Analysis

  • max time kernel
    151s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-02-2024 14:46

General

  • Target

    WinIconMakerFreeSetup.msi

  • Size

    35.2MB

  • MD5

    1414b254f44bba8e17b01983dc22adde

  • SHA1

    a12059b028647968a03d9483815dc5c13bb4b841

  • SHA256

    474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045

  • SHA512

    1ea087707ab1f63af26950714d11376bd284984dca4069ab5adf5e35b766b82c6f65447d770ada792a4d1e334e6f5952c0f917e227f3b318986bea819f33e899

  • SSDEEP

    786432:XotrfQO1b8zWttlyhgMglwI4nFbZ2s7i4iOXmditJf0nnPl1x:4trPozWtPyhXJdi4i7EtW91

Score
10/10

Malware Config

Signatures

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 55 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in Windows directory 8 IoCs
  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\WinIconMakerFreeSetup.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:5108
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3240
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:4236
      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
        "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Maps connected drives based on registry
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:2920
        • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
          "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:4336
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 1608
            4⤵
            • Program crash
            PID:2384
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4588
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
            4⤵
              PID:2496
      • C:\Windows\system32\vssvc.exe
        C:\Windows\system32\vssvc.exe
        1⤵
        • Checks SCSI registry key(s)
        • Suspicious use of AdjustPrivilegeToken
        PID:1816
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x4fc 0x50c
        1⤵
          PID:2128
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4336 -ip 4336
          1⤵
            PID:4160

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Config.Msi\e589026.rbs

            Filesize

            15KB

            MD5

            7bd67021a175dc357019fe5f5934a97e

            SHA1

            e0439fdc1fbcd06a52926262b6f16b6a4c48456a

            SHA256

            52dea92d7d7a962b46272fe01d9a262e47fffbbee0e9250de0359c41fab44660

            SHA512

            9d17b692e9e03a0995d34704b3f2b6792887fbb59436cef20a337a1b5df7bb07b5c1213fb4740cb8e382ebe54e80ff69ce562be39434ab26d37ead2f81c06e75

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll

            Filesize

            3.2MB

            MD5

            00098438ab2cc364ce45d98902fb2b2a

            SHA1

            2a88a24a659f9a7962a4b6602b96d12249d2c790

            SHA256

            bffea8bdb7811b3d52473c07ef2c539dcac00df6bce60c7cafebf8c7beefa52b

            SHA512

            ca430ad171f53bbf3e7d670a9ba2961e3a0777abb640fa64cb722a1eb434f4c86bb71e2b3f6be9f1e3081e13a21fb38fb491a53134e9ac84f71c5fec237abf5b

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe

            Filesize

            2.2MB

            MD5

            1162d5dd4c516bf2a942a64dfed19859

            SHA1

            739c3ece91d29189ef98cd0e6dbf1a52c6b295c3

            SHA256

            c1218f70f6b8e17bcfb4c683acd2c090a330537014418217699b2c27887542a5

            SHA512

            8987dcdba0bbb393ca4c9c03f356dcdbf4da263a0cc05ffc0b9ff73649a42fe0e95bb2255a552e940c36c52db6f74553ca634e9cb8e5d94e162f4ab5d54932e7

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe

            Filesize

            17.3MB

            MD5

            b39fb3cf854f8628c2f38298e0965687

            SHA1

            5931c9f88231e2cbb86010224a4d8604809e7fc7

            SHA256

            fa203e315d9cf5190da708dea03ff34c1df172c992df671aa3db2f5513a70d76

            SHA512

            133c98145e4bc2012198593bfe23c0b3b965a69e3bec7eab4718832daf9013cbe96f040acd64ea0b1d46631ef96c1f779b7f0d5b1b5ca32c14b20c5b8995c2b2

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Fitness.raw

            Filesize

            5.8MB

            MD5

            67565ca5e464eb4cf970fcff3d73d28a

            SHA1

            9ad642857222691f9e532727233d42a2ffa98330

            SHA256

            f8f5766d57653559927075c6328e613ea292a4da0e185feafbe3d353ef9cb27b

            SHA512

            7123d2177ec3250c85870f4ab51799ae506ad711528c298963396d5b90d93260bbeacc085b4d7a93c640a35b0d2de3873e72a8f23f75ada3378fe7ab34cc422c

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll

            Filesize

            543KB

            MD5

            3e837b82501aa2f90cc774890656d02b

            SHA1

            a62e967c006f6bf77fbe489b01ea30993e55fe5d

            SHA256

            c85ca44b1ff1ad0af0ca3daf5f2302498846f3fdc2f48c6c7262f08280c6f5fc

            SHA512

            a4a55fc0ef6ae87c5c73489993e2dc6e0e36f783de79dd7894966df3ebe13ae8341a5fe15dd0e26c72865b4a936247f34b08342769edd0a94ba2b90164b0d27d

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ImageZoom.dll

            Filesize

            283KB

            MD5

            b01a100820095dc05fdaa0d1c3b5ca14

            SHA1

            70af3c7337248cd4dc8c65d5ba1d18d3fba926b0

            SHA256

            ee7205fa96539f9d9e62f5a403a06004c6c7235b7caee368dcb0db3a765c21ad

            SHA512

            883891959202294edceb3a6360f450182d59e097bb4b0f9fe18b5316c6591aee04d0cd5bf01c1b23d1727b59eeee7c148e56eea2a7436902170993318386933a

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\License.txt

            Filesize

            3KB

            MD5

            cc5d000307075f7c16eb5cf2c8606c8d

            SHA1

            0169dbed302b8a3d142522e6bcb6040609d07232

            SHA256

            66014baaf612e3aa3084b0c9d7fd95041606f6157236ea10e80865e7cee4cab4

            SHA512

            d8cc2a3ae2bda1ad7d07f5ca4645c60d67bbb719ea8c42696e749604205b43fbb8630060924a486fee7f8f38984e53ab9c9016eabf8a548f9eec177d5d8b268e

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest

            Filesize

            524B

            MD5

            6bb5d2aad0ae1b4a82e7ddf7cf58802a

            SHA1

            70f7482f5f5c89ce09e26d745c532a9415cd5313

            SHA256

            9e0220511d4ebdb014cc17ecb8319d57e3b0fea09681a80d8084aa8647196582

            SHA512

            3ea373dacfd3816405f6268ac05886a7dc8709752c6d955ef881b482176f0671bcdc900906fc1ebdc22e9d349f6d5a8423d19e9e7c0e6f9f16b334c68137df2b

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest

            Filesize

            548B

            MD5

            ce3ab3bd3ff80fce88dcb0ea3d48a0c9

            SHA1

            c6ba2c252c6d102911015d0211f6cab48095931c

            SHA256

            f7205c5c0a629d0cc60e30e288e339f08616be67b55757d4a403a2b54e23922b

            SHA512

            211e247ea82458fd68bcc91a6731e9e3630a9d5901f4be4af6099ad15a90caf2826e14846951fdd7d3b199994fd3ac97ca9e325cf0dfeb9474aea9b0d6339dd3

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Player.dll

            Filesize

            84KB

            MD5

            08c68e4121ceeac71745015bf17126cc

            SHA1

            103792ab800377092aabefbf4b94d0a882afdc3c

            SHA256

            e18254dd1e074eb57971d91ab62502611dee96aba1203f2b21810d8d0e761b3a

            SHA512

            d66c9db8a876260f4b86604dd71a52b72dd91d79b7d1da711c45577b0dddbda8e46802f6184c2cd63a202f58cdb04d51da865968b7b203b8c5c2a76a8cfb5bce

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Readme.txt

            Filesize

            1KB

            MD5

            969c656269ca1f8437d76200e7620bcd

            SHA1

            80c6b239567b19e358250c8cbda9f100e6b0c28a

            SHA256

            dad36f230fb9f65767b07006df1f73d04ad55863f17c1d0343771ce6c5e2ccfc

            SHA512

            030ba239643d0d2e68283ec428dbf916021b7e3939d2ad7df4ef7101cf581341e50b7900dd6aed32582df8c66539d0d5032106b9e41a95cf2886a25941f15941

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll

            Filesize

            1.2MB

            MD5

            71e603e402afd0fdba84a781c9934446

            SHA1

            b3a529f7e470e478a77404846d17c1ad2ff017cb

            SHA256

            5ff3186465a347ce8a13991fdb659f77ee21ae5dc9813b9fb2aadafda8a86491

            SHA512

            45aba98b564e4c18bc8fccb71ad4cf1f03770a916c074c1cbf8546f1385dba6e041c67fd870f792a5eec233b8d19bbbe4c4d047015266ac5c060caf037af9c28

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SharpWnd.dll

            Filesize

            281KB

            MD5

            a555f73041756d249093a1d6a6f28448

            SHA1

            bc75a0047342fb157047c19193c02a8149187656

            SHA256

            2ad9292c875cb8b71a437b0da803d07867d2ed8deae4568f2be1f623755d5b60

            SHA512

            cb2166fcf3a73e60fef9b90102f6aba3a913cc0e84ca0a5c4cd43c52d21ad1696040215b302d2a46d61599024679cb2477fdaffedcc88396ae9c7ff1c649c84d

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll

            Filesize

            2.1MB

            MD5

            5ee738a85936240e5418a45af62fe52e

            SHA1

            47afe3b0380ff0ce3800a23f296fb4fb9a1f278b

            SHA256

            ec03b8e72f35200fba291c0b197812ebb61057b165edb5daedbe0a9fc2ca7756

            SHA512

            7a37dd770e3ef3321ed27294263c05f60dd950ed623cdd7830b0f07693f5b62f0876b8ec1f0edc91f726f9bf4a9a3246d7e1f919c524f43e7c03ded4f9d850ca

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll

            Filesize

            9.3MB

            MD5

            54b0221dc97992b5170cac659aa60ae6

            SHA1

            8a0df459f134cee59cc442c3d98386fc2f6a532c

            SHA256

            b66dadc8e64a0179e7af465800092937ecb020dba8f0b12efe7001d004b9ca7b

            SHA512

            cecea736365373a5ebfecf18e2fd4d8a0052cb14e31247461cac99d8b0d50c50139fb610e68553379aba3e6839cb314b02b4c84e2313f44758d864066078f464

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll

            Filesize

            1.5MB

            MD5

            6b007bedabaa20fb6d445bc62f1091d3

            SHA1

            d3905661051c4415ac92bd5492100a5f2df6f659

            SHA256

            bfc20232c4ecf4aece403d005624c82a64a2d54d5d84720341dc6d45b3522ba5

            SHA512

            7b0cb0959434437f31ab3e6df721be412de003979f19a66d3855ee4c87fe8a79d5cc4b42e6cf453be9289575854d2176d2bfff88a9308f5ab9f0895c0a899cfa

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll

            Filesize

            3.0MB

            MD5

            fb9763ac3b3f51551b4a77e833c395fb

            SHA1

            9a3f8e9225f214b31b4e703fe428b0537a7cac63

            SHA256

            c0fb1896ee5838e9f8bd1e4495367baffa0e71aa2d3785944d5b470f29aec53a

            SHA512

            6eecdf0d290e259fcb1c8aa9da5f3ca32f760c9039b84b11f40b63b39b1119152bde54d2c6e1c7d0a1af9f64c6a340501f934000a2f3e232612f525dd9b0c7fd

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avutil-52.dll

            Filesize

            327KB

            MD5

            f832d24b70a2f4583c57a5fa9b6f0d68

            SHA1

            092ce5cb6bfe6eadde62c4cfb911eab2474196f8

            SHA256

            67a0f7d47ceff1407b9c4851032346a9b81a75fee6569274f15d092610f04cdc

            SHA512

            41048c023871b485718ae219f0d79bbe01a0704f8d2107d68ead2262e3f66737718afbb636b02109d1a2b427aab04dd394ef82d8014298fa3fdee0c61bfab185

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\awebform.resources.dll

            Filesize

            481KB

            MD5

            0e77bfad6b92733c3296a04719375901

            SHA1

            982674869e2e76ee10937e946aad828ebea818ff

            SHA256

            87810c5d06310b6e61398314300646a0582fad7a99dba8368a06c886a59a38af

            SHA512

            391f6558d5b3241b1e1490763c80633b288e0b8a770815116530b352fb81ab7d18784d9103669c903e6b5b501cb8a062517dc599609bb269b86bf16cb8e8e7bf

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll

            Filesize

            3.2MB

            MD5

            bfcb8be288b3b1535c878fac14033351

            SHA1

            9a2af6064e694f7d58f078a9e52e24e0a9448de9

            SHA256

            0c1310f92e0bd207d6c2b1e7d45d527038612849d94a1f97ce0290fb4916a711

            SHA512

            e9c0a86f25118af21f3227c17f8d803f4623221481cf9ab5b8c7c9929681044ae0955df1b4d8c0cc004f71a3c74c56c2fea888e25ae5f9ce0fa0124eead5ffc5

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corem.dll

            Filesize

            52KB

            MD5

            71f601f8151e34ef31307ab4e46e902d

            SHA1

            1f3d312e2f4755b7f2decca1dedb91bc795288ea

            SHA256

            deac6221d0abe480012e836e5e9dd915828ae55401f0c46fb7ce8049c380c698

            SHA512

            377e6c9540616cad77cf151a31f6461338910d441a12b26175d8bcc2020eba83f621b0df1756123b58fb4358786fcb6a3e187af11123f100a91255218a616aa9

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corez.dll

            Filesize

            92KB

            MD5

            355f1b97cad97743a8e70dd2803e2f9d

            SHA1

            c7c12bc74483874cbdd39343d149509be355c2d9

            SHA256

            00d4986dfff92cfdd45576da9100d49f374a8dba1a476cfc8dc7cf50f5a6735f

            SHA512

            eb7f8d7b68ab01a95de5aad0023fc4c51c3828138610b488c92ca3ab5c320305f295467972b542c7fe436d08e21ba7926a997702e4383ce5f4cbc674f62479b7

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\htctl32.dll

            Filesize

            320KB

            MD5

            2d3b207c8a48148296156e5725426c7f

            SHA1

            ad464eb7cf5c19c8a443ab5b590440b32dbc618f

            SHA256

            edfe2b923bfb5d1088de1611401f5c35ece91581e71503a5631647ac51f7d796

            SHA512

            55c791705993b83c9b26a8dbd545d7e149c42ee358ecece638128ee271e85b4fdbfd6fbae61d13533bf39ae752144e2cc2c5edcda955f18c37a785084db0860c

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\msvcr100.dll

            Filesize

            755KB

            MD5

            0e37fbfa79d349d672456923ec5fbbe3

            SHA1

            4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

            SHA256

            8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

            SHA512

            2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\nsm.lic

            Filesize

            257B

            MD5

            7067af414215ee4c50bfcd3ea43c84f0

            SHA1

            c331d410672477844a4ca87f43a14e643c863af9

            SHA256

            2050cc232710a2ea6a207bc78d1eac66a4042f2ee701cdfeee5de3ddcdc31d12

            SHA512

            17b888087192bcea9f56128d0950423b1807e294d1c4f953d1bf0f5bd08e5f8e35afeee584ebf9233bfc44e0723db3661911415798159ac118c8a42aaf0b902f

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicapi.dll

            Filesize

            32KB

            MD5

            dcde2248d19c778a41aa165866dd52d0

            SHA1

            7ec84be84fe23f0b0093b647538737e1f19ebb03

            SHA256

            9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917

            SHA512

            c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcichek.dll

            Filesize

            18KB

            MD5

            a0b9388c5f18e27266a31f8c5765b263

            SHA1

            906f7e94f841d464d4da144f7c858fa2160e36db

            SHA256

            313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a

            SHA512

            6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicl32.dll

            Filesize

            576KB

            MD5

            d6f540f866ff3036054a48242a2a3683

            SHA1

            8f92bcbacb1638b4f08113a6b47df42b20e15f40

            SHA256

            f093783dea9ee740bf130cf9fc18f03522f5f7aa08e847273e339e754dcf0ab9

            SHA512

            a29b2889cd0f41efa2dc940bdac70892c8f3f2866318f0f3f68493a56f4fc091a6f94fc712595e613613f2186d08f919f5fb6be703cb66b8ee8fdb3cc0a4582d

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll

            Filesize

            1.7MB

            MD5

            3f7663206ef2069d0cc16cc1e813d7aa

            SHA1

            2ef1cc5457cb36b4e50de36a9a86b8c7ddf02092

            SHA256

            7896a7429e431a74eb43be3a235dfd1d6625e8634f6ad247c2eb13e8d3d298ff

            SHA512

            2e9f33bb0f776168e600d90a1fea188bc30d587e140b0cb2479384b347aa034152f242ff61e26f8e3fccaf473a2e940641e3db16570dfb1c15b5bc80f8593e34

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\postproc-52.dll

            Filesize

            185KB

            MD5

            f75d1b175e1687ee0a9b9e4a7abd123b

            SHA1

            026f4db79aa8db651964acf17233302d1809de1e

            SHA256

            72180a408b13b7d98c0bc2395b886a5c3aa0b2dea39ef081e193f60ef373365f

            SHA512

            200aec20c95b1ec2e7d1bb33ed89d846a128847b82c9d09aa2788b258967e750718414f05bdec0cf2e4f9c7af697404e19caccac354a1a62db52e76c6a45886b

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadGC2.dll

            Filesize

            68KB

            MD5

            6f346d712c867cf942d6b599adb61081

            SHA1

            24d942dfc2d0c7256c50b80204bb30f0d98b887a

            SHA256

            72e6c8dd77fa7e10a7b05ef6c3e21d3f7e4147301b0bf6e416b2d33d4e19a9c3

            SHA512

            1f95a211d5dd3e58d4e2682f6bf2c5380b230e9907e2882097b77b99520cd2c788f43ad2abcce617dd8ded0043e4ef1c8b6e083c44688b23109868e6cdd2364c

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadVC2.dll

            Filesize

            44KB

            MD5

            54aeddc619eed2faeee9533d58f778b9

            SHA1

            ca9d723b87e0c688450b34f2a606c957391fbbf4

            SHA256

            ee15e6e3f82c48461eb638c1ea11019ae9e3e303e067e879115c6272139026e7

            SHA512

            7cec39f32804109b3d502027d1ec42a594c1e4a2d93512195c60bd41aad7e32a8b0eb21a0ee859fecb403ee939eebc4608d9d27a4002b8c282de32f696136506

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swresample-0.dll

            Filesize

            101KB

            MD5

            77bceb240f65c91d26299a334a0cf8e1

            SHA1

            de9d588a25252d9660fe0247508eadfa6f8a7834

            SHA256

            d179c01c646d821cf745ae5e66ffc7ed394a61a595ecc2bccf27dc144ba91a2c

            SHA512

            b380b592c39fd22302fc4a36aa6f773a79253230f0dd73ad129500654dbdf24c5a0b0ae3b2a4ffd762da4f9705a0c8e48ad4372d85cdb6271c5d3f315c82a281

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll

            Filesize

            490KB

            MD5

            2985c39796fb4a5f4357a1a7a134ad45

            SHA1

            305dc537a03e0137a529dc30bfd2fc6c185402a3

            SHA256

            4f17b1ceea162390f64f54a3d13de4bb9e553da1e51ae7061545b7843ddad9ca

            SHA512

            4764dbf01defe417d587adbee16901bf374e0548d4a00f4f977f058dbe00c54712fd25162e1bf1986b55521cc2f005e7ed8e78db15e6cabfddc6b6924ec423b8

          • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\templates\bank.wav

            Filesize

            4.0MB

            MD5

            a60d3072a719260abb73a4011ff30642

            SHA1

            cfbf6fac5fdedd793c902b31359c7c94d8e85b52

            SHA256

            523e7e3cc6be48a5f8ac28517a68557ce7d051d047c84d868a00e21ca600c1c8

            SHA512

            425d425e78829b98476fe72b82204423aa52b64b7a0aca92550b371291e557118b3445c28d5494980539e894e1126380dd837eebcaaedfffddd36aaddaf717b9

          • C:\Windows\Installer\e589025.msi

            Filesize

            35.2MB

            MD5

            1414b254f44bba8e17b01983dc22adde

            SHA1

            a12059b028647968a03d9483815dc5c13bb4b841

            SHA256

            474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045

            SHA512

            1ea087707ab1f63af26950714d11376bd284984dca4069ab5adf5e35b766b82c6f65447d770ada792a4d1e334e6f5952c0f917e227f3b318986bea819f33e899

          • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

            Filesize

            23.0MB

            MD5

            9e9b13c1cb03e80f533ff20148e5788b

            SHA1

            1d5c06d4dedde17ca80700ec75843b0249e9bb7e

            SHA256

            a1c6e7026d4fadf6b03ff6f12d8e9fd654c1e75adbe1f0bfcf357cf4c5d607d5

            SHA512

            a981c8bdd1990815ce7fbad157c5e960d7e2a1ef68b36aedc795e80552ffafa6ecdeeec077c2ece48027c584279ff65e217f7a4b156139194b6a09df99ad312e

          • \??\Volume{57af6234-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{230d841a-a5b3-41d5-b8b8-8fc8bd059e50}_OnDiskSnapshotProp

            Filesize

            6KB

            MD5

            ce3d5fd91a2c9e2b0124bdcda2431cd4

            SHA1

            b4d9dc40f6edb2b17781a1b242ab800be6aee454

            SHA256

            1687862435229bce82c8eaccc97c9349d49f883e28aa8464efeaf3fa9ea200b0

            SHA512

            0d30cd1be1e76fa81a95dc33a240a08cf53dcc585b4bf58b6d8906f130374a4eec38bc6e8c92c87be2f251f6f8c076b8741b7cb0ddcaa74fd5ab0571ed49d841

          • memory/2920-100-0x0000000006E20000-0x0000000006E30000-memory.dmp

            Filesize

            64KB

          • memory/2920-102-0x0000000006E30000-0x0000000006E49000-memory.dmp

            Filesize

            100KB

          • memory/2920-132-0x0000000073700000-0x000000007378B000-memory.dmp

            Filesize

            556KB

          • memory/2920-128-0x0000000073920000-0x000000007398A000-memory.dmp

            Filesize

            424KB

          • memory/2920-124-0x0000000000400000-0x0000000001554000-memory.dmp

            Filesize

            17.3MB

          • memory/2920-125-0x0000000006820000-0x0000000006979000-memory.dmp

            Filesize

            1.3MB

          • memory/2920-143-0x0000000006820000-0x0000000006979000-memory.dmp

            Filesize

            1.3MB

          • memory/2920-145-0x0000000006820000-0x0000000006979000-memory.dmp

            Filesize

            1.3MB

          • memory/2920-144-0x00000000732D0000-0x0000000073307000-memory.dmp

            Filesize

            220KB

          • memory/2920-146-0x0000000006820000-0x0000000006979000-memory.dmp

            Filesize

            1.3MB

          • memory/2920-167-0x0000000006820000-0x0000000006979000-memory.dmp

            Filesize

            1.3MB

          • memory/2920-123-0x00000000723F0000-0x00000000725AE000-memory.dmp

            Filesize

            1.7MB

          • memory/2920-122-0x0000000073790000-0x000000007391E000-memory.dmp

            Filesize

            1.6MB

          • memory/2920-121-0x0000000074840000-0x0000000074B4E000-memory.dmp

            Filesize

            3.1MB

          • memory/2920-120-0x0000000073990000-0x0000000074838000-memory.dmp

            Filesize

            14.7MB

          • memory/2920-180-0x0000000006820000-0x0000000006979000-memory.dmp

            Filesize

            1.3MB

          • memory/2920-182-0x0000000006990000-0x00000000069AB000-memory.dmp

            Filesize

            108KB

          • memory/2920-107-0x00000000071F0000-0x000000000720A000-memory.dmp

            Filesize

            104KB

          • memory/2920-98-0x0000000006E10000-0x0000000006E1B000-memory.dmp

            Filesize

            44KB

          • memory/2920-207-0x0000000006820000-0x0000000006979000-memory.dmp

            Filesize

            1.3MB

          • memory/2920-210-0x0000000006820000-0x0000000006979000-memory.dmp

            Filesize

            1.3MB

          • memory/2920-134-0x00000000736D0000-0x00000000736F3000-memory.dmp

            Filesize

            140KB

          • memory/2920-213-0x0000000006820000-0x0000000006979000-memory.dmp

            Filesize

            1.3MB

          • memory/2920-214-0x0000000006820000-0x0000000006979000-memory.dmp

            Filesize

            1.3MB

          • memory/2920-216-0x0000000006820000-0x0000000006979000-memory.dmp

            Filesize

            1.3MB

          • memory/2920-65-0x0000000001CA0000-0x0000000001CA1000-memory.dmp

            Filesize

            4KB

          • memory/2920-250-0x0000000001CA0000-0x0000000001CA1000-memory.dmp

            Filesize

            4KB

          • memory/4336-284-0x0000000003560000-0x0000000003561000-memory.dmp

            Filesize

            4KB

          • memory/4336-230-0x0000000006C60000-0x0000000006C79000-memory.dmp

            Filesize

            100KB

          • memory/4336-233-0x0000000007200000-0x000000000721A000-memory.dmp

            Filesize

            104KB

          • memory/4336-235-0x0000000000400000-0x0000000001554000-memory.dmp

            Filesize

            17.3MB

          • memory/4336-236-0x0000000074840000-0x0000000074B4E000-memory.dmp

            Filesize

            3.1MB

          • memory/4336-229-0x0000000006C40000-0x0000000006C4B000-memory.dmp

            Filesize

            44KB

          • memory/4336-231-0x0000000006C50000-0x0000000006C60000-memory.dmp

            Filesize

            64KB

          • memory/4336-285-0x0000000073990000-0x0000000074838000-memory.dmp

            Filesize

            14.7MB

          • memory/4336-288-0x0000000009350000-0x00000000093DB000-memory.dmp

            Filesize

            556KB

          • memory/4336-289-0x0000000006970000-0x0000000006971000-memory.dmp

            Filesize

            4KB

          • memory/4336-286-0x0000000073790000-0x000000007391E000-memory.dmp

            Filesize

            1.6MB

          • memory/4336-287-0x00000000723F0000-0x00000000725AE000-memory.dmp

            Filesize

            1.7MB

          • memory/4336-311-0x00000000723F0000-0x00000000725AE000-memory.dmp

            Filesize

            1.7MB

          • memory/4336-312-0x0000000009350000-0x00000000093DB000-memory.dmp

            Filesize

            556KB