Analysis

  • max time kernel
    163s
  • max time network
    174s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01-02-2024 14:46

General

  • Target

    WinIconMakerFreeSetup.msi

  • Size

    35.2MB

  • MD5

    1414b254f44bba8e17b01983dc22adde

  • SHA1

    a12059b028647968a03d9483815dc5c13bb4b841

  • SHA256

    474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045

  • SHA512

    1ea087707ab1f63af26950714d11376bd284984dca4069ab5adf5e35b766b82c6f65447d770ada792a4d1e334e6f5952c0f917e227f3b318986bea819f33e899

  • SSDEEP

    786432:XotrfQO1b8zWttlyhgMglwI4nFbZ2s7i4iOXmditJf0nnPl1x:4trPozWtPyhXJdi4i7EtW91

Malware Config

Signatures

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

  • Modifies Windows Firewall 2 TTPs 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 45 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Blocklisted process makes network request 3 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in Windows directory 10 IoCs
  • Modifies data under HKEY_USERS 43 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\WinIconMakerFreeSetup.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2700
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2636
    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
      "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Maps connected drives based on registry
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1528
      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
        "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1964
      • C:\Windows\SysWOW64\netsh.exe
        netsh advfirewall firewall add rule name="CPPlayer In Service" dir=in action=allow program="C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe" enable=yes
        3⤵
        • Modifies Windows Firewall
        PID:2788
      • C:\Windows\SysWOW64\netsh.exe
        netsh advfirewall firewall add rule name="CPPlayer Out Service" dir=out action=allow program="C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe" enable=yes
        3⤵
        • Modifies Windows Firewall
        PID:1212
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2676
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
          4⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2596
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1872
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000003B4" "00000000000004AC"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:1896

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\f777023.rbs

    Filesize

    14KB

    MD5

    6d99b5795eddee6dc6747b70affa7b97

    SHA1

    29dfb6d024e3dfe9b3d4b8f706c485ec6368b8c3

    SHA256

    802a5a12b08d89c626773d969e8a05d5f46e1d4d47dbe051c4864386a8df5ef7

    SHA512

    ff12ce84d31f82b0c6bc3c1d56a0060e24197748888a1b70e8c760869e40c033fc323898fd24cfc2607ec786d14d6db5804017780323bd0b06aae44c2d3f31fc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f8c0e0eb7ea6a94412043b04a31bbccd

    SHA1

    c4bc618072a968cf2f915daa18b1a7ed4f51a059

    SHA256

    6548d5e4cf19a9e24e2584c547804b1c590c88b2dc2209bea8e1a7261d132a1b

    SHA512

    b5d6d675b717d0d793633448d6fd38a62fc2ee65889d3eae8eb183e1e33b582d65d9c614b019a290fd03b586fe0080b21418c3a75abd9ca09fa62576fa6068aa

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll

    Filesize

    220KB

    MD5

    074091aef241b7eeb2e9d3c1a95a7b0d

    SHA1

    25f47619458ebc5183c6fa914a0a03c88e7439e9

    SHA256

    b179f958d4aaa99e0c7c1101b06e49c3001e7dc9796ffadfd65b96a5fdbeb538

    SHA512

    c20589c511016c804dc75a4d19bc162e2064bcfd5ad5755a960cf876b7a57ef0db385d7841c10e264a29270512da5648c740df7ecee6d81a04e427ab0f883ec5

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe

    Filesize

    408KB

    MD5

    63865737958c4cc0e26e0bc63126320b

    SHA1

    0ec16c83f988ef18314bfad82a0605d5d282851e

    SHA256

    38cee91fc73f7995aa52b7374e4ab3ee5c0f6b4ef5840d0c4e19a3340f1a9139

    SHA512

    385a12853ec751ed480c8b1476f456f3130e25fc500a56e0df74242f83ffb14e1b61f7e021f30c7c74d8d6e217727115f2d23e0bb608819ba001a6049b3e7f0c

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe

    Filesize

    64KB

    MD5

    e8798daef7e0c7895563ea617cc413ea

    SHA1

    8f6cf6ead9a99b8dac26ad6c60bd5bf6cdb611e3

    SHA256

    949a86ab77380051ee57d48591a4d41440551a9aebcbb6bed2ab38b6e0b80c6a

    SHA512

    bf9be5164e5e4a082aa4f1cd1a98f07c99c938f7b4456f97f98d3f421e6635c7a413e4feb14b8ebc3feb8421c62987b5fbc1943267498d440549c712de25a1e0

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Fitness.raw

    Filesize

    205KB

    MD5

    7e49fd08fecf1d32777431ce57fae981

    SHA1

    c215805ae915be0e9908e3d0ef25006aeb710756

    SHA256

    40a8c6b7c684072bd4fe2511571c9846c26b5c2b10a0e185347243dda02052b3

    SHA512

    3f554275c6d9dceea8766063027a04bbba30efef8965dbfc579b78fbbf617f843111db34a50f4f213e13b28dbd01333e301f5938f891ef99a925af158b942894

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll

    Filesize

    65KB

    MD5

    ee513613ea9ff54061753c9692e624f5

    SHA1

    5e9acd405d6ceca21e8c950a90105996306c0f46

    SHA256

    daf0272fdac6b5b49c6f73f14251180eac68bda29fc413bcf38085491702056e

    SHA512

    823ded107198d3b6e8cd4a03e419d96ed3b01c2a7429516d20fc4cdd2441de25d44fd3020beb070d7f016641ef5783dbd1840b91335a9a6759beb553aed1bff8

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ImageZoom.dll

    Filesize

    58KB

    MD5

    40d7fc3b2d0654937e3f90ca1132a2c1

    SHA1

    8766221aff314a4fb78fd32961206cd95ec494b9

    SHA256

    3d9b491cb3b98616a50885002daffdd4a0993276cb7b22d1d49f20a4ed64bcaa

    SHA512

    2edde540692a4a77622aa3d713e26a036c84af06c36c3f1ee7913e29318beb874367e0b49a9bccc03e71b62337e79bca60180d53b3c70e7bbb6f2ab3202f0293

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\License.txt

    Filesize

    3KB

    MD5

    cc5d000307075f7c16eb5cf2c8606c8d

    SHA1

    0169dbed302b8a3d142522e6bcb6040609d07232

    SHA256

    66014baaf612e3aa3084b0c9d7fd95041606f6157236ea10e80865e7cee4cab4

    SHA512

    d8cc2a3ae2bda1ad7d07f5ca4645c60d67bbb719ea8c42696e749604205b43fbb8630060924a486fee7f8f38984e53ab9c9016eabf8a548f9eec177d5d8b268e

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest

    Filesize

    524B

    MD5

    6bb5d2aad0ae1b4a82e7ddf7cf58802a

    SHA1

    70f7482f5f5c89ce09e26d745c532a9415cd5313

    SHA256

    9e0220511d4ebdb014cc17ecb8319d57e3b0fea09681a80d8084aa8647196582

    SHA512

    3ea373dacfd3816405f6268ac05886a7dc8709752c6d955ef881b482176f0671bcdc900906fc1ebdc22e9d349f6d5a8423d19e9e7c0e6f9f16b334c68137df2b

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest

    Filesize

    548B

    MD5

    ce3ab3bd3ff80fce88dcb0ea3d48a0c9

    SHA1

    c6ba2c252c6d102911015d0211f6cab48095931c

    SHA256

    f7205c5c0a629d0cc60e30e288e339f08616be67b55757d4a403a2b54e23922b

    SHA512

    211e247ea82458fd68bcc91a6731e9e3630a9d5901f4be4af6099ad15a90caf2826e14846951fdd7d3b199994fd3ac97ca9e325cf0dfeb9474aea9b0d6339dd3

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Player.dll

    Filesize

    21KB

    MD5

    9e137cbd50da2b9a4788f6cc1dcda62c

    SHA1

    4f38ef19170675bfb5b363196e712142bf90e7f8

    SHA256

    af49cc02f3063d95eac2ad2dcbec1c7361ed47a119a41e964ec7919d12258634

    SHA512

    4b9ab5a07d37cea841bffb178a682efb6dca728cc205ad081504bc1ead391bd1ca5f5a608e6cb673aadbc62247b0bfb99c7d15029c0091b6a2cb7e91bf2b1b2b

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Readme.txt

    Filesize

    1KB

    MD5

    969c656269ca1f8437d76200e7620bcd

    SHA1

    80c6b239567b19e358250c8cbda9f100e6b0c28a

    SHA256

    dad36f230fb9f65767b07006df1f73d04ad55863f17c1d0343771ce6c5e2ccfc

    SHA512

    030ba239643d0d2e68283ec428dbf916021b7e3939d2ad7df4ef7101cf581341e50b7900dd6aed32582df8c66539d0d5032106b9e41a95cf2886a25941f15941

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll

    Filesize

    25KB

    MD5

    ed5746c87fc7c3925933de2df866e7bc

    SHA1

    0a567c7b7d3cfabdc4de7ba0cafa1311652034d4

    SHA256

    c2f48eb3727040de5b8ea76875292dc86915a04836ca41ad1b30a2cb86e3eeef

    SHA512

    ea32f04b1bac637686ce605d1fe7ceb7bdbc032e9d893197473016e62985f77245c9fffb691c6f24ee8483b12d89e976d12e027eb179ace18246bddca2737fc7

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SharpWnd.dll

    Filesize

    5KB

    MD5

    a0bf8f3ce050efcdc441a40fa146d12c

    SHA1

    c12814cf6cfbd329ec2c0281ee598f704e5e3335

    SHA256

    6203260bbf3cc6a85c868d2a0c617296bdd966422d5b1d132f487aff305544d0

    SHA512

    8e8bb4131f3bb3868d65be1ab4bf9b0cf8d5db04f4a5f598b43d0ecb3d0813238e2a9ade0911029fd65506048153a801758892d86a871989a9f8ef3a23bac26a

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll

    Filesize

    183KB

    MD5

    094f00fa6024b0c5b3c5e87e708030b4

    SHA1

    dd30f7fec4508fa82c021f93bd34d07096574bdc

    SHA256

    286858dfb5e5361383db3fb4c9ecf3cd8e74983b777dc720ac5886db68d3a152

    SHA512

    1cc4aa959f8f6aa22c0fa4e906cad3c6794559b1cb66625bc68eb0cce072df78fca9e37fc8ce53503947b444bc1bbcb36b6270dee8fee1193063d995cb546c23

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll

    Filesize

    236KB

    MD5

    3c68bc2d1250f670213e4480a470e6fd

    SHA1

    295e6c4e54847b822364f49918186fa6f6656787

    SHA256

    2c3d8100cb48e764d5caa16a20295d23990a40b2bc0e2c39c882b61d16f709af

    SHA512

    0bc48e7e66f224f03db6bdc6f4a75228483128d207c7c27c7ead8de1aaa788578898066980ebf1e3947dba5f638800a037678876bbcc9790157c4cdbae865f1c

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll

    Filesize

    237KB

    MD5

    d708b3958ea4960cab57e998702c2710

    SHA1

    1920bd82c4dea8e07fb910b50c99974370b11648

    SHA256

    d00310bd7be306bc5d8c1515dfb0ee2ff9a6d4d5a4c0dd2f519c0614f353e752

    SHA512

    28e13ce7a0b0d1d3a88d42ec7ab07c89334a1ca361746efd04755da71503cc03a8b8dff897d08dab395c1118090e633b5164a1a9b1ae88dcaa3378629a9cfbba

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avutil-52.dll

    Filesize

    240KB

    MD5

    bae531c937ad52ae47854e27524b13cd

    SHA1

    7d19daea3db4c02e7cf69ade8eb8bcd1c1f4685e

    SHA256

    82cc263696dd1012f42ef0f95d68e99fbf9adfd2efead650d3ce7984032f7e68

    SHA512

    9754a497cdbb8bebc7a18a2fd6095d9f7ee4b28d72f83f567a9b951c5615433c04083e31389d9f173798c3cefe45239fd605631c3f419b2b07040846de350514

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\awebform.resources.dll

    Filesize

    110KB

    MD5

    61e797e9c5e06798ecdbfc2e7e6ddf20

    SHA1

    c758d54447a870921021cc07fa8c611a73dabd8c

    SHA256

    fad4d2e938d97e3f999f2d9cd78d39e4587f3205d5abaa873db31bd53405de85

    SHA512

    300315bd625a458d8f91f44df4a7739824faa69c3110405d2a7582a1541e79f22af6cd00f0177263cca76507e42e2bbf888fed9082dd67353f0a39b0a9cf01a2

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll

    Filesize

    274KB

    MD5

    338e5391aed284646a4ec00e3d2b20a4

    SHA1

    dba92fe5ed4231e9e16294f8aa37d8a4b71a71aa

    SHA256

    13de7a2a1aba1fc808d61b6fffd67146472a1791a9332cd7b8c0598f4c3d820f

    SHA512

    5f9e4ef1d0180a173bac590b2cd209abf5267bfd6432ef8dbc7227f811a1d78c2ce4035a0079a6bfdee59fcc4813ee2bbb2257d3e0ee613c0d96653451c44f84

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corem.dll

    Filesize

    36KB

    MD5

    c3af226e81dd9b5d5d5ab08c67ca458a

    SHA1

    aa3007573ccb7d6526a9ac2453f0713355fdd236

    SHA256

    3c522331f81843b7f98de3b84009a3142ac0f3652d87308dc1452a026f311dd0

    SHA512

    296806d0857697dcb2f91ec60e02401871ea8ac9e104bac057faf0342897efd04e98b51148b415439808e218ac93ac3aba907263fea2f965a1b38d7c9efb34e8

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corez.dll

    Filesize

    92KB

    MD5

    355f1b97cad97743a8e70dd2803e2f9d

    SHA1

    c7c12bc74483874cbdd39343d149509be355c2d9

    SHA256

    00d4986dfff92cfdd45576da9100d49f374a8dba1a476cfc8dc7cf50f5a6735f

    SHA512

    eb7f8d7b68ab01a95de5aad0023fc4c51c3828138610b488c92ca3ab5c320305f295467972b542c7fe436d08e21ba7926a997702e4383ce5f4cbc674f62479b7

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\nsm.lic

    Filesize

    257B

    MD5

    7067af414215ee4c50bfcd3ea43c84f0

    SHA1

    c331d410672477844a4ca87f43a14e643c863af9

    SHA256

    2050cc232710a2ea6a207bc78d1eac66a4042f2ee701cdfeee5de3ddcdc31d12

    SHA512

    17b888087192bcea9f56128d0950423b1807e294d1c4f953d1bf0f5bd08e5f8e35afeee584ebf9233bfc44e0723db3661911415798159ac118c8a42aaf0b902f

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll

    Filesize

    75KB

    MD5

    4929d4ac3a205dfd99442b3c8703a3bc

    SHA1

    4c103c3629a55998e3d3de5f8a40195221234d38

    SHA256

    1a4855fca2f0cb64cd9a78b3daf4dc2e17899192a0e42f9170255627ad5b1966

    SHA512

    9374d2aa9aa8331f7dea8e3dfdbb1e39b5deecdacb38345b31d78e7b215996168a650114bb72e8565ab4ba10fa6c49fa17c75de9875297c288a23cc4dc008b1f

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll

    Filesize

    80KB

    MD5

    2eb70e48e3d2a33b0fd782739e0074d7

    SHA1

    b49408d9036d715493745343c735967f70754cd0

    SHA256

    9fa6b72f247e0317b9ed03a5eaea14d8bddc5d1acd301844e20135341d09cc99

    SHA512

    241df9fa8ff7c3dc675fd3ad9ae433d12075ffb7f45523c578a8ae00104ec94d97582cc4dcba0aec1905073c63f28a48f2d002dd7152b7ab6810ffc4e64e08e6

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\templates\bank.wav

    Filesize

    131KB

    MD5

    3df344eee0bc793e97eb81cf78e15257

    SHA1

    461d658ecf9a2a881126b51aafb05651244db60c

    SHA256

    f4858a2db9a3df91ec668cfa87a1e1339582c1fc8fb3da7d7f67562c9673fc86

    SHA512

    b8104dce314ca59e2522f7319663d1cfa2986dd3571d45bc0272def6eda09c1d5fe8e7fd38d95635067bbfc10e94f2ff380d0791881d7f9432bcc51a15701dcd

  • C:\Users\Admin\AppData\Local\Temp\CabE458.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\TarE4F7.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

  • C:\Windows\Installer\f777021.msi

    Filesize

    355KB

    MD5

    57f93335715feb1be80795df85021f08

    SHA1

    15f6f9981f64b935981d70803b2b726733f1dc4b

    SHA256

    8c539c8c60f21ba4789e2abbf7bec73c7bd67280697e89fb184f49acd23b9a0a

    SHA512

    ee7e7f8901859c313b4e5bf99dd706c0b483e6169dd4a26008825384ccff847e03db1b3d34779bd895fea0507d1a266e939481915f9cf2ec33bee054fd96ec51

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll

    Filesize

    334KB

    MD5

    b8b1f7b230ff3d7d4151e561734a8b89

    SHA1

    9baf58b394e3330f2dfa823068cd5ddc07f0a39b

    SHA256

    ca9fda28cad39b1c66e6c28541d6e73c3a6c8a98ebfb8380ff99af2f07ac8470

    SHA512

    fcf9d13a27adcf0a74685f152385b62efaf7823857683a837f8fdc98cdadd05f716e5806ff49fd95729ef998b3f705620556a98d4bf8bbd6409a9af9a28895e2

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll

    Filesize

    1.4MB

    MD5

    5f6154154abdad46889e47b993f87647

    SHA1

    d18f4fef21f531b0392bb9fe0a2063aa7c4dd47b

    SHA256

    aee692ac10e2a2f87da38c9b97714fea21a55c06915a298c0a5d242659338a41

    SHA512

    9f7783ee2de60a559473ad8235ad64d801d27f5b2e428408f29d10773c4ac95eabe2c8a9e6e145db1ce1ee694fd696e0396797415ebecc91946f335e0a93a909

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll

    Filesize

    37KB

    MD5

    e0413b535363440ac5031db8ea9a75ed

    SHA1

    43328aa2000740416cf7f8475d573053a2f97adf

    SHA256

    1cc5468c0c16f24db435c2d21c0874b9ee26ab6b517c28366d43c51eea39a34d

    SHA512

    ed84a0ad8be20fed412a89d5020fa5079721206b6d1e7de62a6433b97d5ebee3d458d02791e54a1268a356e42e0ec6ddf7d6631dc1fcdda9e9e8b9f53b6e0bac

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ImageZoom.dll

    Filesize

    85KB

    MD5

    7707f9a473a8b76e2e45ecf9eca9373f

    SHA1

    8ab746e832a624a19accbc258826f3e9efa5b58d

    SHA256

    77ca67cf295ad97132717ddd0193c2fe2dfc78742ead75214bcf10362289fe3b

    SHA512

    ea134eeee5d07c96528f612089a42a902b5a02c9791de124edc702b4dd3f08088046c04b1d601a15d0c0fadda46c8edaf69031109f283336ebfd9d08fe78ba76

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Player.dll

    Filesize

    34KB

    MD5

    cc1ae9416404f956d504e3097175418b

    SHA1

    fa6a0c4cc028dafdce90b75a1f5e4e7c57fe7e12

    SHA256

    23152750c57f33ee7647b182a33a28a9ec791800b4ff49b0210cfdba434c08f5

    SHA512

    8cd5bf544416ca6488478ade204ebcf12336a737e1579494a25bc47aaee7fd2eba6de74050065ceb4a7fe7f7f83958122eeaaf4d0436e84700885d4535e9f85e

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll

    Filesize

    37KB

    MD5

    a1be2e85f5e83eef973635da4a09d35c

    SHA1

    21b729ba1e660109ea894b8265e38228e45c3922

    SHA256

    3738697facd962bd399f72f39205bb68984976077f06aca5cc7468c3d85eec60

    SHA512

    06d47e2edd4b79200c6e12a1db9364d9509d1d85d44b8e92ec9f4e8493df322acad21dcd3376c13377494903e6670e14d4fbe5ba16785c5c4d13c1d953ed92da

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SharpWnd.dll

    Filesize

    18KB

    MD5

    7370490e1da3b929ebd4287875ad5914

    SHA1

    a598d8c11905464414e8b741fe080be08507351c

    SHA256

    6602c4a3115a1b3a8a56cfbc7402936f8dad7627dcd6a9fa224dbe9b7ebb2434

    SHA512

    6f1cd820907e58b47ea0c4b36a7b7cb1fb45ff7393833daa424d51a52741957eb437dc33d1a61a77880069b4522fa777e0f84eb89e067da7e176db20f93bf887

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll

    Filesize

    328KB

    MD5

    3e98c3e0de47ccf36c1af7eebe5969ef

    SHA1

    ec781765ae9b074f8d0993a0d890b071f3c4439d

    SHA256

    dcbad205fecd66dd4e0b249f6cb938c6aa4db288f5e225061cb029b1be85c574

    SHA512

    66d4edccf5fa1b50d595656adf4099d12d9f09b107c1bd84a8aae95e1f89134dafd59e9c74ff79591dc9ab2549fcf4e52758741b84ff5a342d999b522a257216

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll

    Filesize

    867KB

    MD5

    5e269d64045e0df6668063e6df02014d

    SHA1

    f572aef6a0fa5eb3ac58e29b3f2f8063101a28f9

    SHA256

    861c6e12dc1dac24a41851ac728c1e1fb9cdab5286c4fcb9474b5c04878db3b8

    SHA512

    fa3c295cbc0737e09771caa1ad99a2cc8d43b87941a3ca8935a3efeeae31a5cac213679ea105b2e9ae1351f19a85d2f7537ab13a0ae90bc9f51c034b21614131

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll

    Filesize

    196KB

    MD5

    aff1bc827c7d48cb647ddac23f5e09f3

    SHA1

    3d58299964ba60132d3627cb70bba8438d2831e1

    SHA256

    a223336cf22220752088b7a87bbb8d10f208737877500f82a72ab0547f9cbe66

    SHA512

    8e3d041cf5d1b3187243fec1b13f2d00b412d29feeb03dabb525d0cceb96e755c586fe613bdecb6d6e1e39a6aaf9bd645d516875a4131f66abfd3faabde537c7

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll

    Filesize

    1.0MB

    MD5

    dc2794d7a15488990bde6768c0e0c49f

    SHA1

    a07d0e61500ef10d15ee74a55ad2a78a238a24c6

    SHA256

    dc4434162b4f1e94b205c67efdfdd0bf1db9f876fd224b6d83974c7aca409496

    SHA512

    ef4eb12c47da38c1d42712be2c3a0406e7d28c4d8c644ee0a9049862e51cbf59b117179f7d0027289a7476516af6a69b4437d7e58fa3587362bb1d6cf7c75524

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll

    Filesize

    134KB

    MD5

    19ee3844806815a353335ea445832b6c

    SHA1

    1e05e1642c9f788efa9298fecea77210cb821403

    SHA256

    27e7d40fc3496106359b9f189da073c92a3fc9da92d666fbc024f99f44bef6ed

    SHA512

    8f021c11dc4c3ab12cc113a5a86cec4ea27b9ab674ca208a6a2999227e80005f268964085c8b909a7fe23060cf952a11d4d6704e28d750a32bb404f324766608

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll

    Filesize

    986KB

    MD5

    30b7fdf2c773349ba048f9ff5e576c49

    SHA1

    24eeaf7534b1f83bd4502aecf5fbe7116ed8c7d0

    SHA256

    a1207efb566aa4b0993b8f2bf55fa2ac0e46db3a6c2671e3e8e180aae3ac2297

    SHA512

    5cabef903a71600fdb0bd0f922d6cecf013b41a3f2aa29a245114eb5d84c865db319dec40a48a0c32886bb06862e55df7f41c6a70c024abb00c6ff1dd4e4687d

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avutil-52.dll

    Filesize

    282KB

    MD5

    5fb3a0307fe16f27c4ca1f6e38560fb5

    SHA1

    70781f6ac942bcce18b06f871ac4d19b48f6cc45

    SHA256

    2b1c3aa93401e90678e3274fe5163da96d461b54fcce11fe62dc7f41b5eb2261

    SHA512

    49619ffa35bef4e46407aa091c8d12040a02b1bf3da6df16d0f1f86261b953c586b88f051b1ce8fc3051aaf78289b6fddfc3f75ad398bdf61ca784f699e840c2

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avutil-52.dll

    Filesize

    327KB

    MD5

    f832d24b70a2f4583c57a5fa9b6f0d68

    SHA1

    092ce5cb6bfe6eadde62c4cfb911eab2474196f8

    SHA256

    67a0f7d47ceff1407b9c4851032346a9b81a75fee6569274f15d092610f04cdc

    SHA512

    41048c023871b485718ae219f0d79bbe01a0704f8d2107d68ead2262e3f66737718afbb636b02109d1a2b427aab04dd394ef82d8014298fa3fdee0c61bfab185

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\awebform.resources.dll

    Filesize

    235KB

    MD5

    1df3587eb803ff1e6554cbaa1b1feec4

    SHA1

    f95eb66ac50bd3a03f714172624892c33b5148fc

    SHA256

    52bb164ea074ed61a5842ee596203100f4b553697bcb7035afe6871d67a96671

    SHA512

    a43b0b00dfc4e9cd5b3b91c5b716fd1dcf07b32e7219dc9d2f253c8c5da051725d9edc60d891468cf0b9507ff576b1300e755a72030c1aa7e45acac65d1bc9d5

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll

    Filesize

    130KB

    MD5

    0c36ea27f64a7da427ab112d50d2d42c

    SHA1

    2aa4a718eec953b8309503095834c94cf76fc6f1

    SHA256

    09081236918db3e0caf00ce7f4b1c93a796fc2aeda4216f5878fdfb8d0bcad63

    SHA512

    568b54eb129220ef2520bd9c46342de9240fa0e79a493c9498c64239c58dc40be4d99eafdb34e8f09f85e2f55eca80eeae69312ca03a275b73635a5dbdb1da77

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll

    Filesize

    840KB

    MD5

    105f1422d855dfa6e4569383d17e50e3

    SHA1

    7c0b7246a3313430e330bb27cf0550324f199d56

    SHA256

    843cd53a13e51259997cdcd0a0f5bc9b86d6da8cf9eda22e3bb46855956b1161

    SHA512

    d33c0bc5e73fa1fc015908cbff2b91cf6ae16fb3fd0d93e2a2396b60a7fc0037a895b98ea1e295a5866ff1c577c7fd199dd91184c7381ed1edd63d71ca91699c

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corem.dll

    Filesize

    52KB

    MD5

    71f601f8151e34ef31307ab4e46e902d

    SHA1

    1f3d312e2f4755b7f2decca1dedb91bc795288ea

    SHA256

    deac6221d0abe480012e836e5e9dd915828ae55401f0c46fb7ce8049c380c698

    SHA512

    377e6c9540616cad77cf151a31f6461338910d441a12b26175d8bcc2020eba83f621b0df1756123b58fb4358786fcb6a3e187af11123f100a91255218a616aa9

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corez.dll

    Filesize

    89KB

    MD5

    258c140a5e8f5189110ba52232ce7583

    SHA1

    9645136f8d75d0cc93629e7589880b29a56d1707

    SHA256

    2d1d2c2741dc8cc5cc0d92e5f4025b7f28ed834f15386c320e56b009bc94f3c2

    SHA512

    837616edf9238c2b969d6f60ecc97a32ed5e176df40a5b177e65c2d8c859891538bedb120b8da32efe6feb3b6f5bd547ac53c9ece6a3c049bc7f4ed035aa8274

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\htctl32.dll

    Filesize

    320KB

    MD5

    2d3b207c8a48148296156e5725426c7f

    SHA1

    ad464eb7cf5c19c8a443ab5b590440b32dbc618f

    SHA256

    edfe2b923bfb5d1088de1611401f5c35ece91581e71503a5631647ac51f7d796

    SHA512

    55c791705993b83c9b26a8dbd545d7e149c42ee358ecece638128ee271e85b4fdbfd6fbae61d13533bf39ae752144e2cc2c5edcda955f18c37a785084db0860c

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\msvcr100.dll

    Filesize

    648KB

    MD5

    94f12483485c17df15de92e2fbc45d83

    SHA1

    61b8350e8ae9ecf08687217d06dc5a54863e2a80

    SHA256

    275d6cc02a70460afabc273bee90818e5cf1631a1292295511899f5e36adf2d4

    SHA512

    697f8e5021eae8d54b52d51fb3e0d2aa86b076ccc2f39d5c33169c18e2b04b02cd54e1a4a4b959237643612773382cb2c0dc5acb9db9437a6e880a1f4936cce6

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicapi.dll

    Filesize

    32KB

    MD5

    dcde2248d19c778a41aa165866dd52d0

    SHA1

    7ec84be84fe23f0b0093b647538737e1f19ebb03

    SHA256

    9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917

    SHA512

    c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcichek.dll

    Filesize

    18KB

    MD5

    a0b9388c5f18e27266a31f8c5765b263

    SHA1

    906f7e94f841d464d4da144f7c858fa2160e36db

    SHA256

    313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a

    SHA512

    6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicl32.dll

    Filesize

    647KB

    MD5

    3f674d98c51dddc948b460c49e291223

    SHA1

    17915cf6668cf9712c3c9e3f631b20d0c79b95cf

    SHA256

    5602f0d72d519041434bea902a4fe7b5970bc844ad8cfb5378e2dda8036b9fb2

    SHA512

    dd98c1dba35e4f74772d75996fc11f5162809fbbdd506ed6d26600748c345376ad3e296bc2bfbc2eb96bc0a10b12cf2073b6b2463b9c4858f8a97f8e3f531476

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll

    Filesize

    152KB

    MD5

    b2ee747e65d4f177c77b6a722e4a31a9

    SHA1

    04777f404901a07b7052d47e9633bc3c2c794770

    SHA256

    69a407d078e9210e0d812853482ff61284af988cf4252e147b96467b0d1350dd

    SHA512

    c6a40b145f537114ccf0d0677cf860aa3aa27ef02a1ca575b0ed963ed97bec400eb82704417f13517a1cfca748e2a75afe50979700b641b40151591aa9b0237d

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\postproc-52.dll

    Filesize

    185KB

    MD5

    f75d1b175e1687ee0a9b9e4a7abd123b

    SHA1

    026f4db79aa8db651964acf17233302d1809de1e

    SHA256

    72180a408b13b7d98c0bc2395b886a5c3aa0b2dea39ef081e193f60ef373365f

    SHA512

    200aec20c95b1ec2e7d1bb33ed89d846a128847b82c9d09aa2788b258967e750718414f05bdec0cf2e4f9c7af697404e19caccac354a1a62db52e76c6a45886b

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadGC2.dll

    Filesize

    68KB

    MD5

    6f346d712c867cf942d6b599adb61081

    SHA1

    24d942dfc2d0c7256c50b80204bb30f0d98b887a

    SHA256

    72e6c8dd77fa7e10a7b05ef6c3e21d3f7e4147301b0bf6e416b2d33d4e19a9c3

    SHA512

    1f95a211d5dd3e58d4e2682f6bf2c5380b230e9907e2882097b77b99520cd2c788f43ad2abcce617dd8ded0043e4ef1c8b6e083c44688b23109868e6cdd2364c

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadVC2.dll

    Filesize

    44KB

    MD5

    54aeddc619eed2faeee9533d58f778b9

    SHA1

    ca9d723b87e0c688450b34f2a606c957391fbbf4

    SHA256

    ee15e6e3f82c48461eb638c1ea11019ae9e3e303e067e879115c6272139026e7

    SHA512

    7cec39f32804109b3d502027d1ec42a594c1e4a2d93512195c60bd41aad7e32a8b0eb21a0ee859fecb403ee939eebc4608d9d27a4002b8c282de32f696136506

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swresample-0.dll

    Filesize

    101KB

    MD5

    77bceb240f65c91d26299a334a0cf8e1

    SHA1

    de9d588a25252d9660fe0247508eadfa6f8a7834

    SHA256

    d179c01c646d821cf745ae5e66ffc7ed394a61a595ecc2bccf27dc144ba91a2c

    SHA512

    b380b592c39fd22302fc4a36aa6f773a79253230f0dd73ad129500654dbdf24c5a0b0ae3b2a4ffd762da4f9705a0c8e48ad4372d85cdb6271c5d3f315c82a281

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll

    Filesize

    270KB

    MD5

    fad029ba38baf5ae1093f03a5e101fff

    SHA1

    99505a53e9f96405e799724502faefe0658743ff

    SHA256

    e11a3baec584ff516fd07e6d013ac03f4477b871cc67d6803dbd3eaffc10a0e7

    SHA512

    2905c2fd0cbf695f465338760f5ee79887cdef1706d7897e704217d3a695fc88be0b6854bada87f9582d87677cad210edefad4a474efefe5d1dab818d17698df

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll

    Filesize

    490KB

    MD5

    2985c39796fb4a5f4357a1a7a134ad45

    SHA1

    305dc537a03e0137a529dc30bfd2fc6c185402a3

    SHA256

    4f17b1ceea162390f64f54a3d13de4bb9e553da1e51ae7061545b7843ddad9ca

    SHA512

    4764dbf01defe417d587adbee16901bf374e0548d4a00f4f977f058dbe00c54712fd25162e1bf1986b55521cc2f005e7ed8e78db15e6cabfddc6b6924ec423b8

  • memory/1528-178-0x0000000000400000-0x0000000001554000-memory.dmp

    Filesize

    17.3MB

  • memory/1528-146-0x0000000005B20000-0x0000000005B3A000-memory.dmp

    Filesize

    104KB

  • memory/1528-185-0x0000000074520000-0x0000000074557000-memory.dmp

    Filesize

    220KB

  • memory/1528-193-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

  • memory/1528-208-0x0000000007120000-0x0000000007279000-memory.dmp

    Filesize

    1.3MB

  • memory/1528-182-0x0000000074720000-0x000000007478A000-memory.dmp

    Filesize

    424KB

  • memory/1528-222-0x0000000007120000-0x0000000007279000-memory.dmp

    Filesize

    1.3MB

  • memory/1528-224-0x0000000007120000-0x0000000007279000-memory.dmp

    Filesize

    1.3MB

  • memory/1528-183-0x00000000746F0000-0x0000000074713000-memory.dmp

    Filesize

    140KB

  • memory/1528-138-0x0000000005AD0000-0x0000000005AE0000-memory.dmp

    Filesize

    64KB

  • memory/1528-234-0x00000000064C0000-0x00000000064DB000-memory.dmp

    Filesize

    108KB

  • memory/1528-175-0x0000000007120000-0x0000000007279000-memory.dmp

    Filesize

    1.3MB

  • memory/1528-173-0x0000000007120000-0x0000000007279000-memory.dmp

    Filesize

    1.3MB

  • memory/1528-112-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

  • memory/1528-244-0x0000000007120000-0x0000000007279000-memory.dmp

    Filesize

    1.3MB

  • memory/1528-245-0x0000000007120000-0x0000000007279000-memory.dmp

    Filesize

    1.3MB

  • memory/1528-162-0x0000000007120000-0x0000000007279000-memory.dmp

    Filesize

    1.3MB

  • memory/1528-250-0x0000000007120000-0x0000000007279000-memory.dmp

    Filesize

    1.3MB

  • memory/1528-254-0x0000000007120000-0x0000000007279000-memory.dmp

    Filesize

    1.3MB

  • memory/1528-186-0x00000000742A0000-0x000000007432B000-memory.dmp

    Filesize

    556KB

  • memory/1528-141-0x0000000005AE0000-0x0000000005AF9000-memory.dmp

    Filesize

    100KB

  • memory/1528-153-0x00000000733C0000-0x0000000074268000-memory.dmp

    Filesize

    14.7MB

  • memory/1528-154-0x0000000074D50000-0x000000007505E000-memory.dmp

    Filesize

    3.1MB

  • memory/1528-135-0x0000000005AC0000-0x0000000005ACB000-memory.dmp

    Filesize

    44KB

  • memory/1528-161-0x0000000072C50000-0x0000000072E0E000-memory.dmp

    Filesize

    1.7MB

  • memory/1528-160-0x0000000074560000-0x00000000746EE000-memory.dmp

    Filesize

    1.6MB

  • memory/1964-290-0x0000000005D50000-0x0000000005D60000-memory.dmp

    Filesize

    64KB

  • memory/1964-291-0x0000000005D60000-0x0000000005D79000-memory.dmp

    Filesize

    100KB

  • memory/1964-292-0x0000000005FE0000-0x0000000005FFA000-memory.dmp

    Filesize

    104KB

  • memory/1964-289-0x0000000005D40000-0x0000000005D4B000-memory.dmp

    Filesize

    44KB

  • memory/1964-278-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

  • memory/1964-267-0x0000000000400000-0x0000000001554000-memory.dmp

    Filesize

    17.3MB

  • memory/1964-293-0x00000000733C0000-0x0000000074268000-memory.dmp

    Filesize

    14.7MB

  • memory/1964-311-0x0000000072C50000-0x0000000072E0E000-memory.dmp

    Filesize

    1.7MB

  • memory/1964-310-0x0000000074560000-0x00000000746EE000-memory.dmp

    Filesize

    1.6MB

  • memory/1964-309-0x0000000074D50000-0x000000007505E000-memory.dmp

    Filesize

    3.1MB

  • memory/1964-322-0x0000000006600000-0x0000000006601000-memory.dmp

    Filesize

    4KB

  • memory/1964-321-0x0000000007ED0000-0x0000000007F5B000-memory.dmp

    Filesize

    556KB

  • memory/1964-332-0x0000000072C50000-0x0000000072E0E000-memory.dmp

    Filesize

    1.7MB

  • memory/2596-363-0x0000000071AD0000-0x000000007207B000-memory.dmp

    Filesize

    5.7MB

  • memory/2596-364-0x0000000000280000-0x00000000002C0000-memory.dmp

    Filesize

    256KB

  • memory/2596-365-0x0000000000280000-0x00000000002C0000-memory.dmp

    Filesize

    256KB

  • memory/2596-366-0x0000000071AD0000-0x000000007207B000-memory.dmp

    Filesize

    5.7MB