Analysis

  • max time kernel
    137s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    03-02-2024 01:02

General

  • Target

    474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045.msi

  • Size

    35.2MB

  • MD5

    1414b254f44bba8e17b01983dc22adde

  • SHA1

    a12059b028647968a03d9483815dc5c13bb4b841

  • SHA256

    474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045

  • SHA512

    1ea087707ab1f63af26950714d11376bd284984dca4069ab5adf5e35b766b82c6f65447d770ada792a4d1e334e6f5952c0f917e227f3b318986bea819f33e899

  • SSDEEP

    786432:XotrfQO1b8zWttlyhgMglwI4nFbZ2s7i4iOXmditJf0nnPl1x:4trPozWtPyhXJdi4i7EtW91

Malware Config

Signatures

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Blocklisted process makes network request 3 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Modifies Windows Firewall 2 TTPs 2 IoCs
  • Drops file in Windows directory 10 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 45 IoCs
  • Modifies data under HKEY_USERS 43 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:624
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2752
    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
      "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
      2⤵
      • Adds Run key to start application
      • Maps connected drives based on registry
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:3016
      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
        "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:668
      • C:\Windows\SysWOW64\netsh.exe
        netsh advfirewall firewall add rule name="CPPlayer In Service" dir=in action=allow program="C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe" enable=yes
        3⤵
        • Modifies Windows Firewall
        PID:3036
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2004
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
          4⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2220
      • C:\Windows\SysWOW64\netsh.exe
        netsh advfirewall firewall add rule name="CPPlayer Out Service" dir=out action=allow program="C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe" enable=yes
        3⤵
        • Modifies Windows Firewall
        PID:604
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2600
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000003C8" "00000000000003C4"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:1112

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\f769cfd.rbs

    Filesize

    14KB

    MD5

    4479ba9a62af112db37c0eb20c40161f

    SHA1

    aa419cdbfc309c15ec603bc62dc28bc36ec8a9c0

    SHA256

    e820a8a39f65bcba1528fa5b3cffb69a624aa367b4d9791fd899c57469d96d38

    SHA512

    e68486f55ef3d4e6c84e39d6d064574c37b0146c388c2565b9cf9a5d25b29c2cb21c6ba14a1fc71f9f1dc408c0ef1ffa9772095ce6d08fb805c85f04d20b423e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    42cdddb939ecd4b92fe7c9c28cdda96c

    SHA1

    fd0ac6af4008a2fb4e52bded0022bce9fd2c5c05

    SHA256

    2216f73d73c7e412836c89cbe8a19d0564d571e6ca39dd532fab6dcb03163dab

    SHA512

    baf1f7d89524775dc9ff88c10c1bc6efb6474a63c5d4a3f5f67a03050fab257277db2a9a12360c592b207f58125523a8f1e3ae33c21715fc08c63f2d1e701d84

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll

    Filesize

    569KB

    MD5

    a9c41f8d5882f9652cf6df7fe9faf4c3

    SHA1

    f8fa29fbc9aefe16c11c03811d17f32bbdd38f8e

    SHA256

    a447946b0d66d261834f864c93a6f716107c4542b9a1699547d6aa9ad8afd223

    SHA512

    00f966d9cac5b84bec52105455834ec94be3916c805ad1b8202599c4595d4551f67ff5c3d10d1523d7f30fa6b8d14a303a9ef5532b5e0fed7b25b476fae62e0e

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe

    Filesize

    3.4MB

    MD5

    bf4f582955a63e6f5bd77cf29be0f175

    SHA1

    6ad9ac5a6df06123cdd9069618b3018204d70d68

    SHA256

    9551fad7beaa93e763dcba13c15a754c505d1700654d39dcc8d0418f65ef6d23

    SHA512

    9b04a9c02b248b8e401fbac9df7ee5463768ce2491f863fac987358fa6bffc8519554f6ac08711fc4afc90461b4512030d037c1bb7d75eb6e817ad825ba776c4

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe

    Filesize

    64KB

    MD5

    e8798daef7e0c7895563ea617cc413ea

    SHA1

    8f6cf6ead9a99b8dac26ad6c60bd5bf6cdb611e3

    SHA256

    949a86ab77380051ee57d48591a4d41440551a9aebcbb6bed2ab38b6e0b80c6a

    SHA512

    bf9be5164e5e4a082aa4f1cd1a98f07c99c938f7b4456f97f98d3f421e6635c7a413e4feb14b8ebc3feb8421c62987b5fbc1943267498d440549c712de25a1e0

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Fitness.raw

    Filesize

    2.5MB

    MD5

    700b118ad080616eb90b48fbc58b922d

    SHA1

    581acd1a2c42fdf5a9c04bc1a358062da0dfc44e

    SHA256

    cfebb00eeacccf259812262a204c0b5c06d91caa40ab4890cb4d99eb9a70e32c

    SHA512

    97476d0600aafafaaed1f6049e1802cb2e5d8393d59dc582d221b03c8358f5161d8237cb8a6374d3f5737a8ff4c3a46a0d2232ad078516acddd0f90f06145ac9

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll

    Filesize

    200KB

    MD5

    2bfde296a36314cf1a5debef1c53750f

    SHA1

    bf9e8dfabe5ce130595a5f40d96ab48b20418cd5

    SHA256

    7d5ff07ef899a861a66deece8d0b879df8d29d08457e0ebefb08116a59b0271b

    SHA512

    ea6e3488dbe2d9b316c7900bb6519f867e3397b565c022d01ed53e4892c9c1809b5652a38619838194b2de211541368e13cfa6f9da8d6c72114ce5e33f9042a5

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ImageZoom.dll

    Filesize

    109KB

    MD5

    2fe28fef080213035f0bb5ee70b6d715

    SHA1

    cd5616deecb67545b06f78eccfe35b2348b84cad

    SHA256

    f3ce65b391bb78b5bf0b6eaac213f83261b39882ca292917b33f2b896d8e14e1

    SHA512

    3434b9ef29bcf862e06d7cb133da5db86b9610a489482c9c86da7d8069bc5e0a75744ef2c38d7b0ea5821649eaeb9cea00d2b1c9ca0a5b051f5f208f2d91bfb0

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\License.txt

    Filesize

    3KB

    MD5

    cc5d000307075f7c16eb5cf2c8606c8d

    SHA1

    0169dbed302b8a3d142522e6bcb6040609d07232

    SHA256

    66014baaf612e3aa3084b0c9d7fd95041606f6157236ea10e80865e7cee4cab4

    SHA512

    d8cc2a3ae2bda1ad7d07f5ca4645c60d67bbb719ea8c42696e749604205b43fbb8630060924a486fee7f8f38984e53ab9c9016eabf8a548f9eec177d5d8b268e

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest

    Filesize

    524B

    MD5

    6bb5d2aad0ae1b4a82e7ddf7cf58802a

    SHA1

    70f7482f5f5c89ce09e26d745c532a9415cd5313

    SHA256

    9e0220511d4ebdb014cc17ecb8319d57e3b0fea09681a80d8084aa8647196582

    SHA512

    3ea373dacfd3816405f6268ac05886a7dc8709752c6d955ef881b482176f0671bcdc900906fc1ebdc22e9d349f6d5a8423d19e9e7c0e6f9f16b334c68137df2b

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest

    Filesize

    548B

    MD5

    ce3ab3bd3ff80fce88dcb0ea3d48a0c9

    SHA1

    c6ba2c252c6d102911015d0211f6cab48095931c

    SHA256

    f7205c5c0a629d0cc60e30e288e339f08616be67b55757d4a403a2b54e23922b

    SHA512

    211e247ea82458fd68bcc91a6731e9e3630a9d5901f4be4af6099ad15a90caf2826e14846951fdd7d3b199994fd3ac97ca9e325cf0dfeb9474aea9b0d6339dd3

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Readme.txt

    Filesize

    1KB

    MD5

    969c656269ca1f8437d76200e7620bcd

    SHA1

    80c6b239567b19e358250c8cbda9f100e6b0c28a

    SHA256

    dad36f230fb9f65767b07006df1f73d04ad55863f17c1d0343771ce6c5e2ccfc

    SHA512

    030ba239643d0d2e68283ec428dbf916021b7e3939d2ad7df4ef7101cf581341e50b7900dd6aed32582df8c66539d0d5032106b9e41a95cf2886a25941f15941

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll

    Filesize

    1.2MB

    MD5

    71e603e402afd0fdba84a781c9934446

    SHA1

    b3a529f7e470e478a77404846d17c1ad2ff017cb

    SHA256

    5ff3186465a347ce8a13991fdb659f77ee21ae5dc9813b9fb2aadafda8a86491

    SHA512

    45aba98b564e4c18bc8fccb71ad4cf1f03770a916c074c1cbf8546f1385dba6e041c67fd870f792a5eec233b8d19bbbe4c4d047015266ac5c060caf037af9c28

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SharpWnd.dll

    Filesize

    281KB

    MD5

    a555f73041756d249093a1d6a6f28448

    SHA1

    bc75a0047342fb157047c19193c02a8149187656

    SHA256

    2ad9292c875cb8b71a437b0da803d07867d2ed8deae4568f2be1f623755d5b60

    SHA512

    cb2166fcf3a73e60fef9b90102f6aba3a913cc0e84ca0a5c4cd43c52d21ad1696040215b302d2a46d61599024679cb2477fdaffedcc88396ae9c7ff1c649c84d

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll

    Filesize

    315KB

    MD5

    3dd935dee99f1c6e39b33cf5078cb0a6

    SHA1

    9a8bfe1a3d9fed51329fdd892839885294d2e926

    SHA256

    50359d692db0a3e7fbf37f112964e48d18997761ebaf3db355b00e5bb8257497

    SHA512

    51706ee2c78f6519debea13967200e300f473edd27772f1c4b1a57bfe4dc2b89ec30d43bba61094fc7fda99776b4aa306ab519e1f846c23e0ef7ea3c1295dd2d

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll

    Filesize

    457KB

    MD5

    c8a868ef16c4b8af1f11d2ece91a933a

    SHA1

    cbf5ad08482c51dcfa249e110e3de8459d274e92

    SHA256

    f6a94ae34f369b9dda2cfaa469d34f418c6aa22ef14b163892240c2755716ec9

    SHA512

    4368fcc16fba9c80f67ba5b3ad32f772dfdd2fb4aebe1007bbe86ff7f216e4476c8f2ca831f4efe970d4d51e6f669bf1a54f8cc9830f2daab138b6a37fd0b759

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avutil-52.dll

    Filesize

    93KB

    MD5

    ed21cb2fb7260cc5b204a2dcca0882ec

    SHA1

    fc94e2a5786b435139a0e8c5c7e9f8047742972c

    SHA256

    da8e315c0082a56f578e0b17a8b9ad32ad28de8c8904e163543c1c46ce5fdd9f

    SHA512

    2c6f88a762cb166ba5249c585866dae73907e19d2803a469f5c892f8b8d4f02d83aaa4141e5337ab0ced8d08bf189494d10466e595c11e016b6c25402e1a4bf0

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll

    Filesize

    177KB

    MD5

    63c4a9ec3ea194bddeff7e3c49745d33

    SHA1

    25b3fd09a969a90f0b7fa5bd2cf011ffbe26d3f0

    SHA256

    8c2aac49c0c789f3fe97e4123651b2aff27973529367bbcd9d1a41db052342f5

    SHA512

    f813799752052d527d9114118f7cda9b90e076a901288d5b8f285e1c30edc2f5c8b5a103347629a0e034841101be316b24be9b2584a47535eb387fe1c11f67fb

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corem.dll

    Filesize

    19KB

    MD5

    b1599f49643217e9e71d2ab67b557a74

    SHA1

    bd2c49422fbbbc7d6c5dd4b1bdd7c5fdfb44ddbd

    SHA256

    be173ca97cd23e82146d80060da16947fd3bed8ba586dee6ddb0a202f4a2702c

    SHA512

    6e9ac9a3d6e0ed73c02421ed24218991b04637445f93e74bfd5b19a9c5b246126e47b0a5173a8cd067901a1fae6fed964271a912fb3abcf857ef7a3e3667dc5e

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corez.dll

    Filesize

    92KB

    MD5

    355f1b97cad97743a8e70dd2803e2f9d

    SHA1

    c7c12bc74483874cbdd39343d149509be355c2d9

    SHA256

    00d4986dfff92cfdd45576da9100d49f374a8dba1a476cfc8dc7cf50f5a6735f

    SHA512

    eb7f8d7b68ab01a95de5aad0023fc4c51c3828138610b488c92ca3ab5c320305f295467972b542c7fe436d08e21ba7926a997702e4383ce5f4cbc674f62479b7

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\nsm.lic

    Filesize

    257B

    MD5

    7067af414215ee4c50bfcd3ea43c84f0

    SHA1

    c331d410672477844a4ca87f43a14e643c863af9

    SHA256

    2050cc232710a2ea6a207bc78d1eac66a4042f2ee701cdfeee5de3ddcdc31d12

    SHA512

    17b888087192bcea9f56128d0950423b1807e294d1c4f953d1bf0f5bd08e5f8e35afeee584ebf9233bfc44e0723db3661911415798159ac118c8a42aaf0b902f

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll

    Filesize

    715KB

    MD5

    c4a030541c00965596af0cd4795865b1

    SHA1

    23c8a71836e999649c151a205cea1eeac0f69492

    SHA256

    3d6d9809d1b3691fe3c5501d4262fada7f882fe4d1555aaa51a532c329c00635

    SHA512

    9ff867d97912e30f1a48156a19f52e19623c0c057d067230019712c3d2ed3a6c033d5519111a6b8e4f9b82fd9f1703ef74c52d41a72a5af0ced45f7e25066bc9

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll

    Filesize

    65KB

    MD5

    abe5ff1117f8ffe63ca9eda95c689e96

    SHA1

    e9fe4ccaacbd6ef9eb73bd5ce489869cf9828dfb

    SHA256

    cfd8445dc4bb85f5d8b3fafe2d05ad4cda25c931d574d69e86f3a3995b49646f

    SHA512

    ef816f700dd6840d5ac7743bc1021bfdb2c4e7999fde9942cb569a752c8bab3eb1b3a33c2f6816d82c54f3aa168aec5226b89fde14cc1055e10aaaa3b1acfa70

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\templates\bank.wav

    Filesize

    686KB

    MD5

    9199dae281cb793f8e3446a5ce1d53af

    SHA1

    719b055c066b08d488bd8086888077c96c6cfcea

    SHA256

    dc8c343cc72ea6c0875a8e17d9aa81b5dac847a16d36cf8ad61d3f2099bab392

    SHA512

    913fa880bcb3b57180a405a59b669e6065018de1ce5e6e1c7dbe0749e7cb7a06e42b60ac156e84137d8f2b7b4918bb754cae96697fd4cdcd5991269338b371ae

  • C:\Users\Admin\AppData\Local\Temp\Cab4AB8.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar4B86.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

  • C:\Windows\Installer\f769cfb.msi

    Filesize

    4.1MB

    MD5

    b974b02a6874bf2fee34f15cd7b7253e

    SHA1

    7994892d3104d9645ae8119c3becad03d8a1e5a9

    SHA256

    374f9f28c448424774dd3b3d24c11fc437e372f45c48855c18f3a84f5f585dcb

    SHA512

    baa13d89c129ad87d4ebd5672763af206be61879126383508b65aaddc98c1a5506de8852a429e744362bc803126ce844300bd58b8f253681b32968662467b48d

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll

    Filesize

    407KB

    MD5

    e2193bba2b20854758ad129c97a37037

    SHA1

    ab6e5bf4dd6fe138d00e4168b2b3086cb27899cb

    SHA256

    b38c1d50f4560bf2748a15f20e21d04062fdae7c697326abe7a78d24a813cdbf

    SHA512

    3e387a39792ea9f896b6e60772352419ab92a084a5b57a67caf30aefa546854027967e6d53af50fa3e500a60ac117f7f81b030b3d639d3e7ae9ff2d49ac31f46

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll

    Filesize

    2.9MB

    MD5

    da676bd98323ec610486963481e8b37b

    SHA1

    2d391527a345f9cff787c6ff6221163cffe25f09

    SHA256

    d1994e8b0bcee72f8012d30e24d0237d982099070faf794dda01e41c8be64b57

    SHA512

    6a009398d0a04d8eac23e7b1fc73edae7f2cbdf0e99c76fbb9dab7a1d6652f32154a0c323bee48af0ba2075605ca06755eed099f1ae987fdf31731ebf82d0066

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll

    Filesize

    188KB

    MD5

    1cf5aff7cf078a12c8b61d939344137d

    SHA1

    a80a4f3fa234c28d7f7ec7098a2ba595666bed42

    SHA256

    ac77248649a3ead28ecf0b92468c199e73e6d3d79797121deffbb56a3618b2e2

    SHA512

    d4d0a1b19455e5d51159e1c6d91e2916a8614ac7ac0e962316c9219972ceac991aa63d73c752c6a8b5808786366c58e16927b39f80ed7b7923663d571a447c9e

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ImageZoom.dll

    Filesize

    119KB

    MD5

    a18318cd9b29a755adb1d14db06ea527

    SHA1

    eadddd96a981a0d81d6906962d48a0a5197d15c2

    SHA256

    0d9da879ac5d4c8702a84d3b54e41631da32433b1d9d5e1b5e527699d5fec10a

    SHA512

    938120c2ec7cd96da6cac8a2dcf4f2ce84aedb1848b39803e27bb1c249e9ab279a23ca5c254ef793c92e91929ea60eacdcbc5cbb8b894bebf6c42ed83a9f16b5

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Player.dll

    Filesize

    84KB

    MD5

    08c68e4121ceeac71745015bf17126cc

    SHA1

    103792ab800377092aabefbf4b94d0a882afdc3c

    SHA256

    e18254dd1e074eb57971d91ab62502611dee96aba1203f2b21810d8d0e761b3a

    SHA512

    d66c9db8a876260f4b86604dd71a52b72dd91d79b7d1da711c45577b0dddbda8e46802f6184c2cd63a202f58cdb04d51da865968b7b203b8c5c2a76a8cfb5bce

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll

    Filesize

    138KB

    MD5

    66317d9d2656b3997ec9a291c6097e6a

    SHA1

    9f6643289df92d0eb18e7d648c323bc976d178b1

    SHA256

    cd06b42da99fd4f70e8de7387c324ba1d1934341e404673a7865f000e86f8ccf

    SHA512

    d9c01477bedb93f07015e7462f2b531bd2ecb5b9f923c11e3a3745527fcac161855a508d17d5cf7759f3c4cc63067c55086fc8f78900d4f4acc39d961ceaf581

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SharpWnd.dll

    Filesize

    2KB

    MD5

    d2769ec79a5dd9581fc936e7df72e5f9

    SHA1

    2829a06662e31147f920a82fe8184319204bb86d

    SHA256

    0d5ef6fea41ccf163f4f46742516e9960fab0454f2fc89117a9e073d745c4285

    SHA512

    d910c25cb94c35f9c27f320e6ba4c4886e30e5e87887a322a3fe78f98509eae2842e7eae8181006967439b7f315e21caa2783b248183c1f0f79aec46e99d6075

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll

    Filesize

    128KB

    MD5

    c59aac37d518bf39d15fbf74b3070b03

    SHA1

    b9db3d05619e564345584a5c144e604e18cfdc05

    SHA256

    1be603a8cf22cb6d0d8aef08e4047cb87af55eb64774e6fc24c343d3369711ba

    SHA512

    55eb242ec8cf00492f65f51a27f2f06c318ce0818980c2d0fdca72b7dc3cf3f0e96139224d6618a35be7f63511fe73d7de425c0ea127316df11aa2c5caf97252

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll

    Filesize

    2.2MB

    MD5

    57daec207c981b9175e411173aea716b

    SHA1

    1776b4a3c568a94c2310361244828f0de87c439f

    SHA256

    75f24fcad76b8647c28032204593534d0bf0025db40d6f1a22f6bcdea6d7917e

    SHA512

    eb16cd8ade3c0c4378331b8a37bba56bdc42ebb669fab787948600e8bb30897e7bc583eeff7c255cc08fb6c2579435eb5278d45b6315c5f4ba38511ae386bf85

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll

    Filesize

    1.5MB

    MD5

    6b007bedabaa20fb6d445bc62f1091d3

    SHA1

    d3905661051c4415ac92bd5492100a5f2df6f659

    SHA256

    bfc20232c4ecf4aece403d005624c82a64a2d54d5d84720341dc6d45b3522ba5

    SHA512

    7b0cb0959434437f31ab3e6df721be412de003979f19a66d3855ee4c87fe8a79d5cc4b42e6cf453be9289575854d2176d2bfff88a9308f5ab9f0895c0a899cfa

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll

    Filesize

    407KB

    MD5

    7cc1bb46f4150478eb2c204f9a4ee21b

    SHA1

    ab5f46761c911870e32431de92d0071f06b92ab0

    SHA256

    14fd3db89c06363e8aae25b2ab304cf93b13938f857c9ab5c2754e4be0a4cdf0

    SHA512

    16c68509d6f89ba48b08fe208625c32be013c51e1b87355120e29d78cbeb58cba94f1dc5987b87942c19e5b3e116d06485bb215129fd6ec6970f9cf144558a55

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll

    Filesize

    2.6MB

    MD5

    9b3d5e889bee7c66beed89dd7773de8f

    SHA1

    7396aa1425b535601a5fedba0fb04732d4a867e7

    SHA256

    83caa588105d6ffd0c8ba366e0f62de3b8f5f9789ab3db6548996340a9143a4f

    SHA512

    18612c1a6963e06df92798bbc1a4a645c50c65a8d832142c23b82f28524bf259337fa56d96629c205a9d4caf84d493926e220efa967a696e6e4d7f5fa88332e0

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avutil-52.dll

    Filesize

    327KB

    MD5

    f832d24b70a2f4583c57a5fa9b6f0d68

    SHA1

    092ce5cb6bfe6eadde62c4cfb911eab2474196f8

    SHA256

    67a0f7d47ceff1407b9c4851032346a9b81a75fee6569274f15d092610f04cdc

    SHA512

    41048c023871b485718ae219f0d79bbe01a0704f8d2107d68ead2262e3f66737718afbb636b02109d1a2b427aab04dd394ef82d8014298fa3fdee0c61bfab185

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\awebform.resources.dll

    Filesize

    481KB

    MD5

    0e77bfad6b92733c3296a04719375901

    SHA1

    982674869e2e76ee10937e946aad828ebea818ff

    SHA256

    87810c5d06310b6e61398314300646a0582fad7a99dba8368a06c886a59a38af

    SHA512

    391f6558d5b3241b1e1490763c80633b288e0b8a770815116530b352fb81ab7d18784d9103669c903e6b5b501cb8a062517dc599609bb269b86bf16cb8e8e7bf

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll

    Filesize

    163KB

    MD5

    fcb2fdfac9c0371f27914af2e8bf7db5

    SHA1

    06f405668a7f08c81df660c2a61cdd4d2e492798

    SHA256

    d6ad6a32bcec409d56e4391ac27d5a1c70c083e319824b95cdd48454cf286238

    SHA512

    666728a0e4cf8430df347918606467d41b7ca360e73b96dcbdbf7675d26d66779928d5d02506213a33036fa3ed967e4a56874a26b4693f5a914c7c368814fa34

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll

    Filesize

    1.9MB

    MD5

    31980dfba9e1f25fb243131c3b1ea877

    SHA1

    f5a115bf24ea4c2cf289df74644de9ef2691b611

    SHA256

    87e6ec9896c296786d1baeb2716a8a56036a81cb1bbad34dfdfc138ce3e69099

    SHA512

    902501947ed738eb47b5d64692ab0eac93ce375203f44ce11871602b97ec8391ed7841ce99b0dea7ebe79b610a263bae8979e38acf5d24b9f06b2fb7435e1bdc

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corem.dll

    Filesize

    52KB

    MD5

    71f601f8151e34ef31307ab4e46e902d

    SHA1

    1f3d312e2f4755b7f2decca1dedb91bc795288ea

    SHA256

    deac6221d0abe480012e836e5e9dd915828ae55401f0c46fb7ce8049c380c698

    SHA512

    377e6c9540616cad77cf151a31f6461338910d441a12b26175d8bcc2020eba83f621b0df1756123b58fb4358786fcb6a3e187af11123f100a91255218a616aa9

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\htctl32.dll

    Filesize

    320KB

    MD5

    2d3b207c8a48148296156e5725426c7f

    SHA1

    ad464eb7cf5c19c8a443ab5b590440b32dbc618f

    SHA256

    edfe2b923bfb5d1088de1611401f5c35ece91581e71503a5631647ac51f7d796

    SHA512

    55c791705993b83c9b26a8dbd545d7e149c42ee358ecece638128ee271e85b4fdbfd6fbae61d13533bf39ae752144e2cc2c5edcda955f18c37a785084db0860c

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\msvcr100.dll

    Filesize

    755KB

    MD5

    0e37fbfa79d349d672456923ec5fbbe3

    SHA1

    4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

    SHA256

    8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

    SHA512

    2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicapi.dll

    Filesize

    32KB

    MD5

    dcde2248d19c778a41aa165866dd52d0

    SHA1

    7ec84be84fe23f0b0093b647538737e1f19ebb03

    SHA256

    9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917

    SHA512

    c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcichek.dll

    Filesize

    18KB

    MD5

    a0b9388c5f18e27266a31f8c5765b263

    SHA1

    906f7e94f841d464d4da144f7c858fa2160e36db

    SHA256

    313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a

    SHA512

    6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicl32.dll

    Filesize

    3.6MB

    MD5

    00587238d16012152c2e951a087f2cc9

    SHA1

    c4e27a43075ce993ff6bb033360af386b2fc58ff

    SHA256

    63aa18c32af7144156e7ee2d5ba0fa4f5872a7deb56894f6f96505cbc9afe6f8

    SHA512

    637950a1f78d3f3d02c30a49a16e91cf3dfccc59104041876789bd7fdf9224d187209547766b91404c67319e13d1606da7cec397315495962cbf3e2ccd5f1226

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll

    Filesize

    835KB

    MD5

    b03cf8fe42c2ee29087c799a04c08749

    SHA1

    134af6acb27b3d5b5290fdb2b24802de7bdb6e2e

    SHA256

    b4cc3e7a263e6c40df546724cecac5b916024f74b1ee7b4cc599bc7bf5c0d974

    SHA512

    ac29cc227e796017330d9f35d85dd4b11b60b052ba7a2cf6e691dcc74fc20c888e3dbba365e222fc1d2c0dc7c0d49285d99c0bc047a272d40d7586dc601c55a4

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\postproc-52.dll

    Filesize

    185KB

    MD5

    f75d1b175e1687ee0a9b9e4a7abd123b

    SHA1

    026f4db79aa8db651964acf17233302d1809de1e

    SHA256

    72180a408b13b7d98c0bc2395b886a5c3aa0b2dea39ef081e193f60ef373365f

    SHA512

    200aec20c95b1ec2e7d1bb33ed89d846a128847b82c9d09aa2788b258967e750718414f05bdec0cf2e4f9c7af697404e19caccac354a1a62db52e76c6a45886b

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadGC2.dll

    Filesize

    68KB

    MD5

    6f346d712c867cf942d6b599adb61081

    SHA1

    24d942dfc2d0c7256c50b80204bb30f0d98b887a

    SHA256

    72e6c8dd77fa7e10a7b05ef6c3e21d3f7e4147301b0bf6e416b2d33d4e19a9c3

    SHA512

    1f95a211d5dd3e58d4e2682f6bf2c5380b230e9907e2882097b77b99520cd2c788f43ad2abcce617dd8ded0043e4ef1c8b6e083c44688b23109868e6cdd2364c

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadVC2.dll

    Filesize

    44KB

    MD5

    54aeddc619eed2faeee9533d58f778b9

    SHA1

    ca9d723b87e0c688450b34f2a606c957391fbbf4

    SHA256

    ee15e6e3f82c48461eb638c1ea11019ae9e3e303e067e879115c6272139026e7

    SHA512

    7cec39f32804109b3d502027d1ec42a594c1e4a2d93512195c60bd41aad7e32a8b0eb21a0ee859fecb403ee939eebc4608d9d27a4002b8c282de32f696136506

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swresample-0.dll

    Filesize

    101KB

    MD5

    77bceb240f65c91d26299a334a0cf8e1

    SHA1

    de9d588a25252d9660fe0247508eadfa6f8a7834

    SHA256

    d179c01c646d821cf745ae5e66ffc7ed394a61a595ecc2bccf27dc144ba91a2c

    SHA512

    b380b592c39fd22302fc4a36aa6f773a79253230f0dd73ad129500654dbdf24c5a0b0ae3b2a4ffd762da4f9705a0c8e48ad4372d85cdb6271c5d3f315c82a281

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll

    Filesize

    490KB

    MD5

    2985c39796fb4a5f4357a1a7a134ad45

    SHA1

    305dc537a03e0137a529dc30bfd2fc6c185402a3

    SHA256

    4f17b1ceea162390f64f54a3d13de4bb9e553da1e51ae7061545b7843ddad9ca

    SHA512

    4764dbf01defe417d587adbee16901bf374e0548d4a00f4f977f058dbe00c54712fd25162e1bf1986b55521cc2f005e7ed8e78db15e6cabfddc6b6924ec423b8

  • memory/668-289-0x0000000007100000-0x0000000007259000-memory.dmp

    Filesize

    1.3MB

  • memory/668-275-0x0000000005D50000-0x0000000005D60000-memory.dmp

    Filesize

    64KB

  • memory/668-288-0x0000000007100000-0x0000000007259000-memory.dmp

    Filesize

    1.3MB

  • memory/668-287-0x0000000007100000-0x0000000007259000-memory.dmp

    Filesize

    1.3MB

  • memory/668-286-0x0000000007100000-0x0000000007259000-memory.dmp

    Filesize

    1.3MB

  • memory/668-280-0x0000000007100000-0x0000000007259000-memory.dmp

    Filesize

    1.3MB

  • memory/668-278-0x0000000005FF0000-0x000000000600A000-memory.dmp

    Filesize

    104KB

  • memory/668-291-0x0000000007100000-0x0000000007259000-memory.dmp

    Filesize

    1.3MB

  • memory/668-305-0x0000000072DE0000-0x0000000073C88000-memory.dmp

    Filesize

    14.7MB

  • memory/668-306-0x0000000074770000-0x0000000074A7E000-memory.dmp

    Filesize

    3.1MB

  • memory/668-307-0x0000000073F80000-0x000000007410E000-memory.dmp

    Filesize

    1.6MB

  • memory/668-308-0x0000000072670000-0x000000007282E000-memory.dmp

    Filesize

    1.7MB

  • memory/668-274-0x0000000005D40000-0x0000000005D4B000-memory.dmp

    Filesize

    44KB

  • memory/668-309-0x0000000007B70000-0x0000000007BFB000-memory.dmp

    Filesize

    556KB

  • memory/2220-313-0x0000000071560000-0x0000000071B0B000-memory.dmp

    Filesize

    5.7MB

  • memory/3016-210-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

  • memory/3016-154-0x0000000073F80000-0x000000007410E000-memory.dmp

    Filesize

    1.6MB

  • memory/3016-212-0x00000000062A0000-0x00000000062BB000-memory.dmp

    Filesize

    108KB

  • memory/3016-238-0x0000000007250000-0x00000000073A9000-memory.dmp

    Filesize

    1.3MB

  • memory/3016-239-0x0000000007250000-0x00000000073A9000-memory.dmp

    Filesize

    1.3MB

  • memory/3016-244-0x0000000007250000-0x00000000073A9000-memory.dmp

    Filesize

    1.3MB

  • memory/3016-207-0x0000000007250000-0x00000000073A9000-memory.dmp

    Filesize

    1.3MB

  • memory/3016-145-0x0000000005EE0000-0x0000000005EFA000-memory.dmp

    Filesize

    104KB

  • memory/3016-150-0x0000000072DE0000-0x0000000073C88000-memory.dmp

    Filesize

    14.7MB

  • memory/3016-151-0x0000000074770000-0x0000000074A7E000-memory.dmp

    Filesize

    3.1MB

  • memory/3016-111-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

  • memory/3016-196-0x0000000007250000-0x00000000073A9000-memory.dmp

    Filesize

    1.3MB

  • memory/3016-181-0x0000000074140000-0x00000000741AA000-memory.dmp

    Filesize

    424KB

  • memory/3016-185-0x0000000073CB0000-0x0000000073D3B000-memory.dmp

    Filesize

    556KB

  • memory/3016-184-0x0000000073F40000-0x0000000073F77000-memory.dmp

    Filesize

    220KB

  • memory/3016-182-0x0000000074110000-0x0000000074133000-memory.dmp

    Filesize

    140KB

  • memory/3016-177-0x0000000000400000-0x0000000001554000-memory.dmp

    Filesize

    17.3MB

  • memory/3016-173-0x0000000007250000-0x00000000073A9000-memory.dmp

    Filesize

    1.3MB

  • memory/3016-174-0x0000000007250000-0x00000000073A9000-memory.dmp

    Filesize

    1.3MB

  • memory/3016-172-0x0000000007250000-0x00000000073A9000-memory.dmp

    Filesize

    1.3MB

  • memory/3016-134-0x0000000005AC0000-0x0000000005ACB000-memory.dmp

    Filesize

    44KB

  • memory/3016-140-0x0000000005D60000-0x0000000005D79000-memory.dmp

    Filesize

    100KB

  • memory/3016-137-0x0000000005AD0000-0x0000000005AE0000-memory.dmp

    Filesize

    64KB

  • memory/3016-161-0x0000000007250000-0x00000000073A9000-memory.dmp

    Filesize

    1.3MB

  • memory/3016-160-0x0000000072670000-0x000000007282E000-memory.dmp

    Filesize

    1.7MB