Analysis

  • max time kernel
    155s
  • max time network
    164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-02-2024 01:02

General

  • Target

    474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045.msi

  • Size

    35.2MB

  • MD5

    1414b254f44bba8e17b01983dc22adde

  • SHA1

    a12059b028647968a03d9483815dc5c13bb4b841

  • SHA256

    474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045

  • SHA512

    1ea087707ab1f63af26950714d11376bd284984dca4069ab5adf5e35b766b82c6f65447d770ada792a4d1e334e6f5952c0f917e227f3b318986bea819f33e899

  • SSDEEP

    786432:XotrfQO1b8zWttlyhgMglwI4nFbZ2s7i4iOXmditJf0nnPl1x:4trPozWtPyhXJdi4i7EtW91

Score
10/10

Malware Config

Signatures

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

  • Blocklisted process makes network request 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in Windows directory 8 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 56 IoCs
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3064
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2648
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:2156
      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
        "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
        2⤵
        • Maps connected drives based on registry
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:4872
        • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
          "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:3332
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1256
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
            4⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:4016
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      PID:4276
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x2c8 0x4c8
      1⤵
        PID:1672

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Config.Msi\e581be1.rbs

        Filesize

        15KB

        MD5

        3759dcf9ef56e35ffcbef6fa89b34f2e

        SHA1

        c353ac3a969d1a27e20b0d5ba948e6c35d8e8d65

        SHA256

        a4239c62d3027abf60cf4db181b617d71ce69769680aec3fbc1d9c2136919703

        SHA512

        3cdc83d33ecbf4c14dda121d1c5c22369d464c494bd5ab4b163f90a0149db3e0d3ec93ef675fbcaac0b23df7ef67a1d1e9d4d39f095bca43d66e283bdd07d3c4

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll

        Filesize

        1.6MB

        MD5

        0c6e5ca2f36b29406f68e19634fc66df

        SHA1

        cbfdb21b25516c3a708352bab4ebe2bb9ebc5c14

        SHA256

        ca3caf771b85e4283f85afa3efc047d5e88b68bdd624051073b3359e3554c327

        SHA512

        6489d05d3df967c539b228617da696fdddd92f6b89367d91e24ec4e31eefdc8351fcf4cc59608d770d4c4f3aae23b0909276872cdbe30b0b9155cacdb54d69c3

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll

        Filesize

        1.2MB

        MD5

        7c8e9f0afd0f3ce1d6ed59a9c3cde901

        SHA1

        68315edec882d05de09f1e1942d4ca84a497dcba

        SHA256

        6a2b43665d879eec9b20781fec9d7775e9d92aa151de0b4c2f83f01f7ed7ef2f

        SHA512

        d24c5c0c5b1d187668e4e425f08948a75059f1deb115a225d5a1eef18847724d82db9000239b5c187edcf19c1f4a34872ace2d1e23fea0b9e1f8759d1b703d23

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll

        Filesize

        744KB

        MD5

        dbdb5903c27f3bca64720171078b7429

        SHA1

        c9232c75af45d6dbf04d7b58969d7c2a4cdd9398

        SHA256

        49617860f595f7d29716a4957f21a4c780d75b9429caca8c7aca697c98aa4232

        SHA512

        3915608722c9222b2f93069a8f07d9d31d1884e6eabfafd8aa0cc298df03d0a011bf03556127df38aef4965721ae3e644bba1e05725dac98fcf97cff626e9924

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe

        Filesize

        704KB

        MD5

        87486e2a69c91123a6aeec69b3481b90

        SHA1

        53982fc795c00a5bff19c6a223a3a8cf47831406

        SHA256

        c5f4b4cf3eab65416b9b56818db951d2957a34a0bb5882e83ac94d8d3e40995c

        SHA512

        866553350d5abf58f06123bc3ff3347769b7a683a405bb64a04aa9cc5d8e395fd51b65a78efb08fb263f67226a028159e4e972c0f89c463652aee4f5ca041284

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe

        Filesize

        11.3MB

        MD5

        cbcd3c3dc29a8e47388aa17dd1281258

        SHA1

        4581c75abb73a76fb8c65346a6f0f651ad672df8

        SHA256

        2243647e813bcf3de1277e5b3c6a20c47106d252a3214bb57279cd9d81c30a96

        SHA512

        d3590d76d6868390363d758c9a5b612e8c1753e1219dc8783a58914124c7dc8f82e84699ddc0a73d8b4fc8b16ab87c571f47cc83f8a1fbabfaf6f7ca59c8932e

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Fitness.raw

        Filesize

        707KB

        MD5

        aba81aad8d97d6195b34c4469b884852

        SHA1

        39da62ceb8129b28bd737ed37a76ee4565920589

        SHA256

        b5b4b2227a381b5ad6bc8f71f050845259dc5cd4065da34273fc1978a6849db9

        SHA512

        029bb736106e25d073d71d806643056402b285474d866686e963ac8c91c5c0625dcdaa1d6ead3be99a3c9e55200ece446dd7e04e2d6f2b4a45fc18dda83973fe

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll

        Filesize

        543KB

        MD5

        3e837b82501aa2f90cc774890656d02b

        SHA1

        a62e967c006f6bf77fbe489b01ea30993e55fe5d

        SHA256

        c85ca44b1ff1ad0af0ca3daf5f2302498846f3fdc2f48c6c7262f08280c6f5fc

        SHA512

        a4a55fc0ef6ae87c5c73489993e2dc6e0e36f783de79dd7894966df3ebe13ae8341a5fe15dd0e26c72865b4a936247f34b08342769edd0a94ba2b90164b0d27d

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ImageZoom.dll

        Filesize

        283KB

        MD5

        b01a100820095dc05fdaa0d1c3b5ca14

        SHA1

        70af3c7337248cd4dc8c65d5ba1d18d3fba926b0

        SHA256

        ee7205fa96539f9d9e62f5a403a06004c6c7235b7caee368dcb0db3a765c21ad

        SHA512

        883891959202294edceb3a6360f450182d59e097bb4b0f9fe18b5316c6591aee04d0cd5bf01c1b23d1727b59eeee7c148e56eea2a7436902170993318386933a

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\License.txt

        Filesize

        3KB

        MD5

        cc5d000307075f7c16eb5cf2c8606c8d

        SHA1

        0169dbed302b8a3d142522e6bcb6040609d07232

        SHA256

        66014baaf612e3aa3084b0c9d7fd95041606f6157236ea10e80865e7cee4cab4

        SHA512

        d8cc2a3ae2bda1ad7d07f5ca4645c60d67bbb719ea8c42696e749604205b43fbb8630060924a486fee7f8f38984e53ab9c9016eabf8a548f9eec177d5d8b268e

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest

        Filesize

        524B

        MD5

        6bb5d2aad0ae1b4a82e7ddf7cf58802a

        SHA1

        70f7482f5f5c89ce09e26d745c532a9415cd5313

        SHA256

        9e0220511d4ebdb014cc17ecb8319d57e3b0fea09681a80d8084aa8647196582

        SHA512

        3ea373dacfd3816405f6268ac05886a7dc8709752c6d955ef881b482176f0671bcdc900906fc1ebdc22e9d349f6d5a8423d19e9e7c0e6f9f16b334c68137df2b

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest

        Filesize

        548B

        MD5

        ce3ab3bd3ff80fce88dcb0ea3d48a0c9

        SHA1

        c6ba2c252c6d102911015d0211f6cab48095931c

        SHA256

        f7205c5c0a629d0cc60e30e288e339f08616be67b55757d4a403a2b54e23922b

        SHA512

        211e247ea82458fd68bcc91a6731e9e3630a9d5901f4be4af6099ad15a90caf2826e14846951fdd7d3b199994fd3ac97ca9e325cf0dfeb9474aea9b0d6339dd3

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Player.dll

        Filesize

        84KB

        MD5

        08c68e4121ceeac71745015bf17126cc

        SHA1

        103792ab800377092aabefbf4b94d0a882afdc3c

        SHA256

        e18254dd1e074eb57971d91ab62502611dee96aba1203f2b21810d8d0e761b3a

        SHA512

        d66c9db8a876260f4b86604dd71a52b72dd91d79b7d1da711c45577b0dddbda8e46802f6184c2cd63a202f58cdb04d51da865968b7b203b8c5c2a76a8cfb5bce

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Readme.txt

        Filesize

        1KB

        MD5

        969c656269ca1f8437d76200e7620bcd

        SHA1

        80c6b239567b19e358250c8cbda9f100e6b0c28a

        SHA256

        dad36f230fb9f65767b07006df1f73d04ad55863f17c1d0343771ce6c5e2ccfc

        SHA512

        030ba239643d0d2e68283ec428dbf916021b7e3939d2ad7df4ef7101cf581341e50b7900dd6aed32582df8c66539d0d5032106b9e41a95cf2886a25941f15941

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll

        Filesize

        831KB

        MD5

        90a9c2e3f316705e6fa783d9b83212a3

        SHA1

        93e379d410c6cc74b1ffdfa111459449106651c4

        SHA256

        c141d3f7c5aa1db290c824f32e1d552e3192b2b9970cbc98c40f4e9af97e6f35

        SHA512

        ac1ceef13bd78b6c93be426d5b35209d1a0289abaf3e30ce364fd47ea9f11f94e736302ded4a45d0f2102b7dbcca7949ded794788778a32d8f2932dba4117843

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll

        Filesize

        622KB

        MD5

        8c7af48b328d48a3d77bdfb752d53f75

        SHA1

        e7b14bfa5043c90fcca9ddf13f045612c72edc38

        SHA256

        1530a033a8ff67f1a35570157ff54e75c844e05d9b2d0d13cb3f10d8cd214b45

        SHA512

        a48ba28419c2ee17e49dcb9837cd71a898b6e56634c19c6e133d46afdfde0f0618e406a03c47a696654b891af9efc802961b0e2624a1b41ebb198232f14ec655

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SharpWnd.dll

        Filesize

        281KB

        MD5

        a555f73041756d249093a1d6a6f28448

        SHA1

        bc75a0047342fb157047c19193c02a8149187656

        SHA256

        2ad9292c875cb8b71a437b0da803d07867d2ed8deae4568f2be1f623755d5b60

        SHA512

        cb2166fcf3a73e60fef9b90102f6aba3a913cc0e84ca0a5c4cd43c52d21ad1696040215b302d2a46d61599024679cb2477fdaffedcc88396ae9c7ff1c649c84d

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll

        Filesize

        1.0MB

        MD5

        1cc51620d532c15b3a4ba84a113328bf

        SHA1

        0d1a22b301ad9cb18a82fc1046a64d98c64304ec

        SHA256

        f15bf963da43dc20265bd43a694e1eced126c92df39dbbe396ed7b96f27e0eb5

        SHA512

        8e162573386551fff33f2a13e9d6ebdc50a17feaab38ee3ae3f8cc74f2142b216492a5f9e5e3124eb4f1cc4889a56394d8e3d1ffcc0997d8055e35545e07f3cb

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll

        Filesize

        876KB

        MD5

        002b6bb0bb83fe702f99deb0daa6420d

        SHA1

        6ac0c913f9961b27444d574147cd64a760f21f55

        SHA256

        f0cdfa81f41cbb5dc619299ad7548f567ffb35c73586c12208c88e39b7036928

        SHA512

        f04af10f45715fca2bae099c238ddf7301adbf749fc41aef65879b5a85e5793fe1939123a5495bdd35eba81d747533ad81cc0418c5197c81ce2b14df6249bce1

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll

        Filesize

        1024KB

        MD5

        1a0071702d427a9b124696aa0873c4c1

        SHA1

        3132517036ce36dc3bbdd51121d0ee24973ba928

        SHA256

        cb70db06942f250f56f42918021740efa91e43b3eda500eda3a8051fde66d6a1

        SHA512

        282521701da0735413302ff2f8b4a7dc1767a3425e33a512fa58cffd9cc4afea4ccb0cd856f474ed6d41f7726c522e109774f5dc1d38741a552757d3234a53e9

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll

        Filesize

        714KB

        MD5

        446a4ed2307c91075817d21d48de5841

        SHA1

        dc923247fad4b4ca397277247256f3ac2df142b1

        SHA256

        a850be808a098be21f139585e0809a03f96a13431c9501bf004cadb1d0336af4

        SHA512

        3c333c247184c9b07c1981bbb78937b5c5efe6ba825b7c8040277814da948fa1cbd28de6df05af9191346bcc680846dcf29f6a9541ad6f3863b7236c0e11adf5

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll

        Filesize

        1.1MB

        MD5

        b5a893d0d363e013dbf144b56042d6d4

        SHA1

        b1b837518f73668fcb0375bbf25f80e7accd2a50

        SHA256

        d85b26096b79557d975de3b463088d289a5f0aa5564c5d4416727bc119c93d97

        SHA512

        fc6473da03ea415615be8ac9cb3914719c376d04b8e326c4ee86c52eca1b1f7d12e2f5f13022a356859672423289519cf7338ac14635cbe6d690b5793a366581

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll

        Filesize

        1.0MB

        MD5

        4c846a970700b8b6bb6ede515bc379a9

        SHA1

        3c30739f46094b34357ac27411e2cc1d14e2c26e

        SHA256

        33b5b93206d36105c84e30fb080d643cbfcdd4b2a084952578a21c1afb514929

        SHA512

        7a4d0d492be56007dda825f80b8a7083e76eb2c3d64885f57a227cdd347f7835fa885ca5d21ff032becd3585eaaca5f06675cf52ad236d997734ae4ed4be5c52

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll

        Filesize

        1.1MB

        MD5

        ca2d01c0367373f63419e752bc35b160

        SHA1

        af788baed58d45716d2aadc6007e276bf41e4208

        SHA256

        19ff14ef2e7d59722556b4dc483d1fb386340678234acb78178d2c33e5ef4bcf

        SHA512

        96f05fff8c1e88a30127a7b67a20c1eb1d6e1d651de46b685dcf5e85a61cd9dc927358164c63002c6af1348494102f27d2d828f014beb8fc2c0f5b7153ee8130

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll

        Filesize

        1.2MB

        MD5

        5e44863c4103e1d7c29a9043c208d78c

        SHA1

        df664bc5d56c11fe27a04addd1630352080b0b09

        SHA256

        74d0c361d7375d1773afc4a909092a30a3f58cb207f1e5b991cad2c059937b69

        SHA512

        8877941a83e78d86c250a3d343b91eb188e35c65d8fba1c5d0dadadd6b0bd181182c5908bce1645dd7a9c90a5e37c38a8ea00fcc0d540cae5ac3665e49926a8c

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll

        Filesize

        869KB

        MD5

        3a44ff16930e21d0c0ee90f7d7b08dd3

        SHA1

        aba1324eb8b42ec4860cce0f907540e790afe9bf

        SHA256

        4057b1ab2fff01852b2c829720929e9194ff59602f95da0c4173483edea86361

        SHA512

        96ddbb5687f328d6c8191b9d07a393306e0eb9ae04ba94a73f77fac75f7dde44343b6d792228d9eb871be7c11d17da58cf770521b79b58ded2d64420df3463e4

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avutil-52.dll

        Filesize

        327KB

        MD5

        f832d24b70a2f4583c57a5fa9b6f0d68

        SHA1

        092ce5cb6bfe6eadde62c4cfb911eab2474196f8

        SHA256

        67a0f7d47ceff1407b9c4851032346a9b81a75fee6569274f15d092610f04cdc

        SHA512

        41048c023871b485718ae219f0d79bbe01a0704f8d2107d68ead2262e3f66737718afbb636b02109d1a2b427aab04dd394ef82d8014298fa3fdee0c61bfab185

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\awebform.resources.dll

        Filesize

        232KB

        MD5

        45cdf6f89a44a6657fa3f4bc8765c272

        SHA1

        4ea708ce5d5f849768b8c5495b0696c9e060425d

        SHA256

        63106c7e177d6a758772aa4086b1d172b8e030f390d5444377616246720c488e

        SHA512

        d542971b289169ed368fd2d69e64777b4876f178848343b2ca1a499b5c856bfbdd16c18c39b8f788f8b2ba6cc3f4855630ac450919c06b56e5a5c291779eacf5

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\awebform.resources.dll

        Filesize

        224KB

        MD5

        7d024eaf9d9e7a38900f665aecc531b9

        SHA1

        fb0453e4b81d1e4b5d9bf5ab56dde12ddea43c00

        SHA256

        4cb55b45b6cc5beb7886aa828d1efffe1355d8081c31a20834caff9172ba280d

        SHA512

        f8fa47d9e304a10dcbbe22c034cdd91a3382a49f5f67396f79ff546f509f622fc276047b628930278fef8248d9938a96b114c731fe09076c7c933ed96faff308

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll

        Filesize

        607KB

        MD5

        c52a212ef61694015bc08d54bc9f7097

        SHA1

        9e3da2dce930fea5076663ba11a4ece0322381fa

        SHA256

        b040ba055b899b6d7fa8faf4bcb0333023558fd8fc4d79fcee2a6c2340b07578

        SHA512

        8bca48addb9e20f96793679fc53bcded3c285924d85789d2f67016903b20ec0a2bd07f4ba40d7df7674717a4fa7c54af92a7f7b20dca4bce275cd18ef696988f

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll

        Filesize

        763KB

        MD5

        96a14349ab803fa52c4a0517340634cf

        SHA1

        75fa2782aa24fee96658dce259923d440834f24f

        SHA256

        3e9112234b1f990cb16c4229d08b9ef2f04cc00511d0bc8e31a413e357dfed0f

        SHA512

        1310b54078f5d7d6c4628fa3ed54caabde7408142fab3c312f4168a86b0111ef7a4f4c73e52f8f5ce3fc0771daa8b722a978a21e1b969fbf1e8bad6b0aa83988

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corem.dll

        Filesize

        52KB

        MD5

        71f601f8151e34ef31307ab4e46e902d

        SHA1

        1f3d312e2f4755b7f2decca1dedb91bc795288ea

        SHA256

        deac6221d0abe480012e836e5e9dd915828ae55401f0c46fb7ce8049c380c698

        SHA512

        377e6c9540616cad77cf151a31f6461338910d441a12b26175d8bcc2020eba83f621b0df1756123b58fb4358786fcb6a3e187af11123f100a91255218a616aa9

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corez.dll

        Filesize

        92KB

        MD5

        355f1b97cad97743a8e70dd2803e2f9d

        SHA1

        c7c12bc74483874cbdd39343d149509be355c2d9

        SHA256

        00d4986dfff92cfdd45576da9100d49f374a8dba1a476cfc8dc7cf50f5a6735f

        SHA512

        eb7f8d7b68ab01a95de5aad0023fc4c51c3828138610b488c92ca3ab5c320305f295467972b542c7fe436d08e21ba7926a997702e4383ce5f4cbc674f62479b7

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\htctl32.dll

        Filesize

        164KB

        MD5

        bdae04bb43583744839d656fdb6b0c46

        SHA1

        d03188974b97a1c42f66d6d8601dc69fbf059fae

        SHA256

        cf196050f83a7af23e8f5da72ad10d9539936d6b5eb684c9cd8b93fbce68395e

        SHA512

        629b65147f39ae22ea286585bfa27939acd115c1b6d2e849f1e8ec5e04090725cb8f440fd804f4a00f0964e1a0de812dcc9d581d260d91da9bc395c4258883d4

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\msvcr100.dll

        Filesize

        416KB

        MD5

        ec684c179ba89160c180cbbc795bedb6

        SHA1

        c52350e9807d5a2f0f32fd9ab9325897f07308c4

        SHA256

        799ce2beaf81cbaf677e5f9755162a5d30461dbacedc343255e2f8363b71e021

        SHA512

        9f19a1f9584105a6d2030ea4ec5499f3129024a98be4e2140c5d8308e1edb117d11a7f8d50e2ddafca269531c158998ae85b20f1d3c8d5063c474c647e9f64e4

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\msvcr100.dll

        Filesize

        366KB

        MD5

        f55986f4cd4c675d2bddc5e5c6e1d9d6

        SHA1

        ac2808d5f7f54b96ea9430213384d086bec92ada

        SHA256

        f6fd5a6f4944b6a49eccef6aac1738701fe70c7bdb66d2cc2a4b3f10fe2ccf49

        SHA512

        697995e42ea263041daa7c2c323c32739b1126713df9b8f4c77c055cef36cf51b4c0f55d7e5db9508b3b49430ade76039de18f90d49303a600fb03b67bf3f44d

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\nsm.lic

        Filesize

        257B

        MD5

        7067af414215ee4c50bfcd3ea43c84f0

        SHA1

        c331d410672477844a4ca87f43a14e643c863af9

        SHA256

        2050cc232710a2ea6a207bc78d1eac66a4042f2ee701cdfeee5de3ddcdc31d12

        SHA512

        17b888087192bcea9f56128d0950423b1807e294d1c4f953d1bf0f5bd08e5f8e35afeee584ebf9233bfc44e0723db3661911415798159ac118c8a42aaf0b902f

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicapi.dll

        Filesize

        32KB

        MD5

        dcde2248d19c778a41aa165866dd52d0

        SHA1

        7ec84be84fe23f0b0093b647538737e1f19ebb03

        SHA256

        9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917

        SHA512

        c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcichek.dll

        Filesize

        18KB

        MD5

        a0b9388c5f18e27266a31f8c5765b263

        SHA1

        906f7e94f841d464d4da144f7c858fa2160e36db

        SHA256

        313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a

        SHA512

        6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicl32.dll

        Filesize

        376KB

        MD5

        8f8bf31cc21f2bea82af9ea0cb881c01

        SHA1

        5c6c431faa85c2742ff2efd306dc55b738392dfe

        SHA256

        86b915b86b076488404605da1e6bf43bc7b730e3000dfeca52ff1316de928ae9

        SHA512

        38e83963cea77aaa1e7fc2fc321e5ec487eca2de933076f3d540b8bd394b801dce63891b94e6c2fa0f3bbcfdef42d46341fdd9f5272466e6e3a50a490ed60d98

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll

        Filesize

        608KB

        MD5

        eac7bf8fb5a54164e0c629acfdd3dcd4

        SHA1

        a258b0bea374c6c1e38777b27bf69d13e58609c2

        SHA256

        413bfdf7c856fdbde4a267047ef8fe88af73d1a3066bc5ce53a6e31240035ec6

        SHA512

        bdcedc54812aa93468eb40cffc2ff61dc6ec8c80729c424ab4b79b4bbdb74eb408bffea1f961ebb43573db561c689a415710a73488ca97d0e93af428c970148b

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll

        Filesize

        133KB

        MD5

        a08a7ab131b6a1175ce99729084200cd

        SHA1

        d9a496556c9454735598f518b82f224cbd4cd308

        SHA256

        61870f26cfe8bae984ea1b74bcd4ae76210eaf439f5b8d2932724f369a78f646

        SHA512

        b38e44a9658ad7a2532baccd11273144deffb505c160ed5d505aa12a57c443225c5551c5d937e9e67d8b8ddbc08cb5880c799f5441c46aa405ba8b95e5235c96

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\postproc-52.dll

        Filesize

        185KB

        MD5

        f75d1b175e1687ee0a9b9e4a7abd123b

        SHA1

        026f4db79aa8db651964acf17233302d1809de1e

        SHA256

        72180a408b13b7d98c0bc2395b886a5c3aa0b2dea39ef081e193f60ef373365f

        SHA512

        200aec20c95b1ec2e7d1bb33ed89d846a128847b82c9d09aa2788b258967e750718414f05bdec0cf2e4f9c7af697404e19caccac354a1a62db52e76c6a45886b

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadGC2.dll

        Filesize

        68KB

        MD5

        6f346d712c867cf942d6b599adb61081

        SHA1

        24d942dfc2d0c7256c50b80204bb30f0d98b887a

        SHA256

        72e6c8dd77fa7e10a7b05ef6c3e21d3f7e4147301b0bf6e416b2d33d4e19a9c3

        SHA512

        1f95a211d5dd3e58d4e2682f6bf2c5380b230e9907e2882097b77b99520cd2c788f43ad2abcce617dd8ded0043e4ef1c8b6e083c44688b23109868e6cdd2364c

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadVC2.dll

        Filesize

        44KB

        MD5

        54aeddc619eed2faeee9533d58f778b9

        SHA1

        ca9d723b87e0c688450b34f2a606c957391fbbf4

        SHA256

        ee15e6e3f82c48461eb638c1ea11019ae9e3e303e067e879115c6272139026e7

        SHA512

        7cec39f32804109b3d502027d1ec42a594c1e4a2d93512195c60bd41aad7e32a8b0eb21a0ee859fecb403ee939eebc4608d9d27a4002b8c282de32f696136506

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swresample-0.dll

        Filesize

        101KB

        MD5

        77bceb240f65c91d26299a334a0cf8e1

        SHA1

        de9d588a25252d9660fe0247508eadfa6f8a7834

        SHA256

        d179c01c646d821cf745ae5e66ffc7ed394a61a595ecc2bccf27dc144ba91a2c

        SHA512

        b380b592c39fd22302fc4a36aa6f773a79253230f0dd73ad129500654dbdf24c5a0b0ae3b2a4ffd762da4f9705a0c8e48ad4372d85cdb6271c5d3f315c82a281

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll

        Filesize

        490KB

        MD5

        2985c39796fb4a5f4357a1a7a134ad45

        SHA1

        305dc537a03e0137a529dc30bfd2fc6c185402a3

        SHA256

        4f17b1ceea162390f64f54a3d13de4bb9e553da1e51ae7061545b7843ddad9ca

        SHA512

        4764dbf01defe417d587adbee16901bf374e0548d4a00f4f977f058dbe00c54712fd25162e1bf1986b55521cc2f005e7ed8e78db15e6cabfddc6b6924ec423b8

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\templates\bank.wav

        Filesize

        265KB

        MD5

        ec65ec9068a0d26945b00e23f25f620b

        SHA1

        2747d715e23ddb2bd028e18cddfa08245d016742

        SHA256

        c0feaa7f5f57669433b80d76ddb75eca1073f37d000505c3d9f54bab5a7b8020

        SHA512

        9ee6b13bdd5f9664d3c3b9fe129021a5936120364a4c5fcd80dcff6a6865cb44e128f3cd7c5e887c9cf795f347fa393246518e8f5057946f4bd598fcf063d8f5

      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ubox20ac.ed0.ps1

        Filesize

        60B

        MD5

        d17fe0a3f47be24a6453e9ef58c94641

        SHA1

        6ab83620379fc69f80c0242105ddffd7d98d5d9d

        SHA256

        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

        SHA512

        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      • C:\Windows\Installer\e581be0.msi

        Filesize

        11.6MB

        MD5

        d6f2e938a0685fb5f149031dc39ab725

        SHA1

        5c6a895a1b70e9a94f82f59231e0379c983fed19

        SHA256

        e0241eb5e24ece8398939d05a2b0ed8dc0118f67c55f2f4e65aa2b06c0c2c8d5

        SHA512

        182f01e719fd41fc807c06fbac827d3450c7e2f5864e09400084248a6d7cd3bd958f1b4571c23307ea081278a656aa5dd04ab9a7b3bba1309c613d7dd5aecc72

      • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

        Filesize

        1.0MB

        MD5

        b5a17aec450bd5f1933333edcf2e574c

        SHA1

        7c69d946283907b4afc84f017a88e555f555291c

        SHA256

        34f2d93e245fab5c764799d6faf1ba2fad61330decbe2374f7135bd4aa32f3f2

        SHA512

        cfc34c178158e91d56ea817d163061b80bfba1b67e0ef7d71f9af136dc174a196f406018195a32bca564ddc866f9c223e06c95d13a3cac85f712ba5f40dc6fdd

      • \??\Volume{18122b6c-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{f0ff6695-d9e1-4cfd-b5e1-2f793b9adcb0}_OnDiskSnapshotProp

        Filesize

        6KB

        MD5

        8f0b0c09228270e5e8fe77bd69142a53

        SHA1

        3fbad79cef7d4c0ccabd42755f04bd8c51bdffdd

        SHA256

        a34ec109a5a2fc2ea12eb788512fb4dcf2c5975ef7b6939bb941ac4512de4dfa

        SHA512

        22036ad28728d14f1240052a425d08cbb37411558501d0c01e07de56cf1198acf7fbc9842475df1c2f1731075bdfe3df0d34df21162a72ddb70109faeb218823

      • memory/3332-232-0x0000000074900000-0x000000007498B000-memory.dmp

        Filesize

        556KB

      • memory/3332-227-0x0000000007200000-0x000000000721A000-memory.dmp

        Filesize

        104KB

      • memory/3332-235-0x0000000074800000-0x0000000074837000-memory.dmp

        Filesize

        220KB

      • memory/3332-231-0x0000000074990000-0x0000000074B1E000-memory.dmp

        Filesize

        1.6MB

      • memory/3332-230-0x0000000074B20000-0x0000000074B8A000-memory.dmp

        Filesize

        424KB

      • memory/3332-229-0x0000000073950000-0x00000000747F8000-memory.dmp

        Filesize

        14.7MB

      • memory/3332-228-0x0000000074B90000-0x0000000074E9E000-memory.dmp

        Filesize

        3.1MB

      • memory/3332-226-0x0000000000400000-0x0000000001554000-memory.dmp

        Filesize

        17.3MB

      • memory/3332-337-0x0000000001810000-0x0000000001811000-memory.dmp

        Filesize

        4KB

      • memory/3332-233-0x00000000748D0000-0x00000000748F3000-memory.dmp

        Filesize

        140KB

      • memory/3332-223-0x0000000006E70000-0x0000000006E7B000-memory.dmp

        Filesize

        44KB

      • memory/3332-342-0x0000000009250000-0x00000000092DB000-memory.dmp

        Filesize

        556KB

      • memory/3332-343-0x0000000003DD0000-0x0000000003DD1000-memory.dmp

        Filesize

        4KB

      • memory/3332-224-0x0000000006C70000-0x0000000006C80000-memory.dmp

        Filesize

        64KB

      • memory/3332-225-0x0000000006F80000-0x0000000006F99000-memory.dmp

        Filesize

        100KB

      • memory/3332-345-0x0000000072740000-0x00000000728FE000-memory.dmp

        Filesize

        1.7MB

      • memory/3332-360-0x0000000009250000-0x00000000092DB000-memory.dmp

        Filesize

        556KB

      • memory/4016-340-0x0000000070D20000-0x00000000714D0000-memory.dmp

        Filesize

        7.7MB

      • memory/4016-371-0x000000006D500000-0x000000006D54C000-memory.dmp

        Filesize

        304KB

      • memory/4016-394-0x0000000070D20000-0x00000000714D0000-memory.dmp

        Filesize

        7.7MB

      • memory/4016-391-0x0000000007E30000-0x0000000007E38000-memory.dmp

        Filesize

        32KB

      • memory/4016-390-0x0000000007E40000-0x0000000007E5A000-memory.dmp

        Filesize

        104KB

      • memory/4016-389-0x0000000007D50000-0x0000000007D64000-memory.dmp

        Filesize

        80KB

      • memory/4016-388-0x0000000007D40000-0x0000000007D4E000-memory.dmp

        Filesize

        56KB

      • memory/4016-387-0x0000000007D10000-0x0000000007D21000-memory.dmp

        Filesize

        68KB

      • memory/4016-386-0x0000000007D80000-0x0000000007E16000-memory.dmp

        Filesize

        600KB

      • memory/4016-385-0x0000000007B90000-0x0000000007B9A000-memory.dmp

        Filesize

        40KB

      • memory/4016-384-0x0000000007A50000-0x0000000007A6A000-memory.dmp

        Filesize

        104KB

      • memory/4016-383-0x00000000081D0000-0x000000000884A000-memory.dmp

        Filesize

        6.5MB

      • memory/4016-382-0x0000000007AA0000-0x0000000007B43000-memory.dmp

        Filesize

        652KB

      • memory/4016-381-0x0000000006DB0000-0x0000000006DCE000-memory.dmp

        Filesize

        120KB

      • memory/4016-369-0x00000000079D0000-0x0000000007A02000-memory.dmp

        Filesize

        200KB

      • memory/4016-370-0x000000007F5B0000-0x000000007F5C0000-memory.dmp

        Filesize

        64KB

      • memory/4016-368-0x0000000005430000-0x0000000005440000-memory.dmp

        Filesize

        64KB

      • memory/4016-344-0x0000000005430000-0x0000000005440000-memory.dmp

        Filesize

        64KB

      • memory/4016-341-0x0000000005430000-0x0000000005440000-memory.dmp

        Filesize

        64KB

      • memory/4016-339-0x0000000006840000-0x000000000688C000-memory.dmp

        Filesize

        304KB

      • memory/4016-338-0x0000000006800000-0x000000000681E000-memory.dmp

        Filesize

        120KB

      • memory/4016-297-0x0000000003200000-0x0000000003236000-memory.dmp

        Filesize

        216KB

      • memory/4016-303-0x0000000005A70000-0x0000000006098000-memory.dmp

        Filesize

        6.2MB

      • memory/4016-308-0x0000000005730000-0x0000000005752000-memory.dmp

        Filesize

        136KB

      • memory/4016-311-0x0000000006140000-0x00000000061A6000-memory.dmp

        Filesize

        408KB

      • memory/4016-326-0x0000000006320000-0x0000000006674000-memory.dmp

        Filesize

        3.3MB

      • memory/4016-318-0x00000000061B0000-0x0000000006216000-memory.dmp

        Filesize

        408KB

      • memory/4872-137-0x0000000074B20000-0x0000000074B8A000-memory.dmp

        Filesize

        424KB

      • memory/4872-200-0x0000000006820000-0x0000000006979000-memory.dmp

        Filesize

        1.3MB

      • memory/4872-129-0x0000000006820000-0x0000000006979000-memory.dmp

        Filesize

        1.3MB

      • memory/4872-130-0x0000000006820000-0x0000000006979000-memory.dmp

        Filesize

        1.3MB

      • memory/4872-109-0x0000000073950000-0x00000000747F8000-memory.dmp

        Filesize

        14.7MB

      • memory/4872-138-0x0000000074900000-0x000000007498B000-memory.dmp

        Filesize

        556KB

      • memory/4872-115-0x0000000074B90000-0x0000000074E9E000-memory.dmp

        Filesize

        3.1MB

      • memory/4872-118-0x0000000072740000-0x00000000728FE000-memory.dmp

        Filesize

        1.7MB

      • memory/4872-142-0x0000000074800000-0x0000000074837000-memory.dmp

        Filesize

        220KB

      • memory/4872-117-0x0000000006820000-0x0000000006979000-memory.dmp

        Filesize

        1.3MB

      • memory/4872-116-0x0000000074990000-0x0000000074B1E000-memory.dmp

        Filesize

        1.6MB

      • memory/4872-139-0x00000000748D0000-0x00000000748F3000-memory.dmp

        Filesize

        140KB

      • memory/4872-131-0x0000000006820000-0x0000000006979000-memory.dmp

        Filesize

        1.3MB

      • memory/4872-102-0x00000000071F0000-0x000000000720A000-memory.dmp

        Filesize

        104KB

      • memory/4872-170-0x0000000007950000-0x000000000796B000-memory.dmp

        Filesize

        108KB

      • memory/4872-154-0x0000000006820000-0x0000000006979000-memory.dmp

        Filesize

        1.3MB

      • memory/4872-98-0x0000000006F60000-0x0000000006F70000-memory.dmp

        Filesize

        64KB

      • memory/4872-97-0x0000000006F70000-0x0000000006F89000-memory.dmp

        Filesize

        100KB

      • memory/4872-62-0x00000000016A0000-0x00000000016A1000-memory.dmp

        Filesize

        4KB

      • memory/4872-94-0x0000000006DE0000-0x0000000006DEB000-memory.dmp

        Filesize

        44KB

      • memory/4872-167-0x0000000006820000-0x0000000006979000-memory.dmp

        Filesize

        1.3MB

      • memory/4872-135-0x0000000000400000-0x0000000001554000-memory.dmp

        Filesize

        17.3MB

      • memory/4872-209-0x0000000006820000-0x0000000006979000-memory.dmp

        Filesize

        1.3MB

      • memory/4872-204-0x0000000006820000-0x0000000006979000-memory.dmp

        Filesize

        1.3MB

      • memory/4872-203-0x0000000006820000-0x0000000006979000-memory.dmp

        Filesize

        1.3MB

      • memory/4872-197-0x0000000006820000-0x0000000006979000-memory.dmp

        Filesize

        1.3MB

      • memory/4872-194-0x00000000016A0000-0x00000000016A1000-memory.dmp

        Filesize

        4KB