee5838e9f8bd1e4495367baffa0e71aa2d3785944d5b470f29aec53a

        SHA512

        6eecdf0d290e259fcb1c8aa9da5f3ca32f760c9039b84b11f40b63b39b1119152bde54d2c6e1c7d0a1af9f64c6a340501f934000a2f3e232612f525dd9b0c7fd

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avutil-52.dll
        Filesize

        327KB

        MD5

        f832d24b70a2f4583c57a5fa9b6f0d68

        SHA1

        092ce5cb6bfe6eadde62c4cfb911eab2474196f8

        SHA256

        67a0f7d47ceff1407b9c4851032346a9b81a75fee6569274f15d092610f04cdc

        SHA512

        41048c023871b485718ae219f0d79bbe01a0704f8d2107d68ead2262e3f66737718afbb636b02109d1a2b427aab04dd394ef82d8014298fa3fdee0c61bfab185

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\awebform.resources.dll
        Filesize

        481KB

        MD5

        0e77bfad6b92733c3296a04719375901

        SHA1

        982674869e2e76ee10937e946aad828ebea818ff

        SHA256

        87810c5d06310b6e61398314300646a0582fad7a99dba8368a06c886a59a38af

        SHA512

        391f6558d5b3241b1e1490763c80633b288e0b8a770815116530b352fb81ab7d18784d9103669c903e6b5b501cb8a062517dc599609bb269b86bf16cb8e8e7bf

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll
        Filesize

        3.2MB

        MD5

        bfcb8be288b3b1535c878fac14033351

        SHA1

        9a2af6064e694f7d58f078a9e52e24e0a9448de9

        SHA256

        0c1310f92e0bd207d6c2b1e7d45d527038612849d94a1f97ce0290fb4916a711

        SHA512

        e9c0a86f25118af21f3227c17f8d803f4623221481cf9ab5b8c7c9929681044ae0955df1b4d8c0cc004f71a3c74c56c2fea888e25ae5f9ce0fa0124eead5ffc5

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corem.dll
        Filesize

        52KB

        MD5

        71f601f8151e34ef31307ab4e46e902d

        SHA1

        1f3d312e2f4755b7f2decca1dedb91bc795288ea

        SHA256

        deac6221d0abe480012e836e5e9dd915828ae55401f0c46fb7ce8049c380c698

        SHA512

        377e6c9540616cad77cf151a31f6461338910d441a12b26175d8bcc2020eba83f621b0df1756123b58fb4358786fcb6a3e187af11123f100a91255218a616aa9

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corez.dll
        Filesize

        92KB

        MD5

        355f1b97cad97743a8e70dd2803e2f9d

        SHA1

        c7c12bc74483874cbdd39343d149509be355c2d9

        SHA256

        00d4986dfff92cfdd45576da9100d49f374a8dba1a476cfc8dc7cf50f5a6735f

        SHA512

        eb7f8d7b68ab01a95de5aad0023fc4c51c3828138610b488c92ca3ab5c320305f295467972b542c7fe436d08e21ba7926a997702e4383ce5f4cbc674f62479b7

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\htctl32.dll
        Filesize

        320KB

        MD5

        2d3b207c8a48148296156e5725426c7f

        SHA1

        ad464eb7cf5c19c8a443ab5b590440b32dbc618f

        SHA256

        edfe2b923bfb5d1088de1611401f5c35ece91581e71503a5631647ac51f7d796

        SHA512

        55c791705993b83c9b26a8dbd545d7e149c42ee358ecece638128ee271e85b4fdbfd6fbae61d13533bf39ae752144e2cc2c5edcda955f18c37a785084db0860c

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\msvcr100.dll
        Filesize

        755KB

        MD5

        0e37fbfa79d349d672456923ec5fbbe3

        SHA1

        4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

        SHA256

        8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

        SHA512

        2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\nsm.lic
        Filesize

        257B

        MD5

        7067af414215ee4c50bfcd3ea43c84f0

        SHA1

        c331d410672477844a4ca87f43a14e643c863af9

        SHA256

        2050cc232710a2ea6a207bc78d1eac66a4042f2ee701cdfeee5de3ddcdc31d12

        SHA512

        17b888087192bcea9f56128d0950423b1807e294d1c4f953d1bf0f5bd08e5f8e35afeee584ebf9233bfc44e0723db3661911415798159ac118c8a42aaf0b902f

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicapi.dll
        Filesize

        32KB

        MD5

        dcde2248d19c778a41aa165866dd52d0

        SHA1

        7ec84be84fe23f0b0093b647538737e1f19ebb03

        SHA256

        9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917

        SHA512

        c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcichek.dll
        Filesize

        18KB

        MD5

        a0b9388c5f18e27266a31f8c5765b263

        SHA1

        906f7e94f841d464d4da144f7c858fa2160e36db

        SHA256

        313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a

        SHA512

        6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicl32.dll
        Filesize

        3.6MB

        MD5

        00587238d16012152c2e951a087f2cc9

        SHA1

        c4e27a43075ce993ff6bb033360af386b2fc58ff

        SHA256

        63aa18c32af7144156e7ee2d5ba0fa4f5872a7deb56894f6f96505cbc9afe6f8

        SHA512

        637950a1f78d3f3d02c30a49a16e91cf3dfccc59104041876789bd7fdf9224d187209547766b91404c67319e13d1606da7cec397315495962cbf3e2ccd5f1226

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll
        Filesize

        1.7MB

        MD5

        3f7663206ef2069d0cc16cc1e813d7aa

        SHA1

        2ef1cc5457cb36b4e50de36a9a86b8c7ddf02092

        SHA256

        7896a7429e431a74eb43be3a235dfd1d6625e8634f6ad247c2eb13e8d3d298ff

        SHA512

        2e9f33bb0f776168e600d90a1fea188bc30d587e140b0cb2479384b347aa034152f242ff61e26f8e3fccaf473a2e940641e3db16570dfb1c15b5bc80f8593e34

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\postproc-52.dll
        Filesize

        185KB

        MD5

        f75d1b175e1687ee0a9b9e4a7abd123b

        SHA1

        026f4db79aa8db651964acf17233302d1809de1e

        SHA256

        72180a408b13b7d98c0bc2395b886a5c3aa0b2dea39ef081e193f60ef373365f

        SHA512

        200aec20c95b1ec2e7d1bb33ed89d846a128847b82c9d09aa2788b258967e750718414f05bdec0cf2e4f9c7af697404e19caccac354a1a62db52e76c6a45886b

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadGC2.dll
        Filesize

        68KB

        MD5

        6f346d712c867cf942d6b599adb61081

        SHA1

        24d942dfc2d0c7256c50b80204bb30f0d98b887a

        SHA256

        72e6c8dd77fa7e10a7b05ef6c3e21d3f7e4147301b0bf6e416b2d33d4e19a9c3

        SHA512

        1f95a211d5dd3e58d4e2682f6bf2c5380b230e9907e2882097b77b99520cd2c788f43ad2abcce617dd8ded0043e4ef1c8b6e083c44688b23109868e6cdd2364c

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadVC2.dll
        Filesize

        44KB

        MD5

        54aeddc619eed2faeee9533d58f778b9

        SHA1

        ca9d723b87e0c688450b34f2a606c957391fbbf4

        SHA256

        ee15e6e3f82c48461eb638c1ea11019ae9e3e303e067e879115c6272139026e7

        SHA512

        7cec39f32804109b3d502027d1ec42a594c1e4a2d93512195c60bd41aad7e32a8b0eb21a0ee859fecb403ee939eebc4608d9d27a4002b8c282de32f696136506

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swresample-0.dll
        Filesize

        101KB

        MD5

        77bceb240f65c91d26299a334a0cf8e1

        SHA1

        de9d588a25252d9660fe0247508eadfa6f8a7834

        SHA256

        d179c01c646d821cf745ae5e66ffc7ed394a61a595ecc2bccf27dc144ba91a2c

        SHA512

        b380b592c39fd22302fc4a36aa6f773a79253230f0dd73ad129500654dbdf24c5a0b0ae3b2a4ffd762da4f9705a0c8e48ad4372d85cdb6271c5d3f315c82a281

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll
        Filesize

        490KB

        MD5

        2985c39796fb4a5f4357a1a7a134ad45

        SHA1

        305dc537a03e0137a529dc30bfd2fc6c185402a3

        SHA256

        4f17b1ceea162390f64f54a3d13de4bb9e553da1e51ae7061545b7843ddad9ca

        SHA512

        4764dbf01defe417d587adbee16901bf374e0548d4a00f4f977f058dbe00c54712fd25162e1bf1986b55521cc2f005e7ed8e78db15e6cabfddc6b6924ec423b8

        Download Submit

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\templates\bank.wav
        Filesize

        4.0MB

        MD5

        a60d3072a719260abb73a4011ff30642

        SHA1

        cfbf6fac5fdedd793c902b31359c7c94d8e85b52

        SHA256

        523e7e3cc6be48a5f8ac28517a68557ce7d051d047c84d868a00e21ca600c1c8

        SHA512

        425d425e78829b98476fe72b82204423aa52b64b7a0aca92550b371291e557118b3445c28d5494980539e894e1126380dd837eebcaaedfffddd36aaddaf717b9

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vud1axcj.zwd.ps1
        Filesize

        60B

        MD5

        d17fe0a3f47be24a6453e9ef58c94641

        SHA1

        6ab83620379fc69f80c0242105ddffd7d98d5d9d

        SHA256

        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

        SHA512

        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

        Download Submit

      • C:\Windows\Installer\e57b594.msi
        Filesize

        35.2MB

        MD5

        1414b254f44bba8e17b01983dc22adde

        SHA1

        a12059b028647968a03d9483815dc5c13bb4b841

        SHA256

        474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045

        SHA512

        1ea087707ab1f63af26950714d11376bd284984dca4069ab5adf5e35b766b82c6f65447d770ada792a4d1e334e6f5952c0f917e227f3b318986bea819f33e899

        Download Submit

      • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
        Filesize

        24.1MB

        MD5

        5825f51cd8eddd501563f069c0bc6a92

        SHA1

        5779189368639209bf6bd743131e58e1aca606d4

        SHA256

        abeb434c238cf8f123cc863c4afeee1ac5f0bf4c7c36737f1fd4d54cb2deb9ea

        SHA512

        7170085ea4c7a71f8b0ab8de607488c0061973f10c4491e925aa40772a102678eb976769c0c319563d478026922adf480c4ec328bcb8cd9a4bce9063395cc69a

        Download Submit

      • \??\Volume{ff55cfe6-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{2a5f855d-7f72-4696-8f45-a30c52ec7311}_OnDiskSnapshotProp
        Filesize

        6KB

        MD5

        2f135f3f520a250e525c714cb6939691

        SHA1

        699c88056918a1f8ef0dbf9a8c96d695530ffca7

        SHA256

        b64b5ea4f090c3388bc34cfb3f19381738a185a6abb6433fb399faac3e505e9e

        SHA512

        95177984ac26202281c2a809c21389d45cae215577a0027122e1b72ae60dda55699dac1edb39efbe042d81233eded777156e4e38e67706d9f1dcc94268041097

        Download Submit

      • memory/1784-343-0x0000000007390000-0x0000000007433000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1784-331-0x0000000006960000-0x0000000006992000-memory.dmp

        Filesize

        200KB

        Download

      • memory/1784-349-0x0000000007910000-0x000000000791E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/1784-348-0x00000000078E0000-0x00000000078F1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/1784-347-0x0000000007950000-0x00000000079E6000-memory.dmp

        Filesize

        600KB

        Download

      • memory/1784-346-0x0000000007760000-0x000000000776A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/1784-345-0x00000000076E0000-0x00000000076FA000-memory.dmp

        Filesize

        104KB

        Download

      • memory/1784-344-0x0000000007D20000-0x000000000839A000-memory.dmp

        Filesize

        6.5MB

        Download

      • memory/1784-314-0x0000000002DD0000-0x0000000002E06000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1784-342-0x00000000069A0000-0x00000000069BE000-memory.dmp

        Filesize

        120KB

        Download

      • memory/1784-332-0x000000006CD40000-0x000000006CD8C000-memory.dmp

        Filesize

        304KB

        Download

      • memory/1784-350-0x0000000007920000-0x0000000007934000-memory.dmp

        Filesize

        80KB

        Download

      • memory/1784-330-0x00000000063F0000-0x000000000643C000-memory.dmp

        Filesize

        304KB

        Download

      • memory/1784-329-0x00000000063B0000-0x00000000063CE000-memory.dmp

        Filesize

        120KB

        Download

      • memory/1784-328-0x0000000005F70000-0x00000000062C4000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/1784-351-0x0000000007A10000-0x0000000007A2A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/1784-352-0x0000000007A00000-0x0000000007A08000-memory.dmp

        Filesize

        32KB

        Download

      • memory/1784-318-0x0000000005D50000-0x0000000005DB6000-memory.dmp

        Filesize

        408KB

        Download

      • memory/1784-317-0x0000000005CE0000-0x0000000005D46000-memory.dmp

        Filesize

        408KB

        Download

      • memory/1784-316-0x0000000005B40000-0x0000000005B62000-memory.dmp

        Filesize

        136KB

        Download

      • memory/1784-315-0x0000000005510000-0x0000000005B38000-memory.dmp

        Filesize

        6.2MB

        Download

      • memory/4708-112-0x0000000071F00000-0x00000000720BE000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/4708-131-0x0000000074350000-0x000000007465E000-memory.dmp

        Filesize

        3.1MB

        Download

      • memory/4708-366-0x0000000071F00000-0x00000000720BE000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/4708-134-0x0000000074090000-0x00000000740B3000-memory.dmp

        Filesize

        140KB

        Download

      • memory/4708-137-0x00000000740C0000-0x000000007414B000-memory.dmp

        Filesize

        556KB

        Download

      • memory/4708-130-0x0000000000400000-0x0000000001554000-memory.dmp

        Filesize

        17.3MB

        Download

      • memory/4708-136-0x0000000073FC0000-0x0000000073FF7000-memory.dmp

        Filesize

        220KB

        Download

      • memory/4708-138-0x0000000073110000-0x0000000073FB8000-memory.dmp

        Filesize

        14.7MB

        Download

      • memory/4708-133-0x0000000074150000-0x00000000742DE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4708-132-0x00000000742E0000-0x000000007434A000-memory.dmp

        Filesize

        424KB

        Download

      • memory/4708-149-0x0000000008050000-0x00000000081A9000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/4708-123-0x0000000008050000-0x00000000081A9000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/4708-113-0x0000000008050000-0x00000000081A9000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/4708-125-0x0000000008050000-0x00000000081A9000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/4708-187-0x0000000008050000-0x00000000081A9000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/4708-191-0x0000000008050000-0x00000000081A9000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/4708-192-0x0000000008050000-0x00000000081A9000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/4708-100-0x00000000071C0000-0x00000000071DA000-memory.dmp

        Filesize

        104KB

        Download

      • memory/4708-162-0x0000000008050000-0x00000000081A9000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/4708-161-0x0000000008050000-0x00000000081A9000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/4708-94-0x0000000006D10000-0x0000000006D1B000-memory.dmp

        Filesize

        44KB

        Download

      • memory/4960-227-0x0000000074150000-0x00000000742DE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4960-202-0x0000000071F00000-0x00000000720BE000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/4960-204-0x0000000008850000-0x00000000089A9000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/4960-301-0x0000000071F00000-0x00000000720BE000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/4960-211-0x0000000008850000-0x00000000089A9000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/4960-224-0x0000000074350000-0x000000007465E000-memory.dmp

        Filesize

        3.1MB

        Download

      • memory/4960-201-0x00000000070D0000-0x00000000070EA000-memory.dmp

        Filesize

        104KB

        Download

      • memory/4960-228-0x00000000740C0000-0x000000007414B000-memory.dmp

        Filesize

        556KB

        Download

      • memory/4960-229-0x0000000074090000-0x00000000740B3000-memory.dmp

        Filesize

        140KB

        Download

      • memory/4960-231-0x0000000073FC0000-0x0000000073FF7000-memory.dmp

        Filesize

        220KB

        Download

      • memory/4960-226-0x00000000742E0000-0x000000007434A000-memory.dmp

        Filesize

        424KB

        Download

      • memory/4960-208-0x0000000008850000-0x00000000089A9000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/4960-210-0x0000000008850000-0x00000000089A9000-memory.dmp

        Filesize

        1.3MB

        Download