Malware Analysis Report

2024-10-23 16:16

Sample ID 240201-r1ljnsffe7
Target WinIconMakerFreeSetup.zip
SHA256 34695d42d3d51e9099a78c92e578b38ad46e2eefc6953ab45727c66ba75559cc
Tags
netsupport persistence rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

34695d42d3d51e9099a78c92e578b38ad46e2eefc6953ab45727c66ba75559cc

Threat Level: Known bad

The file WinIconMakerFreeSetup.zip was found to be: Known bad.

Malicious Activity Summary

netsupport persistence rat

NetSupport

Loads dropped DLL

Executes dropped EXE

Maps connected drives based on registry

Adds Run key to start application

Enumerates connected drives

Blocklisted process makes network request

Drops file in Windows directory

Program crash

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Uses Volume Shadow Copy service COM API

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-01 14:40

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-01 14:39

Reported

2024-02-01 14:43

Platform

win10-20231215-en

Max time kernel

147s

Max time network

151s

Command Line

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\WinIconMakerFreeSetup.msi

Signatures

NetSupport

rat netsupport

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\IObit Workshop Ultimate = "C:\\Users\\Admin\\AppData\\Local\\Programs\\WinIcon Maker Free\\CPPlayer.exe" C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A

Maps connected drives based on registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum\0 C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSIA393.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57a162.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57a160.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e57a160.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{DCE33C24-54AC-4134-8C0C-AA3D26865F9C} C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3836 wrote to memory of 5024 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 3836 wrote to memory of 5024 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 3836 wrote to memory of 2824 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
PID 3836 wrote to memory of 2824 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
PID 3836 wrote to memory of 2824 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
PID 2824 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
PID 2824 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
PID 2824 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
PID 2824 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe C:\Windows\SysWOW64\cmd.exe
PID 2824 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe C:\Windows\SysWOW64\cmd.exe
PID 2824 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe C:\Windows\SysWOW64\cmd.exe
PID 2144 wrote to memory of 2628 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2144 wrote to memory of 2628 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2144 wrote to memory of 2628 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\WinIconMakerFreeSetup.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe

"C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3ec

C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe

"C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 1144

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 198.178.17.96.in-addr.arpa udp
US 128.138.140.44:37 tcp
US 8.8.8.8:53 44.140.138.128.in-addr.arpa udp
MD 5.181.156.118:443 tcp
US 8.8.8.8:53 geo.netsupportsoftware.com udp
US 104.26.0.231:80 geo.netsupportsoftware.com tcp
US 8.8.8.8:53 118.156.181.5.in-addr.arpa udp
US 8.8.8.8:53 231.0.26.104.in-addr.arpa udp
US 128.138.140.44:37 tcp
US 8.8.8.8:53 telldruggcommitetter.shop udp
US 104.21.5.9:443 telldruggcommitetter.shop tcp
US 8.8.8.8:53 gemcreedarticulateod.shop udp
US 172.67.152.52:443 gemcreedarticulateod.shop tcp
US 8.8.8.8:53 secretionsuitcasenioise.shop udp
US 8.8.8.8:53 9.5.21.104.in-addr.arpa udp
US 8.8.8.8:53 52.152.67.172.in-addr.arpa udp
US 188.114.96.2:443 secretionsuitcasenioise.shop tcp
US 8.8.8.8:53 claimconcessionrebe.shop udp
US 172.67.199.120:443 claimconcessionrebe.shop tcp
US 8.8.8.8:53 liabilityarrangemenyit.shop udp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 188.114.96.2:443 liabilityarrangemenyit.shop tcp
US 8.8.8.8:53 120.199.67.172.in-addr.arpa udp
N/A 127.0.0.1:49932 tcp
N/A 127.0.0.1:50087 tcp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 4.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 tcp

Files

\??\Volume{e50584b5-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{a07160d4-9598-4376-b574-c29f1d5add92}_OnDiskSnapshotProp

MD5 57540b7da7876816a9b81f88cd7a8397
SHA1 3284096020f0c6ca6d9df036951da4520eb826da
SHA256 6f59ef043bc8515c1f17c8b903b07abbdf6381f85570e9ad3599977d194f58eb
SHA512 a0d8b011d018c54a7df84fad0e72cc916a323eb38802cfe5e4b920857976cd7c2aac2e73a1622b6c81777af2870f861c10498f375e1f9a78626d4e87a18a0cee

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 eaf700ec4bfccdbb87a284b5734d8f88
SHA1 ba4e6c4f0c3b1c4c15872145d295bd337e24b781
SHA256 1294fd7dde2d3b4ddc1014a49987d52fb63ddc53b69cb782bcebc41add83ce13
SHA512 c9400c1d20103f7e058673b720a7e431116cf3c0e526c0ee507de69d642bb301612848493de6106c8a31d7632cb015bb89e3494524e7ca1f66740091683072e8

C:\Config.Msi\e57a161.rbs

MD5 3a790075193f26ce1d3e1a180d9b865b
SHA1 e53d1e50afdf049e0ee724fd305aeb68396c0c36
SHA256 a12a56b985a3cf87c5a9b92c0a3910ee7e586ea77347b26f2b8d01a5051e2df7
SHA512 8f12438ad28ccbd2b57a7b54edef471966b22aae9b25cf4704f2f5b13ec39bc8e2aef7bd2cfeebc240913be699ef29fce0a9176a3fe9e9c5456e2736f45f4d55

C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe

MD5 e2dcb3b41b9c4602e5e0cabf553e25cd
SHA1 15af64e90a6dd34c6a375d444d652c50e0562812
SHA256 45512e94af43d8caf876e7a3db2a38efa433e08582bbfad12d576edc85e8c150
SHA512 c8e187517aa97dc1b2d6089865e85fff63581cdff67f6e5a0064888317e463fc15385f22f1e3670a54aa61a8707525a2394ba1ed97d47b9da6184697027408ec

C:\Windows\Installer\e57a160.msi

MD5 7bd33bf9e0ef243a2a00442ca7c322bd
SHA1 0bcbd8fd705dd4f04ca39ddd6fe963017f23bee8
SHA256 5d5c92b52cd2734153643a4808f5a909379873465d143e9817ee5f41402503ce
SHA512 e5a91be3e5c93248938fd1be86d5b158de988e2224869560e77da04131e74061c89e79ab8002e0b17637d8b13e2575fefb16fd2f1e3cb2a70bb98c2301da66a1

memory/2824-68-0x00000000015A0000-0x00000000015A1000-memory.dmp

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll

MD5 34a023b2aef9d7461933e66207cb460d
SHA1 3ffd169fbf0449c2551b3f60e95bf210c4fe1ad6
SHA256 35c1e6053084fae711c82193abb5d618d6b14b22a08b3efe0c441d1a9f1c068f
SHA512 1800bde8294905c1b7649c3b4cb6a4a13c0516ac2321e7fd388eda5a0e283aba4c0f039c092afb045d70b2917ce9af5c28ecbb5763df7d928ed4df2ace86c11e

C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll

MD5 d81b04561c545531363278664ffb7df2
SHA1 94f5df73fa2a2c711de44bbe2eeb9fc79dc6db8f
SHA256 0eed963b08fd8e8e3f6651f2f03edfcd506af6acc2f7a318b6bbd766f892ccc9
SHA512 8b4969ff5059ce0bd0e3164a85c0ad363f3d3268b4191078ed3a8fe104174c16ced0fce0cd25c817c75bf7fa02c370f25b2155a5e6ab06c80efd71192c1791d9

C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\postproc-52.dll

MD5 08b0ab27eea60cece35d80e5e61ae699
SHA1 6e7d1a59ee4ad7740937573508af7b8c704906ca
SHA256 3919152e3903e3b3b47df8718532d48d17c5f3a3eb029343f4cd4033b60e5f7f
SHA512 ce01d7426b844f0b04ac64987acbc546b7877fa96b326f208b98fbff8f6c0ac49d774733cc550f06f9788c738c5f2a72e6b058de25f101723bb8264e52f1e2ed

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll

MD5 2bc95663320309f1e61c20b7fe224cd6
SHA1 e966613bc3de178c0a15244b703c5d6d7ac52fc8
SHA256 e55d8637f35cda7d2f1092720a5e667d1b3fbf8462a958067e64f602bfa4c67f
SHA512 2d684274c8e3a2515ebc967021a925a602819a7d58d1f90982d12ddd2f5dafefb063cafe0377f5c6549c5ceb5218d60dcb7fc1a47be10202d7f5321f0c3a09c6

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadVC2.dll

MD5 54aeddc619eed2faeee9533d58f778b9
SHA1 ca9d723b87e0c688450b34f2a606c957391fbbf4
SHA256 ee15e6e3f82c48461eb638c1ea11019ae9e3e303e067e879115c6272139026e7
SHA512 7cec39f32804109b3d502027d1ec42a594c1e4a2d93512195c60bd41aad7e32a8b0eb21a0ee859fecb403ee939eebc4608d9d27a4002b8c282de32f696136506

memory/2824-108-0x00000000070C0000-0x00000000070DA000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll

MD5 55a178d23ba7f883919477a5a4912f19
SHA1 3df2334b97931113834869a3ed544aa4a1723851
SHA256 d8f8da3c69924f50de0090b0aa5f1f5e56a1205dfe327b3e5fd8aa82ae1d0f33
SHA512 31bb4fccf50546bbb16b39eb0fb35d9e1b4e19ef3391f38116b214f76538677924b9841b6ca8831a0a35e0eb044822c56b65cc854dc69f179c622a491005179f

memory/2824-115-0x00000000720F0000-0x0000000072F98000-memory.dmp

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SharpWnd.dll

MD5 c338615923a473d6934c222721ad3d3f
SHA1 cf48251e1cfd64841c465493e95e98fa99ad0cb1
SHA256 6afa6e9fbd9125f8e1a3db3a2ef290012b9645c76c52b5c6e0486d2a16df9db8
SHA512 ba40ddebbed3f35db8d929f96d391629f10b98afe4d22c964eb29e43e75a81795cc05d7a83a86a01f7d1b1f57e3ff3f0fd769add961f3b34235b98f010763070

memory/2824-117-0x0000000072FA0000-0x00000000732AE000-memory.dmp

memory/2824-119-0x00000000733E0000-0x000000007356E000-memory.dmp

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ImageZoom.dll

MD5 33b654173a4a25762bdb25339a340035
SHA1 c676af949eccef20345f3f4b488d199c2e23961d
SHA256 235872c3e84555417a1a6197aa133f544204019cb635b45742272056ceebec42
SHA512 f1ad8af26dfa3d1cac9a9d89620a998f01adce1de0021e09ce84271d3a42a899aceb907721e8e8e1c722a78d3a87dccdfc25ffed088b2ea94d68f3c8880b2c00

C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll

MD5 568fb5a591ed21fcc4c215ddf6ee4b6f
SHA1 8ea59c94a239ec041650ad4d6d49bf87084d2023
SHA256 7230b2a0a48614c72c59477234c6e14e1aa596361b728b3623e1528445afcfb4
SHA512 5b421ccbd1cd97bd16546c1ac63a97ec9b6370cd08217f21aac97a4fb9b1bb9b2cb38532def4e158254c9208cdfbf502ea0627367ed7661176cdb47e8520ef21

memory/2824-125-0x0000000071200000-0x00000000713BE000-memory.dmp

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll

MD5 299b887d3ff64ba9d7a98dcd836c35fb
SHA1 290c6460e87b7e9abd5cf7036959745fcc2e00d0
SHA256 0821f79b8eccfd2b89d1cf393158f9b4f30e51d7a03e3abc1230e3685183beeb
SHA512 0cbf5d1e2e07fbd43a21564e420a1508c5ceaac1c3d00876a56733f2406ffcb31480e7b3fb9cb065e99e862e42cbf49a03c0b0ec0d6a25e4a1035ed8a55f2150

memory/2824-126-0x0000000007AF0000-0x0000000007C49000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\templates\bank.wav

MD5 47bc3558b8350133f37090cb25bf61d9
SHA1 ca77d34fb5e79e06b1ccfb38b5fcb953317f6778
SHA256 3d9637f311a9d6ff5174cfe319fbfc0df41e3a72fe3fc1535eb7582ec57882e4
SHA512 bd4085db218e97d42fd85a92fe9e325a0affeebab6ef34e21c92ca94f57399883f163e4a67c3c51983c50dbc13149bfe4079e0a50e551c14a45602bf9a84ccf6

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\awebform.resources.dll

MD5 698097bef19bea5fc277f275ed70ab4b
SHA1 2f65fc8aefe86963b45e0fdd2f7f9aa80727b35e
SHA256 c488b06e96820386ab7e5377291dc63a2f7d33defd1ffe14d9d74d48a12c0874
SHA512 493a98ee3f4524730e77ef1987416cc64e31d09688ce3091dc87c0a0a638aa890ac7a923a895bca8b85dda131034d8795b7ee0a951e15ffa52d945776ba04918

C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\awebform.resources.dll

MD5 b6ba036d9b5aab2b6873a0d7d5e3c798
SHA1 1fb75d98a66d83a19cf3761f4a5b30694cf3ea61
SHA256 8e4f6ef597296b42711a2eb9e7b8fc825b2b8c3c85126274262ecaf645104148
SHA512 1106512f6bb2b4be24b2aa656ab35089ee9b0a44a62e8c49b3079660a314ab0aeaba9631256a8764faa1cf7d7770356e4d683d4fd700649b6b043b4956272997

C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SharpWnd.dll

MD5 612aa2fe81d7157aab281a4dff48c018
SHA1 cbfec3a25533cae6e10f0651163dec4d72311171
SHA256 ed74fe2065243acdd27db2e138407f12340c5c62b8c833a5854a3ab451396f1a
SHA512 c4a3f25327e43e81c89644ee5b4079c8c88d255dbc212fbb99dba2b6f5ce385683cdd48d95ee833313bf8a1252a01d0e9152c6413e57b12d5143d63cbfc6c0bc

C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ImageZoom.dll

MD5 c183e1e8366986faeba739f7babd6802
SHA1 f064dcb4f72e6d01a7d51098afc7e337dd8f66a8
SHA256 908b5e74793ac771d0562017cb274ef775e76f6991cd166702f140f134cec888
SHA512 7d27228265be5ecd6e53a8d3a56a9395c5ff4f29f7e20f5b8a43963979dcf707e62ec5c80d787e6cd86e169090563bfcfb8f4f1bced74a5fa88c101ec3a087d8

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll

MD5 30ee27b663d6fdfcd58b5f1dfd00001d
SHA1 95c2b6d18903a1f1af26f4a897bbd0f0bf03d719
SHA256 16cd35ecbfdbc657e52affc637f023d82f61163975a7841837003e9566fe064c
SHA512 61d2f940f15b32cc8237ce1c74311f0bcb26b5a8254b2a424be27adce978ca423a0f2b609d02ba0a31a016a9c3f0ca12f8811a8588c9f3fb532a63313bbfe861

C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Player.dll

MD5 4568e9b4bad0bbf9158c37a78725b9fa
SHA1 0e1dd1bb6d8b480f0156611ce2af9b19940f44cf
SHA256 fc79407bd297be7ceb2ed2bc1fbcd28274cb476ee9a6baba23e0b4bccc881bbe
SHA512 55142b9473593d436ce16e2ca6ccd9531539acbfb653425cc8a622e9c0b4b5111a1c361b846046544aec7bcc52142b06b1d38fa9fd36b098a41af08a05b2da8a

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Player.dll

MD5 08c68e4121ceeac71745015bf17126cc
SHA1 103792ab800377092aabefbf4b94d0a882afdc3c
SHA256 e18254dd1e074eb57971d91ab62502611dee96aba1203f2b21810d8d0e761b3a
SHA512 d66c9db8a876260f4b86604dd71a52b72dd91d79b7d1da711c45577b0dddbda8e46802f6184c2cd63a202f58cdb04d51da865968b7b203b8c5c2a76a8cfb5bce

memory/2824-104-0x0000000006C60000-0x0000000006C70000-memory.dmp

memory/2824-103-0x0000000006C50000-0x0000000006C5B000-memory.dmp

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corem.dll

MD5 71f601f8151e34ef31307ab4e46e902d
SHA1 1f3d312e2f4755b7f2decca1dedb91bc795288ea
SHA256 deac6221d0abe480012e836e5e9dd915828ae55401f0c46fb7ce8049c380c698
SHA512 377e6c9540616cad77cf151a31f6461338910d441a12b26175d8bcc2020eba83f621b0df1756123b58fb4358786fcb6a3e187af11123f100a91255218a616aa9

memory/2824-100-0x0000000006C30000-0x0000000006C49000-memory.dmp

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corez.dll

MD5 355f1b97cad97743a8e70dd2803e2f9d
SHA1 c7c12bc74483874cbdd39343d149509be355c2d9
SHA256 00d4986dfff92cfdd45576da9100d49f374a8dba1a476cfc8dc7cf50f5a6735f
SHA512 eb7f8d7b68ab01a95de5aad0023fc4c51c3828138610b488c92ca3ab5c320305f295467972b542c7fe436d08e21ba7926a997702e4383ce5f4cbc674f62479b7

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll

MD5 8d55e0816a7e5ec7bde531634af40fdc
SHA1 c8d9e046860e25773891f2fbde06f3f2552f0ad6
SHA256 dc7c2a0b56b81feb77888d9c662cf9f1c8be2ae943730ae9cb7c5e3d21e8b972
SHA512 881070c51d1f83bbd264efc09a006a7382d9dbc22180c0be94f56539fe5e30aef9a215b4fad03f52494e4c8129b642446317739ac9df3ee7665264b3f1daccd8

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll

MD5 c9a34b6b4d9733d1809976792a249c2f
SHA1 0d175495ed76d6e63e9943dfe76421a6cc4bf188
SHA256 3bba5878f0716ef2596147e4c4b4347df65485ca0b9058d40c4dd1958d05d1b6
SHA512 c232941eb599687e934327ed765bfdf99efc7164bb772e3008355969aa08f47caefb75ebe1623ab762268dc22c5b981d68c1fa3290c104f23c8f0bd2f12e08cd

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadGC2.dll

MD5 6f346d712c867cf942d6b599adb61081
SHA1 24d942dfc2d0c7256c50b80204bb30f0d98b887a
SHA256 72e6c8dd77fa7e10a7b05ef6c3e21d3f7e4147301b0bf6e416b2d33d4e19a9c3
SHA512 1f95a211d5dd3e58d4e2682f6bf2c5380b230e9907e2882097b77b99520cd2c788f43ad2abcce617dd8ded0043e4ef1c8b6e083c44688b23109868e6cdd2364c

C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll

MD5 adbcbd963bd0ac6fcc654557c61b6a0e
SHA1 1cd7f13d7ac6cc207b8679679eb112beb90d783c
SHA256 bbe16489e6602172fd3437e0cdaad2f9d27ee57e6dc5ab7fd761209be8d3a7e3
SHA512 b3ed5cce662a40a9f51342522b445c7808b1084bdb7dd0066ba9dfda75e37b879281d4ee19a009951526492f53dbe91a5d837811828ca7eef4e0c1daf5df02da

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\postproc-52.dll

MD5 c9f14ea3b7136ff16d5fd374a85aed17
SHA1 2466592e6e2ace27b14b36aa1bff78a447a5f0ac
SHA256 c108f37b365886449d336e05fd6a4a367e60c02df7ddab988df5ec6ed6cc2353
SHA512 f6355dd73385ea3c7b5364728deb984869a25b42b6a7b81b808bbea659a59843adbe7c464f7ddfac60e73241b93d5c071374c4173c7c3a4be1aaf7c7dbe14982

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll

MD5 42caaf0c730b3707227d55e72e4ee3b8
SHA1 9de5ad3e3ac7b1b10639822bae5c35b861eb7531
SHA256 f8994828a890ee3142b570f6644ec7450bd45098942092d584e0a12849260085
SHA512 8015d4786198b6bd23b3b0eee38b7bb87b0b49d78fcfbfc3aa5a7c7a4204bb772583489c1905ad2e85c7bab784e8a8c55a9ae3f276be670a05b438043720a25f

C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll

MD5 9929908fbdf26f03240cd711b2997f04
SHA1 ebec8f8a374a85f615636c3757813255eee5d3d0
SHA256 fdd1ae70a0f847d81fd55fee85e4acc3812e94675dc133b8ddd742c5c5014a13
SHA512 f76e08848ca73e75850fb7a4c59d2e6b21b282f3c8338a60a5c0f9d3bbd530e3a8c962bd119a5bc4221a86eccb6c21e4f50501b9b5362c2ad54a6ef2e4afc1cc

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll

MD5 ad8c829cedfb3474b8bf0637741a40d6
SHA1 fb67461badae23cbcef15e96b388162957f704ac
SHA256 0a92d8db1a4409165c7a5c383ae639d28c2b00223e7fa4b6c021a3ff9ebb4db7
SHA512 da9620309c31d36292320893f81c1a22ec447bea7fdda40996ca5088a12aa1b4722092cab6efb810856c228a6474158d0097d444b61af30351986739c3b425ec

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll

MD5 495e75f94747403a0ae18ac0843d4472
SHA1 14df7d195929b8ecdd8783c70c7a7c9fbb537733
SHA256 83a4b4f870bc2ebd4f9b1b2d72ce614cc5d95ef02e66a51dd1a79163cdd72b7f
SHA512 5c1b3dced257c6b6913a4eb0b6c166dd183e224f160e55ef4244eea4a1faef0a98b28eca9d17b41f43866e04ca1d94858813c94adab61c01f23d7a0e44e0b9b1

C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll

MD5 90ea52dc3ae0a34c8ac6c61f67bd031c
SHA1 32e8e901dedbf50a85895523fde659eeeeb777e4
SHA256 958b43223566bb8c58b4daef118945202a8f8527266d87dca5182f19e5987d60
SHA512 9da90b04dbf154b21a1d2129786c5b4cf56711d317020a9f38161343e19c4973f8ea4773a84fb02161d9e9335cf56531234fb64d4ec121d816c1684dd269f597

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swresample-0.dll

MD5 77bceb240f65c91d26299a334a0cf8e1
SHA1 de9d588a25252d9660fe0247508eadfa6f8a7834
SHA256 d179c01c646d821cf745ae5e66ffc7ed394a61a595ecc2bccf27dc144ba91a2c
SHA512 b380b592c39fd22302fc4a36aa6f773a79253230f0dd73ad129500654dbdf24c5a0b0ae3b2a4ffd762da4f9705a0c8e48ad4372d85cdb6271c5d3f315c82a281

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avutil-52.dll

MD5 f832d24b70a2f4583c57a5fa9b6f0d68
SHA1 092ce5cb6bfe6eadde62c4cfb911eab2474196f8
SHA256 67a0f7d47ceff1407b9c4851032346a9b81a75fee6569274f15d092610f04cdc
SHA512 41048c023871b485718ae219f0d79bbe01a0704f8d2107d68ead2262e3f66737718afbb636b02109d1a2b427aab04dd394ef82d8014298fa3fdee0c61bfab185

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll

MD5 9fd6bb0d558beaa9f07f68d688b8b9fe
SHA1 f711bea0891b2e4e39f1ae04a919bb25783c0e94
SHA256 e095cd36922d3d85fc1ef4eb3656ce1560d49c09300c820c49ec78343233140d
SHA512 be63bc760a08afd25f533c1ee8a2f34c0b4923bf038a5616c51f7b171e19bf01685ac56bb92332780559ba555a0abd6e9ddd848f780ec98340880e57c883127b

C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll

MD5 77ce9d8173b62fe5b8dc3b4dd5e0f7f3
SHA1 223e0978864a6fb81fc56f90f4e00b1ff10c27d4
SHA256 913f291f05d962990ff027221f6538dfb38175eaf8606905453027f02aea866c
SHA512 e91022234e12f4c9c284b613f129b4d8eb0f78db66ffde4847c78e273564904c15f12d2ed24db291fae5c08cd0d5e3151d4db58a641f5a4b63500e239857c978

C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll

MD5 16aee6a6f93216b22e2c1d791289ea24
SHA1 e7f7d6f5b39909c45bb911ff213289501ac3bdfd
SHA256 74b386902860e8fed988777f03e6208d0a15f8593bcb1282f4a9251ac2e32175
SHA512 f8bea20923f8c9d03e0c2ec1022ce1172c9f6ec8327443464591a93ef5cf668fa3191f43c74db7a960d89e16419bcd2d12d60e737f77cd63c44b6c89918bd140

C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll

MD5 9ecbad7da5735a166513d0431af24d34
SHA1 e8c8eb97a32f770eb19705421ccee40684f27fa1
SHA256 c682cf85a54828438700019bd4f637ec3c701df0fa2b4b460c002f7f2e3b53d1
SHA512 ec2f8e46bb5247251a19597623396e76c2d30628922aecbcacc35a5b072cb7c4e89c76a65140102e35592725b7970adc313dcc1ecd68c2f8bd1d85f8f823d60c

C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Fitness.raw

MD5 5628f34c20c22a64d955fd4c2e772b5d
SHA1 237d0705c01af5201d7b6fd8cbc3f2a0d7fb18c3
SHA256 27335c875e7eb98ba84fe1793209fc0884a705ab2230fa8986682e95ce9b1ae2
SHA512 a0a36980b7c7c2b463ef3f2400b63628cbee7a5a563806854e16ebbf025b4d36746fd557b659e76f31e8b2b0b2b33a75070db288c7358bcb5e7ffff7dddde801

memory/2824-137-0x0000000007AF0000-0x0000000007C49000-memory.dmp

memory/2824-139-0x0000000007AF0000-0x0000000007C49000-memory.dmp

memory/2824-138-0x0000000007AF0000-0x0000000007C49000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\License.txt

MD5 cc5d000307075f7c16eb5cf2c8606c8d
SHA1 0169dbed302b8a3d142522e6bcb6040609d07232
SHA256 66014baaf612e3aa3084b0c9d7fd95041606f6157236ea10e80865e7cee4cab4
SHA512 d8cc2a3ae2bda1ad7d07f5ca4645c60d67bbb719ea8c42696e749604205b43fbb8630060924a486fee7f8f38984e53ab9c9016eabf8a548f9eec177d5d8b268e

C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Readme.txt

MD5 969c656269ca1f8437d76200e7620bcd
SHA1 80c6b239567b19e358250c8cbda9f100e6b0c28a
SHA256 dad36f230fb9f65767b07006df1f73d04ad55863f17c1d0343771ce6c5e2ccfc
SHA512 030ba239643d0d2e68283ec428dbf916021b7e3939d2ad7df4ef7101cf581341e50b7900dd6aed32582df8c66539d0d5032106b9e41a95cf2886a25941f15941

C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest

MD5 ce3ab3bd3ff80fce88dcb0ea3d48a0c9
SHA1 c6ba2c252c6d102911015d0211f6cab48095931c
SHA256 f7205c5c0a629d0cc60e30e288e339f08616be67b55757d4a403a2b54e23922b
SHA512 211e247ea82458fd68bcc91a6731e9e3630a9d5901f4be4af6099ad15a90caf2826e14846951fdd7d3b199994fd3ac97ca9e325cf0dfeb9474aea9b0d6339dd3

C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest

MD5 6bb5d2aad0ae1b4a82e7ddf7cf58802a
SHA1 70f7482f5f5c89ce09e26d745c532a9415cd5313
SHA256 9e0220511d4ebdb014cc17ecb8319d57e3b0fea09681a80d8084aa8647196582
SHA512 3ea373dacfd3816405f6268ac05886a7dc8709752c6d955ef881b482176f0671bcdc900906fc1ebdc22e9d349f6d5a8423d19e9e7c0e6f9f16b334c68137df2b

memory/2824-141-0x0000000000400000-0x0000000001554000-memory.dmp

memory/2824-145-0x00000000732B0000-0x000000007333B000-memory.dmp

memory/2824-144-0x0000000073340000-0x0000000073363000-memory.dmp

memory/2824-147-0x0000000072020000-0x0000000072057000-memory.dmp

memory/2824-143-0x0000000073370000-0x00000000733DA000-memory.dmp

memory/2824-160-0x0000000007AF0000-0x0000000007C49000-memory.dmp

memory/2824-173-0x0000000007AF0000-0x0000000007C49000-memory.dmp

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\msvcr100.dll

MD5 9bb5b55ac1cbd9cd721216a20c8077d5
SHA1 830d6fe738aa1c6f698086e5465f6653389dcb9b
SHA256 26f4065a13ee406aba6de04099724173220b1914d0cbd2b4f713d21dd0d913f4
SHA512 3388116a0193e306844cc69a80bea493ffbf7801f6cdc60594bb69262291ce3711b9bc0ec993a9cc550991efa1c39cb2df1aa13507a7f05140a0c5690bd633d4

C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\nsm.lic

MD5 7067af414215ee4c50bfcd3ea43c84f0
SHA1 c331d410672477844a4ca87f43a14e643c863af9
SHA256 2050cc232710a2ea6a207bc78d1eac66a4042f2ee701cdfeee5de3ddcdc31d12
SHA512 17b888087192bcea9f56128d0950423b1807e294d1c4f953d1bf0f5bd08e5f8e35afeee584ebf9233bfc44e0723db3661911415798159ac118c8a42aaf0b902f

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\htctl32.dll

MD5 39501769937e6ac47c19da4de6598fa0
SHA1 bbb418775e310e580af75e3dbc350da6f7bb2c3c
SHA256 4f18c796b58078c86551fd3b1d81a10bd787ac7752774aa27d442daa7d4a9aff
SHA512 e8bf4337afe706dc7656afa05c67e9d725d7508f56482a227b9587136f0731a7947b6cc1ccf88818db625e774f25efeaaac311b156e373abe9f2c74ffae7b3d4

memory/2824-175-0x0000000006920000-0x000000000693B000-memory.dmp

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\msvcr100.dll

MD5 507abbe1875a21cc2aaa56eae5761227
SHA1 5401aa1e78a3320f8b46dac6f2a5860db58f0cae
SHA256 2c1764c38a706793bfc0a9351371f7ea0fd692067cbda7060ad861a328e971aa
SHA512 608edec8daad10ab2b49da3de2846b9ee3b3fc8fae1975cbea90de91bc06c75fd8ad47f0f564d1c95ae22345b504f44f134e01b844dc5a980752f072908ff36d

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicapi.dll

MD5 dcde2248d19c778a41aa165866dd52d0
SHA1 7ec84be84fe23f0b0093b647538737e1f19ebb03
SHA256 9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917
SHA512 c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcichek.dll

MD5 a0b9388c5f18e27266a31f8c5765b263
SHA1 906f7e94f841d464d4da144f7c858fa2160e36db
SHA256 313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a
SHA512 6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicl32.dll

MD5 662c9b5556992d2b08b86ac199c349e9
SHA1 e30974fc680707204576521f900ac4f7e2f6dd28
SHA256 44ff3e1be542d638b30dbe851d6b73adc8398638c58b4a773e41c41d44eca7fb
SHA512 e413b343752d7216a7f7afc875be4a44ddda21b660c6acb00abb4f095907bdb6fbeafa83b7eff4d93b78eb1b82c9b46b22cf3601db8dbaeafe3e248d481e76b6

memory/2824-191-0x00000000015A0000-0x00000000015A1000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe

MD5 6f7235e1907e395ccdb4b157fc7148bf
SHA1 4718676ce76ea8d735aba32dc302c56d3fd81e91
SHA256 67fc8156d0df93dfcd29b6c17f08f8f739d689d893b5a9d3295c8f2eaadaaa45
SHA512 f148f0f1789d475e292011f83e30630f6ca0f98dadb62d2013ebd8d0be52b76b5c4f831c20c053b65900640b560b6ccbe35018553b3b88cd2c3161c62d9fa468

memory/2824-203-0x0000000007AF0000-0x0000000007C49000-memory.dmp

memory/2824-206-0x0000000007AF0000-0x0000000007C49000-memory.dmp

memory/2824-209-0x0000000007AF0000-0x0000000007C49000-memory.dmp

memory/2824-213-0x0000000007AF0000-0x0000000007C49000-memory.dmp

memory/4976-233-0x0000000007090000-0x00000000070AA000-memory.dmp

memory/4976-229-0x0000000006B50000-0x0000000006B5B000-memory.dmp

memory/4976-232-0x0000000000400000-0x0000000001554000-memory.dmp

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll

MD5 38480458d98d6535e402a1a1cb101cce
SHA1 b3c89109a3f71b9b6ffbc96d4c61574124ba005f
SHA256 fc28562905e3b46e27adcdffc4f9e72ca2145dc999323af6d399375549a2412b
SHA512 b4a49b64e8fd302b64ab6bcb242c676b3693f6955cf9eec216fae0d6b9aedcb033bc317f3ae3e42cd9b7507610c116157b52c07a65fd0d23d619b054b939ae11

memory/4976-234-0x0000000072FA0000-0x00000000732AE000-memory.dmp

memory/4976-231-0x0000000006B70000-0x0000000006B89000-memory.dmp

memory/4976-235-0x00000000720F0000-0x0000000072F98000-memory.dmp

memory/4976-230-0x0000000006B60000-0x0000000006B70000-memory.dmp

memory/4976-236-0x0000000073370000-0x00000000733DA000-memory.dmp

memory/4976-237-0x00000000733E0000-0x000000007356E000-memory.dmp

memory/4976-241-0x0000000072020000-0x0000000072057000-memory.dmp

memory/4976-239-0x0000000073340000-0x0000000073363000-memory.dmp

memory/4976-238-0x00000000732B0000-0x000000007333B000-memory.dmp

\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll

MD5 8305f04394005c2697a7f9e29b38056e
SHA1 a1cbd0c9ca32b29c4fdc4be4dd1863c34687ce9d
SHA256 32929099c51546a30c244bf0f60f0563e4e58f1ad314e97c9bb672e2978a1b80
SHA512 e45917dd5d24344d2abbdb23dd9d456040ed282587305539ac1e3a6b1232ae985d29d5516210ee5467d5a77deaf1308d212a87e432a72edfd2279d51a025aa1b

memory/4976-275-0x00000000015E0000-0x00000000015E1000-memory.dmp

memory/4976-276-0x0000000071200000-0x00000000713BE000-memory.dmp

memory/4976-293-0x0000000009050000-0x00000000090DB000-memory.dmp

memory/4976-292-0x0000000009050000-0x00000000090DB000-memory.dmp

memory/4976-307-0x0000000071200000-0x00000000713BE000-memory.dmp

memory/4976-308-0x0000000009050000-0x00000000090DB000-memory.dmp

memory/2628-331-0x000000006FA60000-0x000000007014E000-memory.dmp

memory/2628-330-0x0000000007360000-0x0000000007396000-memory.dmp

memory/2628-332-0x0000000007440000-0x0000000007450000-memory.dmp

memory/2628-333-0x0000000007440000-0x0000000007450000-memory.dmp

memory/2628-334-0x0000000007A80000-0x00000000080A8000-memory.dmp

memory/2628-335-0x00000000080B0000-0x00000000080D2000-memory.dmp

memory/2628-336-0x0000000008150000-0x00000000081B6000-memory.dmp

memory/2628-337-0x0000000008330000-0x0000000008396000-memory.dmp

memory/2628-338-0x0000000008460000-0x00000000087B0000-memory.dmp

memory/2628-339-0x00000000083C0000-0x00000000083DC000-memory.dmp

memory/2628-340-0x0000000008B50000-0x0000000008B9B000-memory.dmp

memory/2628-341-0x0000000008C20000-0x0000000008C96000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fn02bqqa.oko.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/2628-360-0x0000000009BF0000-0x0000000009C0E000-memory.dmp

memory/2628-359-0x000000006C7B0000-0x000000006C7FB000-memory.dmp

memory/2628-358-0x0000000009C30000-0x0000000009C63000-memory.dmp

memory/2628-365-0x0000000009D60000-0x0000000009E05000-memory.dmp

memory/2628-366-0x0000000007440000-0x0000000007450000-memory.dmp

memory/2628-367-0x0000000009F30000-0x0000000009FC4000-memory.dmp

memory/2628-560-0x0000000009EC0000-0x0000000009EDA000-memory.dmp

memory/2628-565-0x0000000009EB0000-0x0000000009EB8000-memory.dmp

memory/2628-593-0x000000006FA60000-0x000000007014E000-memory.dmp

memory/2824-625-0x0000000071200000-0x00000000713BE000-memory.dmp