Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows10-1703_x64
  • resource
    win10-20231215-en
  • resource tags

    arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01-02-2024 14:39

General

  • Target

    WinIconMakerFreeSetup.msi

  • Size

    35.2MB

  • MD5

    1414b254f44bba8e17b01983dc22adde

  • SHA1

    a12059b028647968a03d9483815dc5c13bb4b841

  • SHA256

    474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045

  • SHA512

    1ea087707ab1f63af26950714d11376bd284984dca4069ab5adf5e35b766b82c6f65447d770ada792a4d1e334e6f5952c0f917e227f3b318986bea819f33e899

  • SSDEEP

    786432:XotrfQO1b8zWttlyhgMglwI4nFbZ2s7i4iOXmditJf0nnPl1x:4trPozWtPyhXJdi4i7EtW91

Malware Config

Signatures

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 56 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in Windows directory 8 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\WinIconMakerFreeSetup.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4408
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3836
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:5024
    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
      "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Maps connected drives based on registry
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2824
      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
        "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:4976
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 1144
          4⤵
          • Program crash
          PID:3360
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2144
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
          4⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2628
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4100
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x3ec
    1⤵
      PID:4196

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e57a161.rbs

      Filesize

      15KB

      MD5

      3a790075193f26ce1d3e1a180d9b865b

      SHA1

      e53d1e50afdf049e0ee724fd305aeb68396c0c36

      SHA256

      a12a56b985a3cf87c5a9b92c0a3910ee7e586ea77347b26f2b8d01a5051e2df7

      SHA512

      8f12438ad28ccbd2b57a7b54edef471966b22aae9b25cf4704f2f5b13ec39bc8e2aef7bd2cfeebc240913be699ef29fce0a9176a3fe9e9c5456e2736f45f4d55

    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll

      Filesize

      239KB

      MD5

      d81b04561c545531363278664ffb7df2

      SHA1

      94f5df73fa2a2c711de44bbe2eeb9fc79dc6db8f

      SHA256

      0eed963b08fd8e8e3f6651f2f03edfcd506af6acc2f7a318b6bbd766f892ccc9

      SHA512

      8b4969ff5059ce0bd0e3164a85c0ad363f3d3268b4191078ed3a8fe104174c16ced0fce0cd25c817c75bf7fa02c370f25b2155a5e6ab06c80efd71192c1791d9

    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe

      Filesize

      590KB

      MD5

      6f7235e1907e395ccdb4b157fc7148bf

      SHA1

      4718676ce76ea8d735aba32dc302c56d3fd81e91

      SHA256

      67fc8156d0df93dfcd29b6c17f08f8f739d689d893b5a9d3295c8f2eaadaaa45

      SHA512

      f148f0f1789d475e292011f83e30630f6ca0f98dadb62d2013ebd8d0be52b76b5c4f831c20c053b65900640b560b6ccbe35018553b3b88cd2c3161c62d9fa468

    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe

      Filesize

      639KB

      MD5

      e2dcb3b41b9c4602e5e0cabf553e25cd

      SHA1

      15af64e90a6dd34c6a375d444d652c50e0562812

      SHA256

      45512e94af43d8caf876e7a3db2a38efa433e08582bbfad12d576edc85e8c150

      SHA512

      c8e187517aa97dc1b2d6089865e85fff63581cdff67f6e5a0064888317e463fc15385f22f1e3670a54aa61a8707525a2394ba1ed97d47b9da6184697027408ec

    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Fitness.raw

      Filesize

      149KB

      MD5

      5628f34c20c22a64d955fd4c2e772b5d

      SHA1

      237d0705c01af5201d7b6fd8cbc3f2a0d7fb18c3

      SHA256

      27335c875e7eb98ba84fe1793209fc0884a705ab2230fa8986682e95ce9b1ae2

      SHA512

      a0a36980b7c7c2b463ef3f2400b63628cbee7a5a563806854e16ebbf025b4d36746fd557b659e76f31e8b2b0b2b33a75070db288c7358bcb5e7ffff7dddde801

    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll

      Filesize

      512KB

      MD5

      9929908fbdf26f03240cd711b2997f04

      SHA1

      ebec8f8a374a85f615636c3757813255eee5d3d0

      SHA256

      fdd1ae70a0f847d81fd55fee85e4acc3812e94675dc133b8ddd742c5c5014a13

      SHA512

      f76e08848ca73e75850fb7a4c59d2e6b21b282f3c8338a60a5c0f9d3bbd530e3a8c962bd119a5bc4221a86eccb6c21e4f50501b9b5362c2ad54a6ef2e4afc1cc

    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ImageZoom.dll

      Filesize

      80KB

      MD5

      c183e1e8366986faeba739f7babd6802

      SHA1

      f064dcb4f72e6d01a7d51098afc7e337dd8f66a8

      SHA256

      908b5e74793ac771d0562017cb274ef775e76f6991cd166702f140f134cec888

      SHA512

      7d27228265be5ecd6e53a8d3a56a9395c5ff4f29f7e20f5b8a43963979dcf707e62ec5c80d787e6cd86e169090563bfcfb8f4f1bced74a5fa88c101ec3a087d8

    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\License.txt

      Filesize

      3KB

      MD5

      cc5d000307075f7c16eb5cf2c8606c8d

      SHA1

      0169dbed302b8a3d142522e6bcb6040609d07232

      SHA256

      66014baaf612e3aa3084b0c9d7fd95041606f6157236ea10e80865e7cee4cab4

      SHA512

      d8cc2a3ae2bda1ad7d07f5ca4645c60d67bbb719ea8c42696e749604205b43fbb8630060924a486fee7f8f38984e53ab9c9016eabf8a548f9eec177d5d8b268e

    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest

      Filesize

      524B

      MD5

      6bb5d2aad0ae1b4a82e7ddf7cf58802a

      SHA1

      70f7482f5f5c89ce09e26d745c532a9415cd5313

      SHA256

      9e0220511d4ebdb014cc17ecb8319d57e3b0fea09681a80d8084aa8647196582

      SHA512

      3ea373dacfd3816405f6268ac05886a7dc8709752c6d955ef881b482176f0671bcdc900906fc1ebdc22e9d349f6d5a8423d19e9e7c0e6f9f16b334c68137df2b

    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest

      Filesize

      548B

      MD5

      ce3ab3bd3ff80fce88dcb0ea3d48a0c9

      SHA1

      c6ba2c252c6d102911015d0211f6cab48095931c

      SHA256

      f7205c5c0a629d0cc60e30e288e339f08616be67b55757d4a403a2b54e23922b

      SHA512

      211e247ea82458fd68bcc91a6731e9e3630a9d5901f4be4af6099ad15a90caf2826e14846951fdd7d3b199994fd3ac97ca9e325cf0dfeb9474aea9b0d6339dd3

    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Player.dll

      Filesize

      83KB

      MD5

      4568e9b4bad0bbf9158c37a78725b9fa

      SHA1

      0e1dd1bb6d8b480f0156611ce2af9b19940f44cf

      SHA256

      fc79407bd297be7ceb2ed2bc1fbcd28274cb476ee9a6baba23e0b4bccc881bbe

      SHA512

      55142b9473593d436ce16e2ca6ccd9531539acbfb653425cc8a622e9c0b4b5111a1c361b846046544aec7bcc52142b06b1d38fa9fd36b098a41af08a05b2da8a

    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Readme.txt

      Filesize

      1KB

      MD5

      969c656269ca1f8437d76200e7620bcd

      SHA1

      80c6b239567b19e358250c8cbda9f100e6b0c28a

      SHA256

      dad36f230fb9f65767b07006df1f73d04ad55863f17c1d0343771ce6c5e2ccfc

      SHA512

      030ba239643d0d2e68283ec428dbf916021b7e3939d2ad7df4ef7101cf581341e50b7900dd6aed32582df8c66539d0d5032106b9e41a95cf2886a25941f15941

    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll

      Filesize

      110KB

      MD5

      55a178d23ba7f883919477a5a4912f19

      SHA1

      3df2334b97931113834869a3ed544aa4a1723851

      SHA256

      d8f8da3c69924f50de0090b0aa5f1f5e56a1205dfe327b3e5fd8aa82ae1d0f33

      SHA512

      31bb4fccf50546bbb16b39eb0fb35d9e1b4e19ef3391f38116b214f76538677924b9841b6ca8831a0a35e0eb044822c56b65cc854dc69f179c622a491005179f

    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SharpWnd.dll

      Filesize

      99KB

      MD5

      612aa2fe81d7157aab281a4dff48c018

      SHA1

      cbfec3a25533cae6e10f0651163dec4d72311171

      SHA256

      ed74fe2065243acdd27db2e138407f12340c5c62b8c833a5854a3ab451396f1a

      SHA512

      c4a3f25327e43e81c89644ee5b4079c8c88d255dbc212fbb99dba2b6f5ce385683cdd48d95ee833313bf8a1252a01d0e9152c6413e57b12d5143d63cbfc6c0bc

    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll

      Filesize

      463KB

      MD5

      16aee6a6f93216b22e2c1d791289ea24

      SHA1

      e7f7d6f5b39909c45bb911ff213289501ac3bdfd

      SHA256

      74b386902860e8fed988777f03e6208d0a15f8593bcb1282f4a9251ac2e32175

      SHA512

      f8bea20923f8c9d03e0c2ec1022ce1172c9f6ec8327443464591a93ef5cf668fa3191f43c74db7a960d89e16419bcd2d12d60e737f77cd63c44b6c89918bd140

    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll

      Filesize

      535KB

      MD5

      77ce9d8173b62fe5b8dc3b4dd5e0f7f3

      SHA1

      223e0978864a6fb81fc56f90f4e00b1ff10c27d4

      SHA256

      913f291f05d962990ff027221f6538dfb38175eaf8606905453027f02aea866c

      SHA512

      e91022234e12f4c9c284b613f129b4d8eb0f78db66ffde4847c78e273564904c15f12d2ed24db291fae5c08cd0d5e3151d4db58a641f5a4b63500e239857c978

    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll

      Filesize

      453KB

      MD5

      9ecbad7da5735a166513d0431af24d34

      SHA1

      e8c8eb97a32f770eb19705421ccee40684f27fa1

      SHA256

      c682cf85a54828438700019bd4f637ec3c701df0fa2b4b460c002f7f2e3b53d1

      SHA512

      ec2f8e46bb5247251a19597623396e76c2d30628922aecbcacc35a5b072cb7c4e89c76a65140102e35592725b7970adc313dcc1ecd68c2f8bd1d85f8f823d60c

    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\awebform.resources.dll

      Filesize

      85KB

      MD5

      b6ba036d9b5aab2b6873a0d7d5e3c798

      SHA1

      1fb75d98a66d83a19cf3761f4a5b30694cf3ea61

      SHA256

      8e4f6ef597296b42711a2eb9e7b8fc825b2b8c3c85126274262ecaf645104148

      SHA512

      1106512f6bb2b4be24b2aa656ab35089ee9b0a44a62e8c49b3079660a314ab0aeaba9631256a8764faa1cf7d7770356e4d683d4fd700649b6b043b4956272997

    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll

      Filesize

      168KB

      MD5

      adbcbd963bd0ac6fcc654557c61b6a0e

      SHA1

      1cd7f13d7ac6cc207b8679679eb112beb90d783c

      SHA256

      bbe16489e6602172fd3437e0cdaad2f9d27ee57e6dc5ab7fd761209be8d3a7e3

      SHA512

      b3ed5cce662a40a9f51342522b445c7808b1084bdb7dd0066ba9dfda75e37b879281d4ee19a009951526492f53dbe91a5d837811828ca7eef4e0c1daf5df02da

    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\nsm.lic

      Filesize

      257B

      MD5

      7067af414215ee4c50bfcd3ea43c84f0

      SHA1

      c331d410672477844a4ca87f43a14e643c863af9

      SHA256

      2050cc232710a2ea6a207bc78d1eac66a4042f2ee701cdfeee5de3ddcdc31d12

      SHA512

      17b888087192bcea9f56128d0950423b1807e294d1c4f953d1bf0f5bd08e5f8e35afeee584ebf9233bfc44e0723db3661911415798159ac118c8a42aaf0b902f

    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll

      Filesize

      14KB

      MD5

      568fb5a591ed21fcc4c215ddf6ee4b6f

      SHA1

      8ea59c94a239ec041650ad4d6d49bf87084d2023

      SHA256

      7230b2a0a48614c72c59477234c6e14e1aa596361b728b3623e1528445afcfb4

      SHA512

      5b421ccbd1cd97bd16546c1ac63a97ec9b6370cd08217f21aac97a4fb9b1bb9b2cb38532def4e158254c9208cdfbf502ea0627367ed7661176cdb47e8520ef21

    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\postproc-52.dll

      Filesize

      92KB

      MD5

      08b0ab27eea60cece35d80e5e61ae699

      SHA1

      6e7d1a59ee4ad7740937573508af7b8c704906ca

      SHA256

      3919152e3903e3b3b47df8718532d48d17c5f3a3eb029343f4cd4033b60e5f7f

      SHA512

      ce01d7426b844f0b04ac64987acbc546b7877fa96b326f208b98fbff8f6c0ac49d774733cc550f06f9788c738c5f2a72e6b058de25f101723bb8264e52f1e2ed

    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll

      Filesize

      410KB

      MD5

      90ea52dc3ae0a34c8ac6c61f67bd031c

      SHA1

      32e8e901dedbf50a85895523fde659eeeeb777e4

      SHA256

      958b43223566bb8c58b4daef118945202a8f8527266d87dca5182f19e5987d60

      SHA512

      9da90b04dbf154b21a1d2129786c5b4cf56711d317020a9f38161343e19c4973f8ea4773a84fb02161d9e9335cf56531234fb64d4ec121d816c1684dd269f597

    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\templates\bank.wav

      Filesize

      86KB

      MD5

      47bc3558b8350133f37090cb25bf61d9

      SHA1

      ca77d34fb5e79e06b1ccfb38b5fcb953317f6778

      SHA256

      3d9637f311a9d6ff5174cfe319fbfc0df41e3a72fe3fc1535eb7582ec57882e4

      SHA512

      bd4085db218e97d42fd85a92fe9e325a0affeebab6ef34e21c92ca94f57399883f163e4a67c3c51983c50dbc13149bfe4079e0a50e551c14a45602bf9a84ccf6

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fn02bqqa.oko.ps1

      Filesize

      1B

      MD5

      c4ca4238a0b923820dcc509a6f75849b

      SHA1

      356a192b7913b04c54574d18c28d46e6395428ab

      SHA256

      6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

      SHA512

      4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

    • C:\Windows\Installer\e57a160.msi

      Filesize

      680KB

      MD5

      7bd33bf9e0ef243a2a00442ca7c322bd

      SHA1

      0bcbd8fd705dd4f04ca39ddd6fe963017f23bee8

      SHA256

      5d5c92b52cd2734153643a4808f5a909379873465d143e9817ee5f41402503ce

      SHA512

      e5a91be3e5c93248938fd1be86d5b158de988e2224869560e77da04131e74061c89e79ab8002e0b17637d8b13e2575fefb16fd2f1e3cb2a70bb98c2301da66a1

    • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

      Filesize

      1.7MB

      MD5

      eaf700ec4bfccdbb87a284b5734d8f88

      SHA1

      ba4e6c4f0c3b1c4c15872145d295bd337e24b781

      SHA256

      1294fd7dde2d3b4ddc1014a49987d52fb63ddc53b69cb782bcebc41add83ce13

      SHA512

      c9400c1d20103f7e058673b720a7e431116cf3c0e526c0ee507de69d642bb301612848493de6106c8a31d7632cb015bb89e3494524e7ca1f66740091683072e8

    • \??\Volume{e50584b5-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{a07160d4-9598-4376-b574-c29f1d5add92}_OnDiskSnapshotProp

      Filesize

      5KB

      MD5

      57540b7da7876816a9b81f88cd7a8397

      SHA1

      3284096020f0c6ca6d9df036951da4520eb826da

      SHA256

      6f59ef043bc8515c1f17c8b903b07abbdf6381f85570e9ad3599977d194f58eb

      SHA512

      a0d8b011d018c54a7df84fad0e72cc916a323eb38802cfe5e4b920857976cd7c2aac2e73a1622b6c81777af2870f861c10498f375e1f9a78626d4e87a18a0cee

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll

      Filesize

      482KB

      MD5

      8305f04394005c2697a7f9e29b38056e

      SHA1

      a1cbd0c9ca32b29c4fdc4be4dd1863c34687ce9d

      SHA256

      32929099c51546a30c244bf0f60f0563e4e58f1ad314e97c9bb672e2978a1b80

      SHA512

      e45917dd5d24344d2abbdb23dd9d456040ed282587305539ac1e3a6b1232ae985d29d5516210ee5467d5a77deaf1308d212a87e432a72edfd2279d51a025aa1b

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll

      Filesize

      99KB

      MD5

      34a023b2aef9d7461933e66207cb460d

      SHA1

      3ffd169fbf0449c2551b3f60e95bf210c4fe1ad6

      SHA256

      35c1e6053084fae711c82193abb5d618d6b14b22a08b3efe0c441d1a9f1c068f

      SHA512

      1800bde8294905c1b7649c3b4cb6a4a13c0516ac2321e7fd388eda5a0e283aba4c0f039c092afb045d70b2917ce9af5c28ecbb5763df7d928ed4df2ace86c11e

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll

      Filesize

      361KB

      MD5

      42caaf0c730b3707227d55e72e4ee3b8

      SHA1

      9de5ad3e3ac7b1b10639822bae5c35b861eb7531

      SHA256

      f8994828a890ee3142b570f6644ec7450bd45098942092d584e0a12849260085

      SHA512

      8015d4786198b6bd23b3b0eee38b7bb87b0b49d78fcfbfc3aa5a7c7a4204bb772583489c1905ad2e85c7bab784e8a8c55a9ae3f276be670a05b438043720a25f

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ImageZoom.dll

      Filesize

      92KB

      MD5

      33b654173a4a25762bdb25339a340035

      SHA1

      c676af949eccef20345f3f4b488d199c2e23961d

      SHA256

      235872c3e84555417a1a6197aa133f544204019cb635b45742272056ceebec42

      SHA512

      f1ad8af26dfa3d1cac9a9d89620a998f01adce1de0021e09ce84271d3a42a899aceb907721e8e8e1c722a78d3a87dccdfc25ffed088b2ea94d68f3c8880b2c00

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Player.dll

      Filesize

      84KB

      MD5

      08c68e4121ceeac71745015bf17126cc

      SHA1

      103792ab800377092aabefbf4b94d0a882afdc3c

      SHA256

      e18254dd1e074eb57971d91ab62502611dee96aba1203f2b21810d8d0e761b3a

      SHA512

      d66c9db8a876260f4b86604dd71a52b72dd91d79b7d1da711c45577b0dddbda8e46802f6184c2cd63a202f58cdb04d51da865968b7b203b8c5c2a76a8cfb5bce

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll

      Filesize

      70KB

      MD5

      30ee27b663d6fdfcd58b5f1dfd00001d

      SHA1

      95c2b6d18903a1f1af26f4a897bbd0f0bf03d719

      SHA256

      16cd35ecbfdbc657e52affc637f023d82f61163975a7841837003e9566fe064c

      SHA512

      61d2f940f15b32cc8237ce1c74311f0bcb26b5a8254b2a424be27adce978ca423a0f2b609d02ba0a31a016a9c3f0ca12f8811a8588c9f3fb532a63313bbfe861

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SharpWnd.dll

      Filesize

      130KB

      MD5

      c338615923a473d6934c222721ad3d3f

      SHA1

      cf48251e1cfd64841c465493e95e98fa99ad0cb1

      SHA256

      6afa6e9fbd9125f8e1a3db3a2ef290012b9645c76c52b5c6e0486d2a16df9db8

      SHA512

      ba40ddebbed3f35db8d929f96d391629f10b98afe4d22c964eb29e43e75a81795cc05d7a83a86a01f7d1b1f57e3ff3f0fd769add961f3b34235b98f010763070

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll

      Filesize

      434KB

      MD5

      ad8c829cedfb3474b8bf0637741a40d6

      SHA1

      fb67461badae23cbcef15e96b388162957f704ac

      SHA256

      0a92d8db1a4409165c7a5c383ae639d28c2b00223e7fa4b6c021a3ff9ebb4db7

      SHA512

      da9620309c31d36292320893f81c1a22ec447bea7fdda40996ca5088a12aa1b4722092cab6efb810856c228a6474158d0097d444b61af30351986739c3b425ec

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll

      Filesize

      417KB

      MD5

      9fd6bb0d558beaa9f07f68d688b8b9fe

      SHA1

      f711bea0891b2e4e39f1ae04a919bb25783c0e94

      SHA256

      e095cd36922d3d85fc1ef4eb3656ce1560d49c09300c820c49ec78343233140d

      SHA512

      be63bc760a08afd25f533c1ee8a2f34c0b4923bf038a5616c51f7b171e19bf01685ac56bb92332780559ba555a0abd6e9ddd848f780ec98340880e57c883127b

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll

      Filesize

      472KB

      MD5

      38480458d98d6535e402a1a1cb101cce

      SHA1

      b3c89109a3f71b9b6ffbc96d4c61574124ba005f

      SHA256

      fc28562905e3b46e27adcdffc4f9e72ca2145dc999323af6d399375549a2412b

      SHA512

      b4a49b64e8fd302b64ab6bcb242c676b3693f6955cf9eec216fae0d6b9aedcb033bc317f3ae3e42cd9b7507610c116157b52c07a65fd0d23d619b054b939ae11

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll

      Filesize

      95KB

      MD5

      c9a34b6b4d9733d1809976792a249c2f

      SHA1

      0d175495ed76d6e63e9943dfe76421a6cc4bf188

      SHA256

      3bba5878f0716ef2596147e4c4b4347df65485ca0b9058d40c4dd1958d05d1b6

      SHA512

      c232941eb599687e934327ed765bfdf99efc7164bb772e3008355969aa08f47caefb75ebe1623ab762268dc22c5b981d68c1fa3290c104f23c8f0bd2f12e08cd

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll

      Filesize

      117KB

      MD5

      8d55e0816a7e5ec7bde531634af40fdc

      SHA1

      c8d9e046860e25773891f2fbde06f3f2552f0ad6

      SHA256

      dc7c2a0b56b81feb77888d9c662cf9f1c8be2ae943730ae9cb7c5e3d21e8b972

      SHA512

      881070c51d1f83bbd264efc09a006a7382d9dbc22180c0be94f56539fe5e30aef9a215b4fad03f52494e4c8129b642446317739ac9df3ee7665264b3f1daccd8

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avutil-52.dll

      Filesize

      327KB

      MD5

      f832d24b70a2f4583c57a5fa9b6f0d68

      SHA1

      092ce5cb6bfe6eadde62c4cfb911eab2474196f8

      SHA256

      67a0f7d47ceff1407b9c4851032346a9b81a75fee6569274f15d092610f04cdc

      SHA512

      41048c023871b485718ae219f0d79bbe01a0704f8d2107d68ead2262e3f66737718afbb636b02109d1a2b427aab04dd394ef82d8014298fa3fdee0c61bfab185

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\awebform.resources.dll

      Filesize

      94KB

      MD5

      698097bef19bea5fc277f275ed70ab4b

      SHA1

      2f65fc8aefe86963b45e0fdd2f7f9aa80727b35e

      SHA256

      c488b06e96820386ab7e5377291dc63a2f7d33defd1ffe14d9d74d48a12c0874

      SHA512

      493a98ee3f4524730e77ef1987416cc64e31d09688ce3091dc87c0a0a638aa890ac7a923a895bca8b85dda131034d8795b7ee0a951e15ffa52d945776ba04918

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll

      Filesize

      83KB

      MD5

      2bc95663320309f1e61c20b7fe224cd6

      SHA1

      e966613bc3de178c0a15244b703c5d6d7ac52fc8

      SHA256

      e55d8637f35cda7d2f1092720a5e667d1b3fbf8462a958067e64f602bfa4c67f

      SHA512

      2d684274c8e3a2515ebc967021a925a602819a7d58d1f90982d12ddd2f5dafefb063cafe0377f5c6549c5ceb5218d60dcb7fc1a47be10202d7f5321f0c3a09c6

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corem.dll

      Filesize

      52KB

      MD5

      71f601f8151e34ef31307ab4e46e902d

      SHA1

      1f3d312e2f4755b7f2decca1dedb91bc795288ea

      SHA256

      deac6221d0abe480012e836e5e9dd915828ae55401f0c46fb7ce8049c380c698

      SHA512

      377e6c9540616cad77cf151a31f6461338910d441a12b26175d8bcc2020eba83f621b0df1756123b58fb4358786fcb6a3e187af11123f100a91255218a616aa9

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corez.dll

      Filesize

      92KB

      MD5

      355f1b97cad97743a8e70dd2803e2f9d

      SHA1

      c7c12bc74483874cbdd39343d149509be355c2d9

      SHA256

      00d4986dfff92cfdd45576da9100d49f374a8dba1a476cfc8dc7cf50f5a6735f

      SHA512

      eb7f8d7b68ab01a95de5aad0023fc4c51c3828138610b488c92ca3ab5c320305f295467972b542c7fe436d08e21ba7926a997702e4383ce5f4cbc674f62479b7

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\htctl32.dll

      Filesize

      282KB

      MD5

      39501769937e6ac47c19da4de6598fa0

      SHA1

      bbb418775e310e580af75e3dbc350da6f7bb2c3c

      SHA256

      4f18c796b58078c86551fd3b1d81a10bd787ac7752774aa27d442daa7d4a9aff

      SHA512

      e8bf4337afe706dc7656afa05c67e9d725d7508f56482a227b9587136f0731a7947b6cc1ccf88818db625e774f25efeaaac311b156e373abe9f2c74ffae7b3d4

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\msvcr100.dll

      Filesize

      553KB

      MD5

      507abbe1875a21cc2aaa56eae5761227

      SHA1

      5401aa1e78a3320f8b46dac6f2a5860db58f0cae

      SHA256

      2c1764c38a706793bfc0a9351371f7ea0fd692067cbda7060ad861a328e971aa

      SHA512

      608edec8daad10ab2b49da3de2846b9ee3b3fc8fae1975cbea90de91bc06c75fd8ad47f0f564d1c95ae22345b504f44f134e01b844dc5a980752f072908ff36d

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\msvcr100.dll

      Filesize

      80KB

      MD5

      9bb5b55ac1cbd9cd721216a20c8077d5

      SHA1

      830d6fe738aa1c6f698086e5465f6653389dcb9b

      SHA256

      26f4065a13ee406aba6de04099724173220b1914d0cbd2b4f713d21dd0d913f4

      SHA512

      3388116a0193e306844cc69a80bea493ffbf7801f6cdc60594bb69262291ce3711b9bc0ec993a9cc550991efa1c39cb2df1aa13507a7f05140a0c5690bd633d4

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicapi.dll

      Filesize

      32KB

      MD5

      dcde2248d19c778a41aa165866dd52d0

      SHA1

      7ec84be84fe23f0b0093b647538737e1f19ebb03

      SHA256

      9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917

      SHA512

      c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcichek.dll

      Filesize

      18KB

      MD5

      a0b9388c5f18e27266a31f8c5765b263

      SHA1

      906f7e94f841d464d4da144f7c858fa2160e36db

      SHA256

      313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a

      SHA512

      6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicl32.dll

      Filesize

      350KB

      MD5

      662c9b5556992d2b08b86ac199c349e9

      SHA1

      e30974fc680707204576521f900ac4f7e2f6dd28

      SHA256

      44ff3e1be542d638b30dbe851d6b73adc8398638c58b4a773e41c41d44eca7fb

      SHA512

      e413b343752d7216a7f7afc875be4a44ddda21b660c6acb00abb4f095907bdb6fbeafa83b7eff4d93b78eb1b82c9b46b22cf3601db8dbaeafe3e248d481e76b6

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll

      Filesize

      45KB

      MD5

      299b887d3ff64ba9d7a98dcd836c35fb

      SHA1

      290c6460e87b7e9abd5cf7036959745fcc2e00d0

      SHA256

      0821f79b8eccfd2b89d1cf393158f9b4f30e51d7a03e3abc1230e3685183beeb

      SHA512

      0cbf5d1e2e07fbd43a21564e420a1508c5ceaac1c3d00876a56733f2406ffcb31480e7b3fb9cb065e99e862e42cbf49a03c0b0ec0d6a25e4a1035ed8a55f2150

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\postproc-52.dll

      Filesize

      123KB

      MD5

      c9f14ea3b7136ff16d5fd374a85aed17

      SHA1

      2466592e6e2ace27b14b36aa1bff78a447a5f0ac

      SHA256

      c108f37b365886449d336e05fd6a4a367e60c02df7ddab988df5ec6ed6cc2353

      SHA512

      f6355dd73385ea3c7b5364728deb984869a25b42b6a7b81b808bbea659a59843adbe7c464f7ddfac60e73241b93d5c071374c4173c7c3a4be1aaf7c7dbe14982

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadGC2.dll

      Filesize

      68KB

      MD5

      6f346d712c867cf942d6b599adb61081

      SHA1

      24d942dfc2d0c7256c50b80204bb30f0d98b887a

      SHA256

      72e6c8dd77fa7e10a7b05ef6c3e21d3f7e4147301b0bf6e416b2d33d4e19a9c3

      SHA512

      1f95a211d5dd3e58d4e2682f6bf2c5380b230e9907e2882097b77b99520cd2c788f43ad2abcce617dd8ded0043e4ef1c8b6e083c44688b23109868e6cdd2364c

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadVC2.dll

      Filesize

      44KB

      MD5

      54aeddc619eed2faeee9533d58f778b9

      SHA1

      ca9d723b87e0c688450b34f2a606c957391fbbf4

      SHA256

      ee15e6e3f82c48461eb638c1ea11019ae9e3e303e067e879115c6272139026e7

      SHA512

      7cec39f32804109b3d502027d1ec42a594c1e4a2d93512195c60bd41aad7e32a8b0eb21a0ee859fecb403ee939eebc4608d9d27a4002b8c282de32f696136506

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swresample-0.dll

      Filesize

      101KB

      MD5

      77bceb240f65c91d26299a334a0cf8e1

      SHA1

      de9d588a25252d9660fe0247508eadfa6f8a7834

      SHA256

      d179c01c646d821cf745ae5e66ffc7ed394a61a595ecc2bccf27dc144ba91a2c

      SHA512

      b380b592c39fd22302fc4a36aa6f773a79253230f0dd73ad129500654dbdf24c5a0b0ae3b2a4ffd762da4f9705a0c8e48ad4372d85cdb6271c5d3f315c82a281

    • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll

      Filesize

      465KB

      MD5

      495e75f94747403a0ae18ac0843d4472

      SHA1

      14df7d195929b8ecdd8783c70c7a7c9fbb537733

      SHA256

      83a4b4f870bc2ebd4f9b1b2d72ce614cc5d95ef02e66a51dd1a79163cdd72b7f

      SHA512

      5c1b3dced257c6b6913a4eb0b6c166dd183e224f160e55ef4244eea4a1faef0a98b28eca9d17b41f43866e04ca1d94858813c94adab61c01f23d7a0e44e0b9b1

    • memory/2628-334-0x0000000007A80000-0x00000000080A8000-memory.dmp

      Filesize

      6.2MB

    • memory/2628-365-0x0000000009D60000-0x0000000009E05000-memory.dmp

      Filesize

      660KB

    • memory/2628-338-0x0000000008460000-0x00000000087B0000-memory.dmp

      Filesize

      3.3MB

    • memory/2628-360-0x0000000009BF0000-0x0000000009C0E000-memory.dmp

      Filesize

      120KB

    • memory/2628-337-0x0000000008330000-0x0000000008396000-memory.dmp

      Filesize

      408KB

    • memory/2628-336-0x0000000008150000-0x00000000081B6000-memory.dmp

      Filesize

      408KB

    • memory/2628-335-0x00000000080B0000-0x00000000080D2000-memory.dmp

      Filesize

      136KB

    • memory/2628-341-0x0000000008C20000-0x0000000008C96000-memory.dmp

      Filesize

      472KB

    • memory/2628-333-0x0000000007440000-0x0000000007450000-memory.dmp

      Filesize

      64KB

    • memory/2628-359-0x000000006C7B0000-0x000000006C7FB000-memory.dmp

      Filesize

      300KB

    • memory/2628-358-0x0000000009C30000-0x0000000009C63000-memory.dmp

      Filesize

      204KB

    • memory/2628-339-0x00000000083C0000-0x00000000083DC000-memory.dmp

      Filesize

      112KB

    • memory/2628-332-0x0000000007440000-0x0000000007450000-memory.dmp

      Filesize

      64KB

    • memory/2628-366-0x0000000007440000-0x0000000007450000-memory.dmp

      Filesize

      64KB

    • memory/2628-367-0x0000000009F30000-0x0000000009FC4000-memory.dmp

      Filesize

      592KB

    • memory/2628-560-0x0000000009EC0000-0x0000000009EDA000-memory.dmp

      Filesize

      104KB

    • memory/2628-565-0x0000000009EB0000-0x0000000009EB8000-memory.dmp

      Filesize

      32KB

    • memory/2628-330-0x0000000007360000-0x0000000007396000-memory.dmp

      Filesize

      216KB

    • memory/2628-593-0x000000006FA60000-0x000000007014E000-memory.dmp

      Filesize

      6.9MB

    • memory/2628-331-0x000000006FA60000-0x000000007014E000-memory.dmp

      Filesize

      6.9MB

    • memory/2628-340-0x0000000008B50000-0x0000000008B9B000-memory.dmp

      Filesize

      300KB

    • memory/2824-145-0x00000000732B0000-0x000000007333B000-memory.dmp

      Filesize

      556KB

    • memory/2824-100-0x0000000006C30000-0x0000000006C49000-memory.dmp

      Filesize

      100KB

    • memory/2824-625-0x0000000071200000-0x00000000713BE000-memory.dmp

      Filesize

      1.7MB

    • memory/2824-68-0x00000000015A0000-0x00000000015A1000-memory.dmp

      Filesize

      4KB

    • memory/2824-108-0x00000000070C0000-0x00000000070DA000-memory.dmp

      Filesize

      104KB

    • memory/2824-209-0x0000000007AF0000-0x0000000007C49000-memory.dmp

      Filesize

      1.3MB

    • memory/2824-115-0x00000000720F0000-0x0000000072F98000-memory.dmp

      Filesize

      14.7MB

    • memory/2824-117-0x0000000072FA0000-0x00000000732AE000-memory.dmp

      Filesize

      3.1MB

    • memory/2824-119-0x00000000733E0000-0x000000007356E000-memory.dmp

      Filesize

      1.6MB

    • memory/2824-125-0x0000000071200000-0x00000000713BE000-memory.dmp

      Filesize

      1.7MB

    • memory/2824-126-0x0000000007AF0000-0x0000000007C49000-memory.dmp

      Filesize

      1.3MB

    • memory/2824-104-0x0000000006C60000-0x0000000006C70000-memory.dmp

      Filesize

      64KB

    • memory/2824-103-0x0000000006C50000-0x0000000006C5B000-memory.dmp

      Filesize

      44KB

    • memory/2824-213-0x0000000007AF0000-0x0000000007C49000-memory.dmp

      Filesize

      1.3MB

    • memory/2824-137-0x0000000007AF0000-0x0000000007C49000-memory.dmp

      Filesize

      1.3MB

    • memory/2824-206-0x0000000007AF0000-0x0000000007C49000-memory.dmp

      Filesize

      1.3MB

    • memory/2824-139-0x0000000007AF0000-0x0000000007C49000-memory.dmp

      Filesize

      1.3MB

    • memory/2824-138-0x0000000007AF0000-0x0000000007C49000-memory.dmp

      Filesize

      1.3MB

    • memory/2824-141-0x0000000000400000-0x0000000001554000-memory.dmp

      Filesize

      17.3MB

    • memory/2824-144-0x0000000073340000-0x0000000073363000-memory.dmp

      Filesize

      140KB

    • memory/2824-147-0x0000000072020000-0x0000000072057000-memory.dmp

      Filesize

      220KB

    • memory/2824-143-0x0000000073370000-0x00000000733DA000-memory.dmp

      Filesize

      424KB

    • memory/2824-203-0x0000000007AF0000-0x0000000007C49000-memory.dmp

      Filesize

      1.3MB

    • memory/2824-191-0x00000000015A0000-0x00000000015A1000-memory.dmp

      Filesize

      4KB

    • memory/2824-175-0x0000000006920000-0x000000000693B000-memory.dmp

      Filesize

      108KB

    • memory/2824-173-0x0000000007AF0000-0x0000000007C49000-memory.dmp

      Filesize

      1.3MB

    • memory/2824-160-0x0000000007AF0000-0x0000000007C49000-memory.dmp

      Filesize

      1.3MB

    • memory/4976-308-0x0000000009050000-0x00000000090DB000-memory.dmp

      Filesize

      556KB

    • memory/4976-307-0x0000000071200000-0x00000000713BE000-memory.dmp

      Filesize

      1.7MB

    • memory/4976-292-0x0000000009050000-0x00000000090DB000-memory.dmp

      Filesize

      556KB

    • memory/4976-293-0x0000000009050000-0x00000000090DB000-memory.dmp

      Filesize

      556KB

    • memory/4976-276-0x0000000071200000-0x00000000713BE000-memory.dmp

      Filesize

      1.7MB

    • memory/4976-275-0x00000000015E0000-0x00000000015E1000-memory.dmp

      Filesize

      4KB

    • memory/4976-238-0x00000000732B0000-0x000000007333B000-memory.dmp

      Filesize

      556KB

    • memory/4976-239-0x0000000073340000-0x0000000073363000-memory.dmp

      Filesize

      140KB

    • memory/4976-241-0x0000000072020000-0x0000000072057000-memory.dmp

      Filesize

      220KB

    • memory/4976-237-0x00000000733E0000-0x000000007356E000-memory.dmp

      Filesize

      1.6MB

    • memory/4976-236-0x0000000073370000-0x00000000733DA000-memory.dmp

      Filesize

      424KB

    • memory/4976-230-0x0000000006B60000-0x0000000006B70000-memory.dmp

      Filesize

      64KB

    • memory/4976-235-0x00000000720F0000-0x0000000072F98000-memory.dmp

      Filesize

      14.7MB

    • memory/4976-231-0x0000000006B70000-0x0000000006B89000-memory.dmp

      Filesize

      100KB

    • memory/4976-234-0x0000000072FA0000-0x00000000732AE000-memory.dmp

      Filesize

      3.1MB

    • memory/4976-232-0x0000000000400000-0x0000000001554000-memory.dmp

      Filesize

      17.3MB

    • memory/4976-229-0x0000000006B50000-0x0000000006B5B000-memory.dmp

      Filesize

      44KB

    • memory/4976-233-0x0000000007090000-0x00000000070AA000-memory.dmp

      Filesize

      104KB