Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01-02-2024 16:13

General

  • Target

    WinIconMakerFreeSetup.msi

  • Size

    35.2MB

  • MD5

    1414b254f44bba8e17b01983dc22adde

  • SHA1

    a12059b028647968a03d9483815dc5c13bb4b841

  • SHA256

    474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045

  • SHA512

    1ea087707ab1f63af26950714d11376bd284984dca4069ab5adf5e35b766b82c6f65447d770ada792a4d1e334e6f5952c0f917e227f3b318986bea819f33e899

  • SSDEEP

    786432:XotrfQO1b8zWttlyhgMglwI4nFbZ2s7i4iOXmditJf0nnPl1x:4trPozWtPyhXJdi4i7EtW91

Malware Config

Signatures

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Blocklisted process makes network request 3 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Modifies Windows Firewall 2 TTPs 2 IoCs
  • Drops file in Windows directory 10 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 45 IoCs
  • Modifies data under HKEY_USERS 43 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\WinIconMakerFreeSetup.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2088
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
      "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
      2⤵
      • Adds Run key to start application
      • Maps connected drives based on registry
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2720
      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
        "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1676
      • C:\Windows\SysWOW64\netsh.exe
        netsh advfirewall firewall add rule name="CPPlayer In Service" dir=in action=allow program="C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe" enable=yes
        3⤵
        • Modifies Windows Firewall
        PID:1264
      • C:\Windows\SysWOW64\netsh.exe
        netsh advfirewall firewall add rule name="CPPlayer Out Service" dir=out action=allow program="C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe" enable=yes
        3⤵
        • Modifies Windows Firewall
        PID:1700
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:296
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
          4⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2064
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2652
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "0000000000000594" "00000000000005BC"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:1564

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\f76315f.rbs

    Filesize

    14KB

    MD5

    0336026df7b45575bf724e0e8ff49a54

    SHA1

    1528dee73b8bac473386910c22282aca228561db

    SHA256

    a4afe8d5dbefd2f7d90c7d95fc25a8d2b17daed1b617147144659559c72ef42f

    SHA512

    e3699722b93c7a6c785f696bd3978d8f1333b71bef86b203c59d4b6546d2ee28a1d71dc12c60f294ae89bc7dfe1fc743478118928747203e0c47d2e31055ae9f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a2adfa3502611f2ebbd1a13995748b14

    SHA1

    e5ecd6a8168f6b5b7b32284f67830e0a0092b459

    SHA256

    772b43c387f5f7f05006f6662153d6280c2b19d5822ca06cd8fbbbfbecf3ed02

    SHA512

    677039ddc846b97b16f4406290526082650beef36b596b1d0827f63a1e1f162df52dfd55ad54b51ce1b61099820ec3940baafd3bc7e163cf9676ab688196d4fa

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll

    Filesize

    1.6MB

    MD5

    f366a4e73d6b075f9e1d640be7aca0f3

    SHA1

    5846dfc6a8997b90d76ce43f3aa7357a2c996826

    SHA256

    4c871531c4dc0a618fb48ab1349af655f5fbfee0db7513588b7e179c551270bd

    SHA512

    e4c36ce028de2f4816c213c07f47ef5ddb8bc7a2364df2276c0f89056d62ed6d8e293b14004968d5c5f61f1f1a94f8afa994c6f967520e1554671d8437df022e

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe

    Filesize

    3.2MB

    MD5

    fface80400a0b1af30180f97b18f8197

    SHA1

    e254f2aeb4798e279c6ffcfe4f8a483cd4c4765d

    SHA256

    d624d373db4b0f0ac9b794c09c63b8b0b341601a68f87e758f70576b91d0d9b0

    SHA512

    dff1160ab3b7cb6bd80e1e468aa5dd21e7a251ed2f3b36d331c55fcb52151e4f0ca01cf862d55e737b461c9311d7b24844116c4e500c5b974d97945e34b2f75e

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe

    Filesize

    1.4MB

    MD5

    c3f7f61aa17290b2970c27a5d25dfb7f

    SHA1

    dbf867a4ac9bc1d159c15373a1c04f56dc1132ed

    SHA256

    8155be5491d85354076e17891ad0c9b15f704896d2f711de6a8a631d835b37b1

    SHA512

    414378de8379bcedba6dbbed0f93ec7878389432fa515f3db5fa801c2047f2cc0766c866943d0b09b897dc9396a011d40767d641a68d0dbf6425ff27783986d3

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Fitness.raw

    Filesize

    487KB

    MD5

    9d75270acda1b926711e556321f575e3

    SHA1

    5b12e96cf09cb02e440a677b0820e7d423349b52

    SHA256

    29bd43908f4a26050dc1d8e27ffc36b5a8d90724cf0d9dc46408941f97645d7d

    SHA512

    361d28fcb7f7886f31b3471b9f3eae396ede1bbfe11190dfc78ca7bf054efc01f735ea9ad53bbbf6ce1438f496a04ab163aa3f555b6d2d8acabfe1eafb74de01

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\License.txt

    Filesize

    3KB

    MD5

    cc5d000307075f7c16eb5cf2c8606c8d

    SHA1

    0169dbed302b8a3d142522e6bcb6040609d07232

    SHA256

    66014baaf612e3aa3084b0c9d7fd95041606f6157236ea10e80865e7cee4cab4

    SHA512

    d8cc2a3ae2bda1ad7d07f5ca4645c60d67bbb719ea8c42696e749604205b43fbb8630060924a486fee7f8f38984e53ab9c9016eabf8a548f9eec177d5d8b268e

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest

    Filesize

    524B

    MD5

    6bb5d2aad0ae1b4a82e7ddf7cf58802a

    SHA1

    70f7482f5f5c89ce09e26d745c532a9415cd5313

    SHA256

    9e0220511d4ebdb014cc17ecb8319d57e3b0fea09681a80d8084aa8647196582

    SHA512

    3ea373dacfd3816405f6268ac05886a7dc8709752c6d955ef881b482176f0671bcdc900906fc1ebdc22e9d349f6d5a8423d19e9e7c0e6f9f16b334c68137df2b

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest

    Filesize

    548B

    MD5

    ce3ab3bd3ff80fce88dcb0ea3d48a0c9

    SHA1

    c6ba2c252c6d102911015d0211f6cab48095931c

    SHA256

    f7205c5c0a629d0cc60e30e288e339f08616be67b55757d4a403a2b54e23922b

    SHA512

    211e247ea82458fd68bcc91a6731e9e3630a9d5901f4be4af6099ad15a90caf2826e14846951fdd7d3b199994fd3ac97ca9e325cf0dfeb9474aea9b0d6339dd3

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Readme.txt

    Filesize

    1KB

    MD5

    969c656269ca1f8437d76200e7620bcd

    SHA1

    80c6b239567b19e358250c8cbda9f100e6b0c28a

    SHA256

    dad36f230fb9f65767b07006df1f73d04ad55863f17c1d0343771ce6c5e2ccfc

    SHA512

    030ba239643d0d2e68283ec428dbf916021b7e3939d2ad7df4ef7101cf581341e50b7900dd6aed32582df8c66539d0d5032106b9e41a95cf2886a25941f15941

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll

    Filesize

    920KB

    MD5

    511e6705a69e977eaa2eaaf88ec708e4

    SHA1

    e33e678e27cc7fe58d14f5df92e74e24df5a927f

    SHA256

    562224031baaadcc6ecd552bbbc1b025247d34b118478b51f3750bb7c57ad1e7

    SHA512

    c1c60d28b326165d215d9baff18512e9081e07b523c512ebcb55cd963c42430ab198190d8c15566d230e74e87be1ba8d1d82bc15eb64da7aa5544e0f37a9247e

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll

    Filesize

    1.1MB

    MD5

    adc017f3283426b53e28737f959d3b83

    SHA1

    974338560f93222a097dbe23255c0d8161b7a14d

    SHA256

    a4a40232c80430a911b4be4ebf35694dbd1b530fc3c8428d1ca92039ca34528b

    SHA512

    cd52bc260b41a969a2f6395395797b7e59663feefad4f59c64410bce7caae31c01b04b37e2449b73c51db720c95e2a2619dbddf8ebafd871d236ed14a563c31a

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll

    Filesize

    1012KB

    MD5

    a7881a0afdc32297a3e5dda3f7740a81

    SHA1

    7fb34510d0cdf3e1e4b9c6ac082928314094987f

    SHA256

    a9308d1daa967c2ca4b635e735f2d61d3c141afb22ac0740751aad8299758a81

    SHA512

    137085a4a387ce0adbed737c9cef4daa7db8868ec633c87ca3c05189d275a2d77db2cf1086d800b87c31f1a351803af4bdbc940c492c80fc6b9f5eef2b3413bf

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll

    Filesize

    1.1MB

    MD5

    03bd793859607f418b9efe5082a2f9bc

    SHA1

    38e87c8991e9baffa83bb981482d72d5aed1bf55

    SHA256

    bdf8d1e587a998c23f4b37f017236fae621d389c27302e5ecf59034e3905f84f

    SHA512

    1b503d06951ce73c22a57b30416983cd02fdce2d76c23b95e98b79887f5a6fea439b81355447c585ef1a657af7f58a9a947c0c6061ac488354a900cff247c52b

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll

    Filesize

    1.3MB

    MD5

    3e35c4d41a7224e44218057f3f91243c

    SHA1

    932927c584271b7aea1cbb05d22ed5a1509420ee

    SHA256

    6a63a8b8f7e1bd8d3dfabb43e06c1ff970a7f57e59c6e886dcb57e68a9fd6acc

    SHA512

    b0020c8a85fc3b2839b759daac91b9842f64d215ed3366865f6dcd4f1f93b07fc9f18868302180e4baa1c43532ae815b80673eff0bf437fe2b78bdb470406479

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\nsm.lic

    Filesize

    257B

    MD5

    7067af414215ee4c50bfcd3ea43c84f0

    SHA1

    c331d410672477844a4ca87f43a14e643c863af9

    SHA256

    2050cc232710a2ea6a207bc78d1eac66a4042f2ee701cdfeee5de3ddcdc31d12

    SHA512

    17b888087192bcea9f56128d0950423b1807e294d1c4f953d1bf0f5bd08e5f8e35afeee584ebf9233bfc44e0723db3661911415798159ac118c8a42aaf0b902f

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll

    Filesize

    812KB

    MD5

    afa8bcf04df7d8d0a657e5cedae188db

    SHA1

    367bc65de869368986fee7004efec2342b436d03

    SHA256

    c406691900e4ee726534dfe20b4cd2d38683f10c6bf464b146d6553411d0285d

    SHA512

    07e95915355f058de0d62e7ca3f1d04e419359a375fda0fb5dd17d150a16fdc0415d1db29d0d4d599a9fa74429a52ea5ece9799b301bbac9f7d7890a646f144f

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\postproc-52.dll

    Filesize

    185KB

    MD5

    f75d1b175e1687ee0a9b9e4a7abd123b

    SHA1

    026f4db79aa8db651964acf17233302d1809de1e

    SHA256

    72180a408b13b7d98c0bc2395b886a5c3aa0b2dea39ef081e193f60ef373365f

    SHA512

    200aec20c95b1ec2e7d1bb33ed89d846a128847b82c9d09aa2788b258967e750718414f05bdec0cf2e4f9c7af697404e19caccac354a1a62db52e76c6a45886b

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadVC2.dll

    Filesize

    44KB

    MD5

    54aeddc619eed2faeee9533d58f778b9

    SHA1

    ca9d723b87e0c688450b34f2a606c957391fbbf4

    SHA256

    ee15e6e3f82c48461eb638c1ea11019ae9e3e303e067e879115c6272139026e7

    SHA512

    7cec39f32804109b3d502027d1ec42a594c1e4a2d93512195c60bd41aad7e32a8b0eb21a0ee859fecb403ee939eebc4608d9d27a4002b8c282de32f696136506

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll

    Filesize

    490KB

    MD5

    2985c39796fb4a5f4357a1a7a134ad45

    SHA1

    305dc537a03e0137a529dc30bfd2fc6c185402a3

    SHA256

    4f17b1ceea162390f64f54a3d13de4bb9e553da1e51ae7061545b7843ddad9ca

    SHA512

    4764dbf01defe417d587adbee16901bf374e0548d4a00f4f977f058dbe00c54712fd25162e1bf1986b55521cc2f005e7ed8e78db15e6cabfddc6b6924ec423b8

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\templates\bank.wav

    Filesize

    532KB

    MD5

    f19d1d83df0e4e5fca0afbb6a3ef73af

    SHA1

    6fd02bc6a9ca72295303b5361fb08b8f25d7934f

    SHA256

    c7c3af517e59e883f8fb3fc921c00f5a682860a3905331dc14db183a5d60e647

    SHA512

    e1de664fbeda95f9b69c6dc0d1fd7c167377ce2820777de14dfaa13b6ae475c375b6b9b2c5311a0136d3efed73519f1ac3131b92e977b03537794c9e1cc26cd5

  • C:\Users\Admin\AppData\Local\Temp\Cab1576.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar1615.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

  • C:\Windows\Installer\f76315d.msi

    Filesize

    2.7MB

    MD5

    aaac45f0543dfd7175ce3c22a39d5591

    SHA1

    81342b7bf24ab0aec2a5328b7d2bf9fabc6890d5

    SHA256

    64983b383b0cd01bf567f6d54120f34e87aba30b3d7049c4fc3299d1f6488eb5

    SHA512

    7bbfa35892f13eb3da22c05f4e6f74f8ce629f5b6defd6b35a45ee7933d53114fb979602fbc025e462ccd37fe577557d085b31c1627cd015ef76eba193023232

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll

    Filesize

    884KB

    MD5

    ec6c5648fcc7e7f094040ba42216a072

    SHA1

    64e0add1580329093a0a8139878c3cd97d20427d

    SHA256

    aba3b629a3a95d9a539b889d4f4af82dbea2feb09a35b32bda1c91fe708d0108

    SHA512

    c45ab4a92a31b7226eb20a95527a17672d3be7f10610963f4f068e62ad947b97b7cf5cbb5237f419f2869f15ee89187b2afb6dac2883ec4a34ff7513169cd3cd

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll

    Filesize

    263KB

    MD5

    d312d28d3796b277f88aa56aa6e066a7

    SHA1

    3292753f54b8f22a5a23366085aac2b37f584f02

    SHA256

    8ac9ba29d3381a11e61cbd4d2fe91f3d0924c672c95e0325363e09b72692f7bb

    SHA512

    ec7a3995f233b748945a2a3029906594d50057de0793ed21669f33a0324d335ec563d39857a10c7dabb04ef2dbd6dcf45e7adab17d88e5d6ac29806dffe76f7b

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll

    Filesize

    543KB

    MD5

    3e837b82501aa2f90cc774890656d02b

    SHA1

    a62e967c006f6bf77fbe489b01ea30993e55fe5d

    SHA256

    c85ca44b1ff1ad0af0ca3daf5f2302498846f3fdc2f48c6c7262f08280c6f5fc

    SHA512

    a4a55fc0ef6ae87c5c73489993e2dc6e0e36f783de79dd7894966df3ebe13ae8341a5fe15dd0e26c72865b4a936247f34b08342769edd0a94ba2b90164b0d27d

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ImageZoom.dll

    Filesize

    283KB

    MD5

    b01a100820095dc05fdaa0d1c3b5ca14

    SHA1

    70af3c7337248cd4dc8c65d5ba1d18d3fba926b0

    SHA256

    ee7205fa96539f9d9e62f5a403a06004c6c7235b7caee368dcb0db3a765c21ad

    SHA512

    883891959202294edceb3a6360f450182d59e097bb4b0f9fe18b5316c6591aee04d0cd5bf01c1b23d1727b59eeee7c148e56eea2a7436902170993318386933a

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Player.dll

    Filesize

    84KB

    MD5

    08c68e4121ceeac71745015bf17126cc

    SHA1

    103792ab800377092aabefbf4b94d0a882afdc3c

    SHA256

    e18254dd1e074eb57971d91ab62502611dee96aba1203f2b21810d8d0e761b3a

    SHA512

    d66c9db8a876260f4b86604dd71a52b72dd91d79b7d1da711c45577b0dddbda8e46802f6184c2cd63a202f58cdb04d51da865968b7b203b8c5c2a76a8cfb5bce

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll

    Filesize

    539KB

    MD5

    f1e5a1b32f7df572c98effef4aad4f0b

    SHA1

    a91853c28345fc6be278323d778c26b069f785fb

    SHA256

    31a02f62727bd52d10cbdcb944efdb110e6b6442771e37a6f0935dcf3cad36ae

    SHA512

    17bfbf269d05a27b9baf9e8388ca4d579c68adea19859151192110445b69bc0ba2eac62d05e4f0648489127260cbc93def2d84adc04d6a3116b2c4473ae8dd49

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SharpWnd.dll

    Filesize

    281KB

    MD5

    a555f73041756d249093a1d6a6f28448

    SHA1

    bc75a0047342fb157047c19193c02a8149187656

    SHA256

    2ad9292c875cb8b71a437b0da803d07867d2ed8deae4568f2be1f623755d5b60

    SHA512

    cb2166fcf3a73e60fef9b90102f6aba3a913cc0e84ca0a5c4cd43c52d21ad1696040215b302d2a46d61599024679cb2477fdaffedcc88396ae9c7ff1c649c84d

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll

    Filesize

    1.6MB

    MD5

    6074595d4174e3241a223b7fdf61826f

    SHA1

    78d58c4ab8ab729706b06ed9258e978a3033764a

    SHA256

    ea5ec3d2132e80a2e8a9449bf7219bad43f26dddecb3e8a2001458827f56fd7f

    SHA512

    33df11572fd29199067a3f671a15db9a43591fd2f825396d0167f057cf9d58b756e3577efd3c31989ecdb56a73bfac8555454b0862bf371e8b6b32f26f84b81d

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll

    Filesize

    231KB

    MD5

    d1db179d63ea72694984b32ad8ba4d57

    SHA1

    2e533ef472b87bb2785da5ef8ee5def79f7d3d14

    SHA256

    8f3b1b04a0d980d4eac5bdd1cbab5e54a5ecf0c535b62a6f1796286155e9810c

    SHA512

    e63581df4809e9f60f93876773dd7215c5ea81d68067f15bd3718f41356db3032f9362aca0470baa20666fad07dd4e17b40f38af4005a33485c0f74775dfb798

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll

    Filesize

    934KB

    MD5

    db139ba3660bb08ed6a485b47eb5ca59

    SHA1

    dc46fabb7ea3cca197cd8e42b640fc0ed2ceab25

    SHA256

    7fab224f47ec9069395dd62d401acbe138cd80a9cbbd0830ee0b909dddb7932e

    SHA512

    d4ccbf27461748801bffe3581adc8969b90cca0ddc36ccc21cd5a1005d0ec4b0980d10e7135473ca5a825dd1b9d9f6ca8a5796fe4fa6f4e367b235888d5910b6

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll

    Filesize

    298KB

    MD5

    6dba131006fa9fe0d23034dcdcf25242

    SHA1

    59cf30650fd5988cecdb0806d4b47f2cefe64380

    SHA256

    3c94e69a162563f8f9f760ce977707ff92e4c990cedf82959df5161f8f578198

    SHA512

    89721a320a746cf5d66eab6fcb915bbd7962ce0a9685d4b3adae4977d6917803f1ab760545598940040cb65c0bfe786fc3d4e83a0ecaab12585ba33ff8f556b0

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll

    Filesize

    1.2MB

    MD5

    afc69a24aa7759960dcd4a171ae0cc52

    SHA1

    65214018ecee6d847c00ea6027c4052d209f0322

    SHA256

    54a3d8828992dd8e23ac51f660f32522f80f4489b173ff241668b736913d3180

    SHA512

    62b02afbbd0d4a7e712997749d44a2abcf195f4e34f7d4dae143214125f70c6d77207c6f112a07960185dfc464895399fb7ccc070524d807cfdc5a8f37906b76

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll

    Filesize

    230KB

    MD5

    21200862c6bc45d1b6487fb8d8d899e9

    SHA1

    8f3667c5491b9c615b4b257c2c08320c3053906c

    SHA256

    c929407e63868eeaf5ef7f6988459af0de385fcbf7d388de593f3e14d4053e10

    SHA512

    ab258fe0c76f79e254791992fee556a35ae8a9be4aa4ecb91d74b41b3f83344e8614b5d742d45b328a0d7b4b85ee15ad7a299706b2089fa8b921363ab0dd5092

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avutil-52.dll

    Filesize

    327KB

    MD5

    f832d24b70a2f4583c57a5fa9b6f0d68

    SHA1

    092ce5cb6bfe6eadde62c4cfb911eab2474196f8

    SHA256

    67a0f7d47ceff1407b9c4851032346a9b81a75fee6569274f15d092610f04cdc

    SHA512

    41048c023871b485718ae219f0d79bbe01a0704f8d2107d68ead2262e3f66737718afbb636b02109d1a2b427aab04dd394ef82d8014298fa3fdee0c61bfab185

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\awebform.resources.dll

    Filesize

    481KB

    MD5

    0e77bfad6b92733c3296a04719375901

    SHA1

    982674869e2e76ee10937e946aad828ebea818ff

    SHA256

    87810c5d06310b6e61398314300646a0582fad7a99dba8368a06c886a59a38af

    SHA512

    391f6558d5b3241b1e1490763c80633b288e0b8a770815116530b352fb81ab7d18784d9103669c903e6b5b501cb8a062517dc599609bb269b86bf16cb8e8e7bf

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll

    Filesize

    824KB

    MD5

    bbd1bcf9c93d99eb2c0dde607e6d9bca

    SHA1

    efa956d6e7db6a4209ce22e6968a8cfa2f5df831

    SHA256

    812494bdd197b3291c0712d39821cc61630be861ce31ad3f6a0d2ac5408cfde5

    SHA512

    16b8910102929d918456a4481a86ac18037f03a974977934d409b3c5b8d0b9fc82bc0da6106e82774b7e522df15d3c49755eef42f2d866efe246398f59d84323

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll

    Filesize

    189KB

    MD5

    0b724ae3e435463bb4d812bf464d4214

    SHA1

    476f941dfefe1c49ef1aa9cb702b0d2c6c2f92ef

    SHA256

    188dfa7e6e73cd97f9546538a6d76e7f089a6eb8ceb4cc7ce386fa13cdf284b1

    SHA512

    18a1b8e8c63245761da3b2077f521b65d84dc7d4afcc7a4d8f51bb2b998205de00113754ec762bb1adc26f17c16a6c4e9e4685e8b7f95b705ead6e7078e8a0ae

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corem.dll

    Filesize

    52KB

    MD5

    71f601f8151e34ef31307ab4e46e902d

    SHA1

    1f3d312e2f4755b7f2decca1dedb91bc795288ea

    SHA256

    deac6221d0abe480012e836e5e9dd915828ae55401f0c46fb7ce8049c380c698

    SHA512

    377e6c9540616cad77cf151a31f6461338910d441a12b26175d8bcc2020eba83f621b0df1756123b58fb4358786fcb6a3e187af11123f100a91255218a616aa9

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corez.dll

    Filesize

    92KB

    MD5

    355f1b97cad97743a8e70dd2803e2f9d

    SHA1

    c7c12bc74483874cbdd39343d149509be355c2d9

    SHA256

    00d4986dfff92cfdd45576da9100d49f374a8dba1a476cfc8dc7cf50f5a6735f

    SHA512

    eb7f8d7b68ab01a95de5aad0023fc4c51c3828138610b488c92ca3ab5c320305f295467972b542c7fe436d08e21ba7926a997702e4383ce5f4cbc674f62479b7

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\htctl32.dll

    Filesize

    320KB

    MD5

    2d3b207c8a48148296156e5725426c7f

    SHA1

    ad464eb7cf5c19c8a443ab5b590440b32dbc618f

    SHA256

    edfe2b923bfb5d1088de1611401f5c35ece91581e71503a5631647ac51f7d796

    SHA512

    55c791705993b83c9b26a8dbd545d7e149c42ee358ecece638128ee271e85b4fdbfd6fbae61d13533bf39ae752144e2cc2c5edcda955f18c37a785084db0860c

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\msvcr100.dll

    Filesize

    728KB

    MD5

    ec54f862601c0dea19147bce824ef291

    SHA1

    e313241be2aa3c1967c6dd651d02a1670fa4b746

    SHA256

    d45ab7666da097dbcfae98f3c32aa14d464140a0b31ea5803f43ca6aa7a6064b

    SHA512

    b2d3b3e8fc6e07d0deed7824b0dc63ba74859975b581e0ecf4a13011f937c4f7d9be6a296af662b3ad5c565f283518f47d39246ddedbd52f1f597fd6720f957a

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicapi.dll

    Filesize

    32KB

    MD5

    dcde2248d19c778a41aa165866dd52d0

    SHA1

    7ec84be84fe23f0b0093b647538737e1f19ebb03

    SHA256

    9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917

    SHA512

    c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcichek.dll

    Filesize

    18KB

    MD5

    a0b9388c5f18e27266a31f8c5765b263

    SHA1

    906f7e94f841d464d4da144f7c858fa2160e36db

    SHA256

    313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a

    SHA512

    6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicl32.dll

    Filesize

    661KB

    MD5

    b3ba577902036fd56725620791bbb69a

    SHA1

    1299b8e7a2e0e2bf3e65f4fbf7f9a560eae59f0c

    SHA256

    979202bb80a7abd91dd99fe20fe9c9742b0d296e79d58296b129509710539a6f

    SHA512

    1b15c74c9d3337081d02cd0e8c6d0e24053d427515f9545be0018f103a397e46b7fe85877053f477f4f28c140416bf2a967eecc6d5540ba838bfefde6c80091c

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll

    Filesize

    721KB

    MD5

    1c4379d0104843f1709e785657537a26

    SHA1

    656b26ec415dab00c39d9b83aa06cc75c22e8941

    SHA256

    2409ff01fc945ea56513dfc21ad299bd9688b660a059328d2dc7dae0f23cd28f

    SHA512

    528c62f61c25fb5c481c573450a58bb9cdd106b704776645a76eee5d5b9e8d4b8a1cd65ba19920d38c1fcb9b7975d0d5ffa5cf08e71e3938e2f552ac4ec4b23a

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\postproc-52.dll

    Filesize

    124KB

    MD5

    129ccaec602d3502c310a9f839c3d6f5

    SHA1

    de1a51a6b2c6af0c23970e63d0cdc322b60b32cb

    SHA256

    b02df92df123d64a4ed28eb01aa5f716c7d2ae25b2731ef3dbe6eaea71d8fae3

    SHA512

    638f29def1bf356b598615100b7e5422f8d3164e695e56325107c975167ae372bb331e1ff7652d6bd68f89af71b500c95f2653d30d297952b8b24eb5f7f727d0

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadGC2.dll

    Filesize

    68KB

    MD5

    6f346d712c867cf942d6b599adb61081

    SHA1

    24d942dfc2d0c7256c50b80204bb30f0d98b887a

    SHA256

    72e6c8dd77fa7e10a7b05ef6c3e21d3f7e4147301b0bf6e416b2d33d4e19a9c3

    SHA512

    1f95a211d5dd3e58d4e2682f6bf2c5380b230e9907e2882097b77b99520cd2c788f43ad2abcce617dd8ded0043e4ef1c8b6e083c44688b23109868e6cdd2364c

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swresample-0.dll

    Filesize

    101KB

    MD5

    77bceb240f65c91d26299a334a0cf8e1

    SHA1

    de9d588a25252d9660fe0247508eadfa6f8a7834

    SHA256

    d179c01c646d821cf745ae5e66ffc7ed394a61a595ecc2bccf27dc144ba91a2c

    SHA512

    b380b592c39fd22302fc4a36aa6f773a79253230f0dd73ad129500654dbdf24c5a0b0ae3b2a4ffd762da4f9705a0c8e48ad4372d85cdb6271c5d3f315c82a281

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll

    Filesize

    178KB

    MD5

    2e4cee5472a0d5a809bffb52f4e7fc67

    SHA1

    4d4bfdb33af59456d98eef3538b5f9372ac24232

    SHA256

    c9c8887821316a781a92f11ee49d92f08b296b178a8e6f67b768611f810398be

    SHA512

    39fe6cc1cbc234957f14d091c04a8f1d48463bdc8b9e92554e217666c707a1b0a7b06ce221601f4a363511089aec0f50be76e6747a3347c9d7fec87bcbca8667

  • memory/1676-266-0x0000000006130000-0x0000000006140000-memory.dmp

    Filesize

    64KB

  • memory/1676-279-0x0000000074270000-0x00000000742A7000-memory.dmp

    Filesize

    220KB

  • memory/1676-270-0x00000000063B0000-0x00000000063CA000-memory.dmp

    Filesize

    104KB

  • memory/1676-273-0x0000000074A90000-0x0000000074D9E000-memory.dmp

    Filesize

    3.1MB

  • memory/1676-264-0x0000000006120000-0x000000000612B000-memory.dmp

    Filesize

    44KB

  • memory/1676-272-0x0000000000400000-0x0000000001554000-memory.dmp

    Filesize

    17.3MB

  • memory/1676-275-0x0000000073130000-0x0000000073FD8000-memory.dmp

    Filesize

    14.7MB

  • memory/1676-280-0x0000000074000000-0x000000007408B000-memory.dmp

    Filesize

    556KB

  • memory/1676-327-0x00000000729A0000-0x0000000072B5E000-memory.dmp

    Filesize

    1.7MB

  • memory/1676-318-0x00000000067D0000-0x00000000067D1000-memory.dmp

    Filesize

    4KB

  • memory/1676-316-0x0000000008270000-0x00000000082FB000-memory.dmp

    Filesize

    556KB

  • memory/1676-291-0x00000000729A0000-0x0000000072B5E000-memory.dmp

    Filesize

    1.7MB

  • memory/1676-290-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

  • memory/1676-276-0x0000000074470000-0x00000000744DA000-memory.dmp

    Filesize

    424KB

  • memory/1676-277-0x0000000074440000-0x0000000074463000-memory.dmp

    Filesize

    140KB

  • memory/1676-278-0x00000000742B0000-0x000000007443E000-memory.dmp

    Filesize

    1.6MB

  • memory/1676-268-0x0000000006140000-0x0000000006159000-memory.dmp

    Filesize

    100KB

  • memory/2064-367-0x0000000070A90000-0x000000007103B000-memory.dmp

    Filesize

    5.7MB

  • memory/2064-369-0x0000000002FB0000-0x0000000002FF0000-memory.dmp

    Filesize

    256KB

  • memory/2064-371-0x0000000002FB0000-0x0000000002FF0000-memory.dmp

    Filesize

    256KB

  • memory/2064-370-0x0000000002FB0000-0x0000000002FF0000-memory.dmp

    Filesize

    256KB

  • memory/2064-368-0x0000000070A90000-0x000000007103B000-memory.dmp

    Filesize

    5.7MB

  • memory/2064-372-0x0000000070A90000-0x000000007103B000-memory.dmp

    Filesize

    5.7MB

  • memory/2720-211-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

  • memory/2720-222-0x00000000068C0000-0x00000000068DB000-memory.dmp

    Filesize

    108KB

  • memory/2720-148-0x0000000074A90000-0x0000000074D9E000-memory.dmp

    Filesize

    3.1MB

  • memory/2720-160-0x00000000729A0000-0x0000000072B5E000-memory.dmp

    Filesize

    1.7MB

  • memory/2720-161-0x00000000074E0000-0x0000000007639000-memory.dmp

    Filesize

    1.3MB

  • memory/2720-244-0x00000000074E0000-0x0000000007639000-memory.dmp

    Filesize

    1.3MB

  • memory/2720-239-0x00000000074E0000-0x0000000007639000-memory.dmp

    Filesize

    1.3MB

  • memory/2720-237-0x00000000074E0000-0x0000000007639000-memory.dmp

    Filesize

    1.3MB

  • memory/2720-137-0x0000000005EB0000-0x0000000005EC0000-memory.dmp

    Filesize

    64KB

  • memory/2720-134-0x0000000005EA0000-0x0000000005EAB000-memory.dmp

    Filesize

    44KB

  • memory/2720-184-0x0000000074270000-0x00000000742A7000-memory.dmp

    Filesize

    220KB

  • memory/2720-174-0x00000000074E0000-0x0000000007639000-memory.dmp

    Filesize

    1.3MB

  • memory/2720-147-0x0000000073130000-0x0000000073FD8000-memory.dmp

    Filesize

    14.7MB

  • memory/2720-153-0x00000000742B0000-0x000000007443E000-memory.dmp

    Filesize

    1.6MB

  • memory/2720-145-0x0000000005EF0000-0x0000000005F0A000-memory.dmp

    Filesize

    104KB

  • memory/2720-140-0x0000000005EC0000-0x0000000005ED9000-memory.dmp

    Filesize

    100KB

  • memory/2720-111-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

  • memory/2720-172-0x00000000074E0000-0x0000000007639000-memory.dmp

    Filesize

    1.3MB

  • memory/2720-173-0x00000000074E0000-0x0000000007639000-memory.dmp

    Filesize

    1.3MB

  • memory/2720-177-0x0000000000400000-0x0000000001554000-memory.dmp

    Filesize

    17.3MB

  • memory/2720-209-0x00000000074E0000-0x0000000007639000-memory.dmp

    Filesize

    1.3MB

  • memory/2720-185-0x0000000074000000-0x000000007408B000-memory.dmp

    Filesize

    556KB

  • memory/2720-208-0x00000000074E0000-0x0000000007639000-memory.dmp

    Filesize

    1.3MB

  • memory/2720-196-0x00000000074E0000-0x0000000007639000-memory.dmp

    Filesize

    1.3MB

  • memory/2720-181-0x0000000074470000-0x00000000744DA000-memory.dmp

    Filesize

    424KB

  • memory/2720-182-0x0000000074440000-0x0000000074463000-memory.dmp

    Filesize

    140KB

  • memory/2720-386-0x00000000729A0000-0x0000000072B5E000-memory.dmp

    Filesize

    1.7MB