Analysis Overview
SHA256
34695d42d3d51e9099a78c92e578b38ad46e2eefc6953ab45727c66ba75559cc
Threat Level: Known bad
The file WinIconMakerFreeSetup.zip was found to be: Known bad.
Malicious Activity Summary
NetSupport
Loads dropped DLL
Executes dropped EXE
Maps connected drives based on registry
Adds Run key to start application
Enumerates connected drives
Blocklisted process makes network request
Drops file in Windows directory
Program crash
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-01 14:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-01 14:39
Reported
2024-02-01 14:43
Platform
win10-20231215-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
NetSupport
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\IObit Workshop Ultimate = "C:\\Users\\Admin\\AppData\\Local\\Programs\\WinIcon Maker Free\\CPPlayer.exe" | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum\0 | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSIA393.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57a162.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57a160.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e57a160.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{DCE33C24-54AC-4134-8C0C-AA3D26865F9C} | C:\Windows\system32\msiexec.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\WinIconMakerFreeSetup.msi
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
"C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3ec
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
"C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 1144
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 198.178.17.96.in-addr.arpa | udp |
| US | 128.138.140.44:37 | tcp | |
| US | 8.8.8.8:53 | 44.140.138.128.in-addr.arpa | udp |
| MD | 5.181.156.118:443 | tcp | |
| US | 8.8.8.8:53 | geo.netsupportsoftware.com | udp |
| US | 104.26.0.231:80 | geo.netsupportsoftware.com | tcp |
| US | 8.8.8.8:53 | 118.156.181.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.0.26.104.in-addr.arpa | udp |
| US | 128.138.140.44:37 | tcp | |
| US | 8.8.8.8:53 | telldruggcommitetter.shop | udp |
| US | 104.21.5.9:443 | telldruggcommitetter.shop | tcp |
| US | 8.8.8.8:53 | gemcreedarticulateod.shop | udp |
| US | 172.67.152.52:443 | gemcreedarticulateod.shop | tcp |
| US | 8.8.8.8:53 | secretionsuitcasenioise.shop | udp |
| US | 8.8.8.8:53 | 9.5.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.152.67.172.in-addr.arpa | udp |
| US | 188.114.96.2:443 | secretionsuitcasenioise.shop | tcp |
| US | 8.8.8.8:53 | claimconcessionrebe.shop | udp |
| US | 172.67.199.120:443 | claimconcessionrebe.shop | tcp |
| US | 8.8.8.8:53 | liabilityarrangemenyit.shop | udp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 188.114.96.2:443 | liabilityarrangemenyit.shop | tcp |
| US | 8.8.8.8:53 | 120.199.67.172.in-addr.arpa | udp |
| N/A | 127.0.0.1:49932 | tcp | |
| N/A | 127.0.0.1:50087 | tcp | |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tcp |
Files
\??\Volume{e50584b5-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{a07160d4-9598-4376-b574-c29f1d5add92}_OnDiskSnapshotProp
| MD5 | 57540b7da7876816a9b81f88cd7a8397 |
| SHA1 | 3284096020f0c6ca6d9df036951da4520eb826da |
| SHA256 | 6f59ef043bc8515c1f17c8b903b07abbdf6381f85570e9ad3599977d194f58eb |
| SHA512 | a0d8b011d018c54a7df84fad0e72cc916a323eb38802cfe5e4b920857976cd7c2aac2e73a1622b6c81777af2870f861c10498f375e1f9a78626d4e87a18a0cee |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | eaf700ec4bfccdbb87a284b5734d8f88 |
| SHA1 | ba4e6c4f0c3b1c4c15872145d295bd337e24b781 |
| SHA256 | 1294fd7dde2d3b4ddc1014a49987d52fb63ddc53b69cb782bcebc41add83ce13 |
| SHA512 | c9400c1d20103f7e058673b720a7e431116cf3c0e526c0ee507de69d642bb301612848493de6106c8a31d7632cb015bb89e3494524e7ca1f66740091683072e8 |
C:\Config.Msi\e57a161.rbs
| MD5 | 3a790075193f26ce1d3e1a180d9b865b |
| SHA1 | e53d1e50afdf049e0ee724fd305aeb68396c0c36 |
| SHA256 | a12a56b985a3cf87c5a9b92c0a3910ee7e586ea77347b26f2b8d01a5051e2df7 |
| SHA512 | 8f12438ad28ccbd2b57a7b54edef471966b22aae9b25cf4704f2f5b13ec39bc8e2aef7bd2cfeebc240913be699ef29fce0a9176a3fe9e9c5456e2736f45f4d55 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
| MD5 | e2dcb3b41b9c4602e5e0cabf553e25cd |
| SHA1 | 15af64e90a6dd34c6a375d444d652c50e0562812 |
| SHA256 | 45512e94af43d8caf876e7a3db2a38efa433e08582bbfad12d576edc85e8c150 |
| SHA512 | c8e187517aa97dc1b2d6089865e85fff63581cdff67f6e5a0064888317e463fc15385f22f1e3670a54aa61a8707525a2394ba1ed97d47b9da6184697027408ec |
C:\Windows\Installer\e57a160.msi
| MD5 | 7bd33bf9e0ef243a2a00442ca7c322bd |
| SHA1 | 0bcbd8fd705dd4f04ca39ddd6fe963017f23bee8 |
| SHA256 | 5d5c92b52cd2734153643a4808f5a909379873465d143e9817ee5f41402503ce |
| SHA512 | e5a91be3e5c93248938fd1be86d5b158de988e2224869560e77da04131e74061c89e79ab8002e0b17637d8b13e2575fefb16fd2f1e3cb2a70bb98c2301da66a1 |
memory/2824-68-0x00000000015A0000-0x00000000015A1000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll
| MD5 | 34a023b2aef9d7461933e66207cb460d |
| SHA1 | 3ffd169fbf0449c2551b3f60e95bf210c4fe1ad6 |
| SHA256 | 35c1e6053084fae711c82193abb5d618d6b14b22a08b3efe0c441d1a9f1c068f |
| SHA512 | 1800bde8294905c1b7649c3b4cb6a4a13c0516ac2321e7fd388eda5a0e283aba4c0f039c092afb045d70b2917ce9af5c28ecbb5763df7d928ed4df2ace86c11e |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll
| MD5 | d81b04561c545531363278664ffb7df2 |
| SHA1 | 94f5df73fa2a2c711de44bbe2eeb9fc79dc6db8f |
| SHA256 | 0eed963b08fd8e8e3f6651f2f03edfcd506af6acc2f7a318b6bbd766f892ccc9 |
| SHA512 | 8b4969ff5059ce0bd0e3164a85c0ad363f3d3268b4191078ed3a8fe104174c16ced0fce0cd25c817c75bf7fa02c370f25b2155a5e6ab06c80efd71192c1791d9 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\postproc-52.dll
| MD5 | 08b0ab27eea60cece35d80e5e61ae699 |
| SHA1 | 6e7d1a59ee4ad7740937573508af7b8c704906ca |
| SHA256 | 3919152e3903e3b3b47df8718532d48d17c5f3a3eb029343f4cd4033b60e5f7f |
| SHA512 | ce01d7426b844f0b04ac64987acbc546b7877fa96b326f208b98fbff8f6c0ac49d774733cc550f06f9788c738c5f2a72e6b058de25f101723bb8264e52f1e2ed |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll
| MD5 | 2bc95663320309f1e61c20b7fe224cd6 |
| SHA1 | e966613bc3de178c0a15244b703c5d6d7ac52fc8 |
| SHA256 | e55d8637f35cda7d2f1092720a5e667d1b3fbf8462a958067e64f602bfa4c67f |
| SHA512 | 2d684274c8e3a2515ebc967021a925a602819a7d58d1f90982d12ddd2f5dafefb063cafe0377f5c6549c5ceb5218d60dcb7fc1a47be10202d7f5321f0c3a09c6 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadVC2.dll
| MD5 | 54aeddc619eed2faeee9533d58f778b9 |
| SHA1 | ca9d723b87e0c688450b34f2a606c957391fbbf4 |
| SHA256 | ee15e6e3f82c48461eb638c1ea11019ae9e3e303e067e879115c6272139026e7 |
| SHA512 | 7cec39f32804109b3d502027d1ec42a594c1e4a2d93512195c60bd41aad7e32a8b0eb21a0ee859fecb403ee939eebc4608d9d27a4002b8c282de32f696136506 |
memory/2824-108-0x00000000070C0000-0x00000000070DA000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll
| MD5 | 55a178d23ba7f883919477a5a4912f19 |
| SHA1 | 3df2334b97931113834869a3ed544aa4a1723851 |
| SHA256 | d8f8da3c69924f50de0090b0aa5f1f5e56a1205dfe327b3e5fd8aa82ae1d0f33 |
| SHA512 | 31bb4fccf50546bbb16b39eb0fb35d9e1b4e19ef3391f38116b214f76538677924b9841b6ca8831a0a35e0eb044822c56b65cc854dc69f179c622a491005179f |
memory/2824-115-0x00000000720F0000-0x0000000072F98000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SharpWnd.dll
| MD5 | c338615923a473d6934c222721ad3d3f |
| SHA1 | cf48251e1cfd64841c465493e95e98fa99ad0cb1 |
| SHA256 | 6afa6e9fbd9125f8e1a3db3a2ef290012b9645c76c52b5c6e0486d2a16df9db8 |
| SHA512 | ba40ddebbed3f35db8d929f96d391629f10b98afe4d22c964eb29e43e75a81795cc05d7a83a86a01f7d1b1f57e3ff3f0fd769add961f3b34235b98f010763070 |
memory/2824-117-0x0000000072FA0000-0x00000000732AE000-memory.dmp
memory/2824-119-0x00000000733E0000-0x000000007356E000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ImageZoom.dll
| MD5 | 33b654173a4a25762bdb25339a340035 |
| SHA1 | c676af949eccef20345f3f4b488d199c2e23961d |
| SHA256 | 235872c3e84555417a1a6197aa133f544204019cb635b45742272056ceebec42 |
| SHA512 | f1ad8af26dfa3d1cac9a9d89620a998f01adce1de0021e09ce84271d3a42a899aceb907721e8e8e1c722a78d3a87dccdfc25ffed088b2ea94d68f3c8880b2c00 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll
| MD5 | 568fb5a591ed21fcc4c215ddf6ee4b6f |
| SHA1 | 8ea59c94a239ec041650ad4d6d49bf87084d2023 |
| SHA256 | 7230b2a0a48614c72c59477234c6e14e1aa596361b728b3623e1528445afcfb4 |
| SHA512 | 5b421ccbd1cd97bd16546c1ac63a97ec9b6370cd08217f21aac97a4fb9b1bb9b2cb38532def4e158254c9208cdfbf502ea0627367ed7661176cdb47e8520ef21 |
memory/2824-125-0x0000000071200000-0x00000000713BE000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll
| MD5 | 299b887d3ff64ba9d7a98dcd836c35fb |
| SHA1 | 290c6460e87b7e9abd5cf7036959745fcc2e00d0 |
| SHA256 | 0821f79b8eccfd2b89d1cf393158f9b4f30e51d7a03e3abc1230e3685183beeb |
| SHA512 | 0cbf5d1e2e07fbd43a21564e420a1508c5ceaac1c3d00876a56733f2406ffcb31480e7b3fb9cb065e99e862e42cbf49a03c0b0ec0d6a25e4a1035ed8a55f2150 |
memory/2824-126-0x0000000007AF0000-0x0000000007C49000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\templates\bank.wav
| MD5 | 47bc3558b8350133f37090cb25bf61d9 |
| SHA1 | ca77d34fb5e79e06b1ccfb38b5fcb953317f6778 |
| SHA256 | 3d9637f311a9d6ff5174cfe319fbfc0df41e3a72fe3fc1535eb7582ec57882e4 |
| SHA512 | bd4085db218e97d42fd85a92fe9e325a0affeebab6ef34e21c92ca94f57399883f163e4a67c3c51983c50dbc13149bfe4079e0a50e551c14a45602bf9a84ccf6 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\awebform.resources.dll
| MD5 | 698097bef19bea5fc277f275ed70ab4b |
| SHA1 | 2f65fc8aefe86963b45e0fdd2f7f9aa80727b35e |
| SHA256 | c488b06e96820386ab7e5377291dc63a2f7d33defd1ffe14d9d74d48a12c0874 |
| SHA512 | 493a98ee3f4524730e77ef1987416cc64e31d09688ce3091dc87c0a0a638aa890ac7a923a895bca8b85dda131034d8795b7ee0a951e15ffa52d945776ba04918 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\awebform.resources.dll
| MD5 | b6ba036d9b5aab2b6873a0d7d5e3c798 |
| SHA1 | 1fb75d98a66d83a19cf3761f4a5b30694cf3ea61 |
| SHA256 | 8e4f6ef597296b42711a2eb9e7b8fc825b2b8c3c85126274262ecaf645104148 |
| SHA512 | 1106512f6bb2b4be24b2aa656ab35089ee9b0a44a62e8c49b3079660a314ab0aeaba9631256a8764faa1cf7d7770356e4d683d4fd700649b6b043b4956272997 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SharpWnd.dll
| MD5 | 612aa2fe81d7157aab281a4dff48c018 |
| SHA1 | cbfec3a25533cae6e10f0651163dec4d72311171 |
| SHA256 | ed74fe2065243acdd27db2e138407f12340c5c62b8c833a5854a3ab451396f1a |
| SHA512 | c4a3f25327e43e81c89644ee5b4079c8c88d255dbc212fbb99dba2b6f5ce385683cdd48d95ee833313bf8a1252a01d0e9152c6413e57b12d5143d63cbfc6c0bc |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ImageZoom.dll
| MD5 | c183e1e8366986faeba739f7babd6802 |
| SHA1 | f064dcb4f72e6d01a7d51098afc7e337dd8f66a8 |
| SHA256 | 908b5e74793ac771d0562017cb274ef775e76f6991cd166702f140f134cec888 |
| SHA512 | 7d27228265be5ecd6e53a8d3a56a9395c5ff4f29f7e20f5b8a43963979dcf707e62ec5c80d787e6cd86e169090563bfcfb8f4f1bced74a5fa88c101ec3a087d8 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll
| MD5 | 30ee27b663d6fdfcd58b5f1dfd00001d |
| SHA1 | 95c2b6d18903a1f1af26f4a897bbd0f0bf03d719 |
| SHA256 | 16cd35ecbfdbc657e52affc637f023d82f61163975a7841837003e9566fe064c |
| SHA512 | 61d2f940f15b32cc8237ce1c74311f0bcb26b5a8254b2a424be27adce978ca423a0f2b609d02ba0a31a016a9c3f0ca12f8811a8588c9f3fb532a63313bbfe861 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Player.dll
| MD5 | 4568e9b4bad0bbf9158c37a78725b9fa |
| SHA1 | 0e1dd1bb6d8b480f0156611ce2af9b19940f44cf |
| SHA256 | fc79407bd297be7ceb2ed2bc1fbcd28274cb476ee9a6baba23e0b4bccc881bbe |
| SHA512 | 55142b9473593d436ce16e2ca6ccd9531539acbfb653425cc8a622e9c0b4b5111a1c361b846046544aec7bcc52142b06b1d38fa9fd36b098a41af08a05b2da8a |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Player.dll
| MD5 | 08c68e4121ceeac71745015bf17126cc |
| SHA1 | 103792ab800377092aabefbf4b94d0a882afdc3c |
| SHA256 | e18254dd1e074eb57971d91ab62502611dee96aba1203f2b21810d8d0e761b3a |
| SHA512 | d66c9db8a876260f4b86604dd71a52b72dd91d79b7d1da711c45577b0dddbda8e46802f6184c2cd63a202f58cdb04d51da865968b7b203b8c5c2a76a8cfb5bce |
memory/2824-104-0x0000000006C60000-0x0000000006C70000-memory.dmp
memory/2824-103-0x0000000006C50000-0x0000000006C5B000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corem.dll
| MD5 | 71f601f8151e34ef31307ab4e46e902d |
| SHA1 | 1f3d312e2f4755b7f2decca1dedb91bc795288ea |
| SHA256 | deac6221d0abe480012e836e5e9dd915828ae55401f0c46fb7ce8049c380c698 |
| SHA512 | 377e6c9540616cad77cf151a31f6461338910d441a12b26175d8bcc2020eba83f621b0df1756123b58fb4358786fcb6a3e187af11123f100a91255218a616aa9 |
memory/2824-100-0x0000000006C30000-0x0000000006C49000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corez.dll
| MD5 | 355f1b97cad97743a8e70dd2803e2f9d |
| SHA1 | c7c12bc74483874cbdd39343d149509be355c2d9 |
| SHA256 | 00d4986dfff92cfdd45576da9100d49f374a8dba1a476cfc8dc7cf50f5a6735f |
| SHA512 | eb7f8d7b68ab01a95de5aad0023fc4c51c3828138610b488c92ca3ab5c320305f295467972b542c7fe436d08e21ba7926a997702e4383ce5f4cbc674f62479b7 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll
| MD5 | 8d55e0816a7e5ec7bde531634af40fdc |
| SHA1 | c8d9e046860e25773891f2fbde06f3f2552f0ad6 |
| SHA256 | dc7c2a0b56b81feb77888d9c662cf9f1c8be2ae943730ae9cb7c5e3d21e8b972 |
| SHA512 | 881070c51d1f83bbd264efc09a006a7382d9dbc22180c0be94f56539fe5e30aef9a215b4fad03f52494e4c8129b642446317739ac9df3ee7665264b3f1daccd8 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll
| MD5 | c9a34b6b4d9733d1809976792a249c2f |
| SHA1 | 0d175495ed76d6e63e9943dfe76421a6cc4bf188 |
| SHA256 | 3bba5878f0716ef2596147e4c4b4347df65485ca0b9058d40c4dd1958d05d1b6 |
| SHA512 | c232941eb599687e934327ed765bfdf99efc7164bb772e3008355969aa08f47caefb75ebe1623ab762268dc22c5b981d68c1fa3290c104f23c8f0bd2f12e08cd |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadGC2.dll
| MD5 | 6f346d712c867cf942d6b599adb61081 |
| SHA1 | 24d942dfc2d0c7256c50b80204bb30f0d98b887a |
| SHA256 | 72e6c8dd77fa7e10a7b05ef6c3e21d3f7e4147301b0bf6e416b2d33d4e19a9c3 |
| SHA512 | 1f95a211d5dd3e58d4e2682f6bf2c5380b230e9907e2882097b77b99520cd2c788f43ad2abcce617dd8ded0043e4ef1c8b6e083c44688b23109868e6cdd2364c |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll
| MD5 | adbcbd963bd0ac6fcc654557c61b6a0e |
| SHA1 | 1cd7f13d7ac6cc207b8679679eb112beb90d783c |
| SHA256 | bbe16489e6602172fd3437e0cdaad2f9d27ee57e6dc5ab7fd761209be8d3a7e3 |
| SHA512 | b3ed5cce662a40a9f51342522b445c7808b1084bdb7dd0066ba9dfda75e37b879281d4ee19a009951526492f53dbe91a5d837811828ca7eef4e0c1daf5df02da |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\postproc-52.dll
| MD5 | c9f14ea3b7136ff16d5fd374a85aed17 |
| SHA1 | 2466592e6e2ace27b14b36aa1bff78a447a5f0ac |
| SHA256 | c108f37b365886449d336e05fd6a4a367e60c02df7ddab988df5ec6ed6cc2353 |
| SHA512 | f6355dd73385ea3c7b5364728deb984869a25b42b6a7b81b808bbea659a59843adbe7c464f7ddfac60e73241b93d5c071374c4173c7c3a4be1aaf7c7dbe14982 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll
| MD5 | 42caaf0c730b3707227d55e72e4ee3b8 |
| SHA1 | 9de5ad3e3ac7b1b10639822bae5c35b861eb7531 |
| SHA256 | f8994828a890ee3142b570f6644ec7450bd45098942092d584e0a12849260085 |
| SHA512 | 8015d4786198b6bd23b3b0eee38b7bb87b0b49d78fcfbfc3aa5a7c7a4204bb772583489c1905ad2e85c7bab784e8a8c55a9ae3f276be670a05b438043720a25f |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll
| MD5 | 9929908fbdf26f03240cd711b2997f04 |
| SHA1 | ebec8f8a374a85f615636c3757813255eee5d3d0 |
| SHA256 | fdd1ae70a0f847d81fd55fee85e4acc3812e94675dc133b8ddd742c5c5014a13 |
| SHA512 | f76e08848ca73e75850fb7a4c59d2e6b21b282f3c8338a60a5c0f9d3bbd530e3a8c962bd119a5bc4221a86eccb6c21e4f50501b9b5362c2ad54a6ef2e4afc1cc |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll
| MD5 | ad8c829cedfb3474b8bf0637741a40d6 |
| SHA1 | fb67461badae23cbcef15e96b388162957f704ac |
| SHA256 | 0a92d8db1a4409165c7a5c383ae639d28c2b00223e7fa4b6c021a3ff9ebb4db7 |
| SHA512 | da9620309c31d36292320893f81c1a22ec447bea7fdda40996ca5088a12aa1b4722092cab6efb810856c228a6474158d0097d444b61af30351986739c3b425ec |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll
| MD5 | 495e75f94747403a0ae18ac0843d4472 |
| SHA1 | 14df7d195929b8ecdd8783c70c7a7c9fbb537733 |
| SHA256 | 83a4b4f870bc2ebd4f9b1b2d72ce614cc5d95ef02e66a51dd1a79163cdd72b7f |
| SHA512 | 5c1b3dced257c6b6913a4eb0b6c166dd183e224f160e55ef4244eea4a1faef0a98b28eca9d17b41f43866e04ca1d94858813c94adab61c01f23d7a0e44e0b9b1 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll
| MD5 | 90ea52dc3ae0a34c8ac6c61f67bd031c |
| SHA1 | 32e8e901dedbf50a85895523fde659eeeeb777e4 |
| SHA256 | 958b43223566bb8c58b4daef118945202a8f8527266d87dca5182f19e5987d60 |
| SHA512 | 9da90b04dbf154b21a1d2129786c5b4cf56711d317020a9f38161343e19c4973f8ea4773a84fb02161d9e9335cf56531234fb64d4ec121d816c1684dd269f597 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swresample-0.dll
| MD5 | 77bceb240f65c91d26299a334a0cf8e1 |
| SHA1 | de9d588a25252d9660fe0247508eadfa6f8a7834 |
| SHA256 | d179c01c646d821cf745ae5e66ffc7ed394a61a595ecc2bccf27dc144ba91a2c |
| SHA512 | b380b592c39fd22302fc4a36aa6f773a79253230f0dd73ad129500654dbdf24c5a0b0ae3b2a4ffd762da4f9705a0c8e48ad4372d85cdb6271c5d3f315c82a281 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avutil-52.dll
| MD5 | f832d24b70a2f4583c57a5fa9b6f0d68 |
| SHA1 | 092ce5cb6bfe6eadde62c4cfb911eab2474196f8 |
| SHA256 | 67a0f7d47ceff1407b9c4851032346a9b81a75fee6569274f15d092610f04cdc |
| SHA512 | 41048c023871b485718ae219f0d79bbe01a0704f8d2107d68ead2262e3f66737718afbb636b02109d1a2b427aab04dd394ef82d8014298fa3fdee0c61bfab185 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll
| MD5 | 9fd6bb0d558beaa9f07f68d688b8b9fe |
| SHA1 | f711bea0891b2e4e39f1ae04a919bb25783c0e94 |
| SHA256 | e095cd36922d3d85fc1ef4eb3656ce1560d49c09300c820c49ec78343233140d |
| SHA512 | be63bc760a08afd25f533c1ee8a2f34c0b4923bf038a5616c51f7b171e19bf01685ac56bb92332780559ba555a0abd6e9ddd848f780ec98340880e57c883127b |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll
| MD5 | 77ce9d8173b62fe5b8dc3b4dd5e0f7f3 |
| SHA1 | 223e0978864a6fb81fc56f90f4e00b1ff10c27d4 |
| SHA256 | 913f291f05d962990ff027221f6538dfb38175eaf8606905453027f02aea866c |
| SHA512 | e91022234e12f4c9c284b613f129b4d8eb0f78db66ffde4847c78e273564904c15f12d2ed24db291fae5c08cd0d5e3151d4db58a641f5a4b63500e239857c978 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll
| MD5 | 16aee6a6f93216b22e2c1d791289ea24 |
| SHA1 | e7f7d6f5b39909c45bb911ff213289501ac3bdfd |
| SHA256 | 74b386902860e8fed988777f03e6208d0a15f8593bcb1282f4a9251ac2e32175 |
| SHA512 | f8bea20923f8c9d03e0c2ec1022ce1172c9f6ec8327443464591a93ef5cf668fa3191f43c74db7a960d89e16419bcd2d12d60e737f77cd63c44b6c89918bd140 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll
| MD5 | 9ecbad7da5735a166513d0431af24d34 |
| SHA1 | e8c8eb97a32f770eb19705421ccee40684f27fa1 |
| SHA256 | c682cf85a54828438700019bd4f637ec3c701df0fa2b4b460c002f7f2e3b53d1 |
| SHA512 | ec2f8e46bb5247251a19597623396e76c2d30628922aecbcacc35a5b072cb7c4e89c76a65140102e35592725b7970adc313dcc1ecd68c2f8bd1d85f8f823d60c |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Fitness.raw
| MD5 | 5628f34c20c22a64d955fd4c2e772b5d |
| SHA1 | 237d0705c01af5201d7b6fd8cbc3f2a0d7fb18c3 |
| SHA256 | 27335c875e7eb98ba84fe1793209fc0884a705ab2230fa8986682e95ce9b1ae2 |
| SHA512 | a0a36980b7c7c2b463ef3f2400b63628cbee7a5a563806854e16ebbf025b4d36746fd557b659e76f31e8b2b0b2b33a75070db288c7358bcb5e7ffff7dddde801 |
memory/2824-137-0x0000000007AF0000-0x0000000007C49000-memory.dmp
memory/2824-139-0x0000000007AF0000-0x0000000007C49000-memory.dmp
memory/2824-138-0x0000000007AF0000-0x0000000007C49000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\License.txt
| MD5 | cc5d000307075f7c16eb5cf2c8606c8d |
| SHA1 | 0169dbed302b8a3d142522e6bcb6040609d07232 |
| SHA256 | 66014baaf612e3aa3084b0c9d7fd95041606f6157236ea10e80865e7cee4cab4 |
| SHA512 | d8cc2a3ae2bda1ad7d07f5ca4645c60d67bbb719ea8c42696e749604205b43fbb8630060924a486fee7f8f38984e53ab9c9016eabf8a548f9eec177d5d8b268e |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Readme.txt
| MD5 | 969c656269ca1f8437d76200e7620bcd |
| SHA1 | 80c6b239567b19e358250c8cbda9f100e6b0c28a |
| SHA256 | dad36f230fb9f65767b07006df1f73d04ad55863f17c1d0343771ce6c5e2ccfc |
| SHA512 | 030ba239643d0d2e68283ec428dbf916021b7e3939d2ad7df4ef7101cf581341e50b7900dd6aed32582df8c66539d0d5032106b9e41a95cf2886a25941f15941 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest
| MD5 | ce3ab3bd3ff80fce88dcb0ea3d48a0c9 |
| SHA1 | c6ba2c252c6d102911015d0211f6cab48095931c |
| SHA256 | f7205c5c0a629d0cc60e30e288e339f08616be67b55757d4a403a2b54e23922b |
| SHA512 | 211e247ea82458fd68bcc91a6731e9e3630a9d5901f4be4af6099ad15a90caf2826e14846951fdd7d3b199994fd3ac97ca9e325cf0dfeb9474aea9b0d6339dd3 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
| MD5 | 6bb5d2aad0ae1b4a82e7ddf7cf58802a |
| SHA1 | 70f7482f5f5c89ce09e26d745c532a9415cd5313 |
| SHA256 | 9e0220511d4ebdb014cc17ecb8319d57e3b0fea09681a80d8084aa8647196582 |
| SHA512 | 3ea373dacfd3816405f6268ac05886a7dc8709752c6d955ef881b482176f0671bcdc900906fc1ebdc22e9d349f6d5a8423d19e9e7c0e6f9f16b334c68137df2b |
memory/2824-141-0x0000000000400000-0x0000000001554000-memory.dmp
memory/2824-145-0x00000000732B0000-0x000000007333B000-memory.dmp
memory/2824-144-0x0000000073340000-0x0000000073363000-memory.dmp
memory/2824-147-0x0000000072020000-0x0000000072057000-memory.dmp
memory/2824-143-0x0000000073370000-0x00000000733DA000-memory.dmp
memory/2824-160-0x0000000007AF0000-0x0000000007C49000-memory.dmp
memory/2824-173-0x0000000007AF0000-0x0000000007C49000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\msvcr100.dll
| MD5 | 9bb5b55ac1cbd9cd721216a20c8077d5 |
| SHA1 | 830d6fe738aa1c6f698086e5465f6653389dcb9b |
| SHA256 | 26f4065a13ee406aba6de04099724173220b1914d0cbd2b4f713d21dd0d913f4 |
| SHA512 | 3388116a0193e306844cc69a80bea493ffbf7801f6cdc60594bb69262291ce3711b9bc0ec993a9cc550991efa1c39cb2df1aa13507a7f05140a0c5690bd633d4 |
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\nsm.lic
| MD5 | 7067af414215ee4c50bfcd3ea43c84f0 |
| SHA1 | c331d410672477844a4ca87f43a14e643c863af9 |
| SHA256 | 2050cc232710a2ea6a207bc78d1eac66a4042f2ee701cdfeee5de3ddcdc31d12 |
| SHA512 | 17b888087192bcea9f56128d0950423b1807e294d1c4f953d1bf0f5bd08e5f8e35afeee584ebf9233bfc44e0723db3661911415798159ac118c8a42aaf0b902f |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\htctl32.dll
| MD5 | 39501769937e6ac47c19da4de6598fa0 |
| SHA1 | bbb418775e310e580af75e3dbc350da6f7bb2c3c |
| SHA256 | 4f18c796b58078c86551fd3b1d81a10bd787ac7752774aa27d442daa7d4a9aff |
| SHA512 | e8bf4337afe706dc7656afa05c67e9d725d7508f56482a227b9587136f0731a7947b6cc1ccf88818db625e774f25efeaaac311b156e373abe9f2c74ffae7b3d4 |
memory/2824-175-0x0000000006920000-0x000000000693B000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\msvcr100.dll
| MD5 | 507abbe1875a21cc2aaa56eae5761227 |
| SHA1 | 5401aa1e78a3320f8b46dac6f2a5860db58f0cae |
| SHA256 | 2c1764c38a706793bfc0a9351371f7ea0fd692067cbda7060ad861a328e971aa |
| SHA512 | 608edec8daad10ab2b49da3de2846b9ee3b3fc8fae1975cbea90de91bc06c75fd8ad47f0f564d1c95ae22345b504f44f134e01b844dc5a980752f072908ff36d |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicapi.dll
| MD5 | dcde2248d19c778a41aa165866dd52d0 |
| SHA1 | 7ec84be84fe23f0b0093b647538737e1f19ebb03 |
| SHA256 | 9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917 |
| SHA512 | c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166 |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcichek.dll
| MD5 | a0b9388c5f18e27266a31f8c5765b263 |
| SHA1 | 906f7e94f841d464d4da144f7c858fa2160e36db |
| SHA256 | 313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a |
| SHA512 | 6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd |
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicl32.dll
| MD5 | 662c9b5556992d2b08b86ac199c349e9 |
| SHA1 | e30974fc680707204576521f900ac4f7e2f6dd28 |
| SHA256 | 44ff3e1be542d638b30dbe851d6b73adc8398638c58b4a773e41c41d44eca7fb |
| SHA512 | e413b343752d7216a7f7afc875be4a44ddda21b660c6acb00abb4f095907bdb6fbeafa83b7eff4d93b78eb1b82c9b46b22cf3601db8dbaeafe3e248d481e76b6 |
memory/2824-191-0x00000000015A0000-0x00000000015A1000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
| MD5 | 6f7235e1907e395ccdb4b157fc7148bf |
| SHA1 | 4718676ce76ea8d735aba32dc302c56d3fd81e91 |
| SHA256 | 67fc8156d0df93dfcd29b6c17f08f8f739d689d893b5a9d3295c8f2eaadaaa45 |
| SHA512 | f148f0f1789d475e292011f83e30630f6ca0f98dadb62d2013ebd8d0be52b76b5c4f831c20c053b65900640b560b6ccbe35018553b3b88cd2c3161c62d9fa468 |
memory/2824-203-0x0000000007AF0000-0x0000000007C49000-memory.dmp
memory/2824-206-0x0000000007AF0000-0x0000000007C49000-memory.dmp
memory/2824-209-0x0000000007AF0000-0x0000000007C49000-memory.dmp
memory/2824-213-0x0000000007AF0000-0x0000000007C49000-memory.dmp
memory/4976-233-0x0000000007090000-0x00000000070AA000-memory.dmp
memory/4976-229-0x0000000006B50000-0x0000000006B5B000-memory.dmp
memory/4976-232-0x0000000000400000-0x0000000001554000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll
| MD5 | 38480458d98d6535e402a1a1cb101cce |
| SHA1 | b3c89109a3f71b9b6ffbc96d4c61574124ba005f |
| SHA256 | fc28562905e3b46e27adcdffc4f9e72ca2145dc999323af6d399375549a2412b |
| SHA512 | b4a49b64e8fd302b64ab6bcb242c676b3693f6955cf9eec216fae0d6b9aedcb033bc317f3ae3e42cd9b7507610c116157b52c07a65fd0d23d619b054b939ae11 |
memory/4976-234-0x0000000072FA0000-0x00000000732AE000-memory.dmp
memory/4976-231-0x0000000006B70000-0x0000000006B89000-memory.dmp
memory/4976-235-0x00000000720F0000-0x0000000072F98000-memory.dmp
memory/4976-230-0x0000000006B60000-0x0000000006B70000-memory.dmp
memory/4976-236-0x0000000073370000-0x00000000733DA000-memory.dmp
memory/4976-237-0x00000000733E0000-0x000000007356E000-memory.dmp
memory/4976-241-0x0000000072020000-0x0000000072057000-memory.dmp
memory/4976-239-0x0000000073340000-0x0000000073363000-memory.dmp
memory/4976-238-0x00000000732B0000-0x000000007333B000-memory.dmp
\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll
| MD5 | 8305f04394005c2697a7f9e29b38056e |
| SHA1 | a1cbd0c9ca32b29c4fdc4be4dd1863c34687ce9d |
| SHA256 | 32929099c51546a30c244bf0f60f0563e4e58f1ad314e97c9bb672e2978a1b80 |
| SHA512 | e45917dd5d24344d2abbdb23dd9d456040ed282587305539ac1e3a6b1232ae985d29d5516210ee5467d5a77deaf1308d212a87e432a72edfd2279d51a025aa1b |
memory/4976-275-0x00000000015E0000-0x00000000015E1000-memory.dmp
memory/4976-276-0x0000000071200000-0x00000000713BE000-memory.dmp
memory/4976-293-0x0000000009050000-0x00000000090DB000-memory.dmp
memory/4976-292-0x0000000009050000-0x00000000090DB000-memory.dmp
memory/4976-307-0x0000000071200000-0x00000000713BE000-memory.dmp
memory/4976-308-0x0000000009050000-0x00000000090DB000-memory.dmp
memory/2628-331-0x000000006FA60000-0x000000007014E000-memory.dmp
memory/2628-330-0x0000000007360000-0x0000000007396000-memory.dmp
memory/2628-332-0x0000000007440000-0x0000000007450000-memory.dmp
memory/2628-333-0x0000000007440000-0x0000000007450000-memory.dmp
memory/2628-334-0x0000000007A80000-0x00000000080A8000-memory.dmp
memory/2628-335-0x00000000080B0000-0x00000000080D2000-memory.dmp
memory/2628-336-0x0000000008150000-0x00000000081B6000-memory.dmp
memory/2628-337-0x0000000008330000-0x0000000008396000-memory.dmp
memory/2628-338-0x0000000008460000-0x00000000087B0000-memory.dmp
memory/2628-339-0x00000000083C0000-0x00000000083DC000-memory.dmp
memory/2628-340-0x0000000008B50000-0x0000000008B9B000-memory.dmp
memory/2628-341-0x0000000008C20000-0x0000000008C96000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fn02bqqa.oko.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/2628-360-0x0000000009BF0000-0x0000000009C0E000-memory.dmp
memory/2628-359-0x000000006C7B0000-0x000000006C7FB000-memory.dmp
memory/2628-358-0x0000000009C30000-0x0000000009C63000-memory.dmp
memory/2628-365-0x0000000009D60000-0x0000000009E05000-memory.dmp
memory/2628-366-0x0000000007440000-0x0000000007450000-memory.dmp
memory/2628-367-0x0000000009F30000-0x0000000009FC4000-memory.dmp
memory/2628-560-0x0000000009EC0000-0x0000000009EDA000-memory.dmp
memory/2628-565-0x0000000009EB0000-0x0000000009EB8000-memory.dmp
memory/2628-593-0x000000006FA60000-0x000000007014E000-memory.dmp
memory/2824-625-0x0000000071200000-0x00000000713BE000-memory.dmp