Overview

overview

10

Static

static

1

474fbd180a...45.msi

windows7-x64

10

474fbd180a...45.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    01-12-2024 14:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045.msi

  • Size

    35.2MB

  • MD5

    1414b254f44bba8e17b01983dc22adde

  • SHA1

    a12059b028647968a03d9483815dc5c13bb4b841

  • SHA256

    474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045

  • SHA512

    1ea087707ab1f63af26950714d11376bd284984dca4069ab5adf5e35b766b82c6f65447d770ada792a4d1e334e6f5952c0f917e227f3b318986bea819f33e899

  • SSDEEP

    786432:XotrfQO1b8zWttlyhgMglwI4nFbZ2s7i4iOXmditJf0nnPl1x:4trPozWtPyhXJdi4i7EtW91

Score
10/10
netsupportdiscoveryevasionexecutionpersistenceprivilege_escalationrat

Malware Config

Signatures

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport
  • Netsupport family
    netsupport
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Blocklisted process makes network request 3 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Modifies Windows Firewall 2 TTPs 2 IoCs
    evasion
  • Drops file in Windows directory 10 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 45 IoCs
  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 43 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2408
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2940
    • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
      "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
      2⤵
      • Adds Run key to start application
      • Maps connected drives based on registry
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2788
      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
        "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2904
      • C:\Windows\SysWOW64\netsh.exe
        netsh advfirewall firewall add rule name="CPPlayer In Service" dir=in action=allow program="C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe" enable=yes
        3⤵
        • Modifies Windows Firewall
        • Event Triggered Execution: Netsh Helper DLL
        • System Location Discovery: System Language Discovery
        PID:764
      • C:\Windows\SysWOW64\netsh.exe
        netsh advfirewall firewall add rule name="CPPlayer Out Service" dir=out action=allow program="C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe" enable=yes
        3⤵
        • Modifies Windows Firewall
        • Event Triggered Execution: Netsh Helper DLL
        • System Location Discovery: System Language Discovery
        PID:1776
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1544
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          PID:2744
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1156
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "0000000000000060" "0000000000000490"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:2500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

2
T1546

Installer Packages

1
T1546.016

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

2
T1546

Installer Packages

1
T1546.016

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

System Binary Proxy Execution

1
T1218

Msiexec

1
T1218.007

Credential Access

Discovery

Peripheral Device Discovery

2
T1120

Query Registry

2
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\f76e3fb.rbs
    Filesize

    14KB

    MD5

    cbc9c12816a3e100a5940c0d60685548

    SHA1

    ce8c33a7bb59de8e8accf8da9b0ba4c7c4e1b21d

    SHA256

    104432830a167dd87cfde249b435e5d26ac2e1d73a54d92c56946ed51471126f

    SHA512

    4ab8c72361c382b02f246ee3635ba363e3730e38a99a19ddc4c985da35f2ec661056c3481b2e95c6ba77ba176dfb71486f086a8e6e9963a03230d0ee3ca82229

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    094e7e85a74d3bdf91161cd7b934b8f9

    SHA1

    ba2e12214976cbc6d55a068bc71c474a133b854d

    SHA256

    cc47ed210cd238579ed0e4ee05a6576d579c620616b5ca022a97995c797132a8

    SHA512

    dea89bf3749a30a601c52759edc5d4dea75f9b66629542052f0e1782759b61b2771b2169edb0bad5fc4c2764603e757925f9d88cb86eeddc629d3bc28e6c50e8

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
    Filesize

    17.3MB

    MD5

    b39fb3cf854f8628c2f38298e0965687

    SHA1

    5931c9f88231e2cbb86010224a4d8604809e7fc7

    SHA256

    fa203e315d9cf5190da708dea03ff34c1df172c992df671aa3db2f5513a70d76

    SHA512

    133c98145e4bc2012198593bfe23c0b3b965a69e3bec7eab4718832daf9013cbe96f040acd64ea0b1d46631ef96c1f779b7f0d5b1b5ca32c14b20c5b8995c2b2

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Fitness.raw
    Filesize

    5.8MB

    MD5

    67565ca5e464eb4cf970fcff3d73d28a

    SHA1

    9ad642857222691f9e532727233d42a2ffa98330

    SHA256

    f8f5766d57653559927075c6328e613ea292a4da0e185feafbe3d353ef9cb27b

    SHA512

    7123d2177ec3250c85870f4ab51799ae506ad711528c298963396d5b90d93260bbeacc085b4d7a93c640a35b0d2de3873e72a8f23f75ada3378fe7ab34cc422c

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\License.txt
    Filesize

    3KB

    MD5

    cc5d000307075f7c16eb5cf2c8606c8d

    SHA1

    0169dbed302b8a3d142522e6bcb6040609d07232

    SHA256

    66014baaf612e3aa3084b0c9d7fd95041606f6157236ea10e80865e7cee4cab4

    SHA512

    d8cc2a3ae2bda1ad7d07f5ca4645c60d67bbb719ea8c42696e749604205b43fbb8630060924a486fee7f8f38984e53ab9c9016eabf8a548f9eec177d5d8b268e

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
    Filesize

    524B

    MD5

    6bb5d2aad0ae1b4a82e7ddf7cf58802a

    SHA1

    70f7482f5f5c89ce09e26d745c532a9415cd5313

    SHA256

    9e0220511d4ebdb014cc17ecb8319d57e3b0fea09681a80d8084aa8647196582

    SHA512

    3ea373dacfd3816405f6268ac05886a7dc8709752c6d955ef881b482176f0671bcdc900906fc1ebdc22e9d349f6d5a8423d19e9e7c0e6f9f16b334c68137df2b

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest
    Filesize

    548B

    MD5

    ce3ab3bd3ff80fce88dcb0ea3d48a0c9

    SHA1

    c6ba2c252c6d102911015d0211f6cab48095931c

    SHA256

    f7205c5c0a629d0cc60e30e288e339f08616be67b55757d4a403a2b54e23922b

    SHA512

    211e247ea82458fd68bcc91a6731e9e3630a9d5901f4be4af6099ad15a90caf2826e14846951fdd7d3b199994fd3ac97ca9e325cf0dfeb9474aea9b0d6339dd3

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Readme.txt
    Filesize

    1KB

    MD5

    969c656269ca1f8437d76200e7620bcd

    SHA1

    80c6b239567b19e358250c8cbda9f100e6b0c28a

    SHA256

    dad36f230fb9f65767b07006df1f73d04ad55863f17c1d0343771ce6c5e2ccfc

    SHA512

    030ba239643d0d2e68283ec428dbf916021b7e3939d2ad7df4ef7101cf581341e50b7900dd6aed32582df8c66539d0d5032106b9e41a95cf2886a25941f15941

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\awebform.resources.dll
    Filesize

    481KB

    MD5

    0e77bfad6b92733c3296a04719375901

    SHA1

    982674869e2e76ee10937e946aad828ebea818ff

    SHA256

    87810c5d06310b6e61398314300646a0582fad7a99dba8368a06c886a59a38af

    SHA512

    391f6558d5b3241b1e1490763c80633b288e0b8a770815116530b352fb81ab7d18784d9103669c903e6b5b501cb8a062517dc599609bb269b86bf16cb8e8e7bf

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\nsm.lic
    Filesize

    257B

    MD5

    7067af414215ee4c50bfcd3ea43c84f0

    SHA1

    c331d410672477844a4ca87f43a14e643c863af9

    SHA256

    2050cc232710a2ea6a207bc78d1eac66a4042f2ee701cdfeee5de3ddcdc31d12

    SHA512

    17b888087192bcea9f56128d0950423b1807e294d1c4f953d1bf0f5bd08e5f8e35afeee584ebf9233bfc44e0723db3661911415798159ac118c8a42aaf0b902f

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll
    Filesize

    1.7MB

    MD5

    3f7663206ef2069d0cc16cc1e813d7aa

    SHA1

    2ef1cc5457cb36b4e50de36a9a86b8c7ddf02092

    SHA256

    7896a7429e431a74eb43be3a235dfd1d6625e8634f6ad247c2eb13e8d3d298ff

    SHA512

    2e9f33bb0f776168e600d90a1fea188bc30d587e140b0cb2479384b347aa034152f242ff61e26f8e3fccaf473a2e940641e3db16570dfb1c15b5bc80f8593e34

    Download Submit

  • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\templates\bank.wav
    Filesize

    4.0MB

    MD5

    a60d3072a719260abb73a4011ff30642

    SHA1

    cfbf6fac5fdedd793c902b31359c7c94d8e85b52

    SHA256

    523e7e3cc6be48a5f8ac28517a68557ce7d051d047c84d868a00e21ca600c1c8

    SHA512

    425d425e78829b98476fe72b82204423aa52b64b7a0aca92550b371291e557118b3445c28d5494980539e894e1126380dd837eebcaaedfffddd36aaddaf717b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC1AC.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC299.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\Installer\f76e3f9.msi
    Filesize

    35.2MB

    MD5

    1414b254f44bba8e17b01983dc22adde

    SHA1

    a12059b028647968a03d9483815dc5c13bb4b841

    SHA256

    474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045

    SHA512

    1ea087707ab1f63af26950714d11376bd284984dca4069ab5adf5e35b766b82c6f65447d770ada792a4d1e334e6f5952c0f917e227f3b318986bea819f33e899

    Download Submit

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll
    Filesize

    3.2MB

    MD5

    00098438ab2cc364ce45d98902fb2b2a

    SHA1

    2a88a24a659f9a7962a4b6602b96d12249d2c790

    SHA256

    bffea8bdb7811b3d52473c07ef2c539dcac00df6bce60c7cafebf8c7beefa52b

    SHA512

    ca430ad171f53bbf3e7d670a9ba2961e3a0777abb640fa64cb722a1eb434f4c86bb71e2b3f6be9f1e3081e13a21fb38fb491a53134e9ac84f71c5fec237abf5b

    Download Submit

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll
    Filesize

    543KB

    MD5

    3e837b82501aa2f90cc774890656d02b

    SHA1

    a62e967c006f6bf77fbe489b01ea30993e55fe5d

    SHA256

    c85ca44b1ff1ad0af0ca3daf5f2302498846f3fdc2f48c6c7262f08280c6f5fc

    SHA512

    a4a55fc0ef6ae87c5c73489993e2dc6e0e36f783de79dd7894966df3ebe13ae8341a5fe15dd0e26c72865b4a936247f34b08342769edd0a94ba2b90164b0d27d

    Download Submit

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ImageZoom.dll
    Filesize

    283KB

    MD5

    b01a100820095dc05fdaa0d1c3b5ca14

    SHA1

    70af3c7337248cd4dc8c65d5ba1d18d3fba926b0

    SHA256

    ee7205fa96539f9d9e62f5a403a06004c6c7235b7caee368dcb0db3a765c21ad

    SHA512

    883891959202294edceb3a6360f450182d59e097bb4b0f9fe18b5316c6591aee04d0cd5bf01c1b23d1727b59eeee7c148e56eea2a7436902170993318386933a

    Download Submit

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Player.dll
    Filesize

    84KB

    MD5

    08c68e4121ceeac71745015bf17126cc

    SHA1

    103792ab800377092aabefbf4b94d0a882afdc3c

    SHA256

    e18254dd1e074eb57971d91ab62502611dee96aba1203f2b21810d8d0e761b3a

    SHA512

    d66c9db8a876260f4b86604dd71a52b72dd91d79b7d1da711c45577b0dddbda8e46802f6184c2cd63a202f58cdb04d51da865968b7b203b8c5c2a76a8cfb5bce

    Download Submit

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll
    Filesize

    1.2MB

    MD5

    71e603e402afd0fdba84a781c9934446

    SHA1

    b3a529f7e470e478a77404846d17c1ad2ff017cb

    SHA256

    5ff3186465a347ce8a13991fdb659f77ee21ae5dc9813b9fb2aadafda8a86491

    SHA512

    45aba98b564e4c18bc8fccb71ad4cf1f03770a916c074c1cbf8546f1385dba6e041c67fd870f792a5eec233b8d19bbbe4c4d047015266ac5c060caf037af9c28

    Download Submit

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SharpWnd.dll
    Filesize

    281KB

    MD5

    a555f73041756d249093a1d6a6f28448

    SHA1

    bc75a0047342fb157047c19193c02a8149187656

    SHA256

    2ad9292c875cb8b71a437b0da803d07867d2ed8deae4568f2be1f623755d5b60

    SHA512

    cb2166fcf3a73e60fef9b90102f6aba3a913cc0e84ca0a5c4cd43c52d21ad1696040215b302d2a46d61599024679cb2477fdaffedcc88396ae9c7ff1c649c84d

    Download Submit

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll
    Filesize

    9.3MB

    MD5

    54b0221dc97992b5170cac659aa60ae6

    SHA1

    8a0df459f134cee59cc442c3d98386fc2f6a532c

    SHA256

    b66dadc8e64a0179e7af465800092937ecb020dba8f0b12efe7001d004b9ca7b

    SHA512

    cecea736365373a5ebfecf18e2fd4d8a0052cb14e31247461cac99d8b0d50c50139fb610e68553379aba3e6839cb314b02b4c84e2313f44758d864066078f464

    Download Submit

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll
    Filesize

    1.5MB

    MD5

    6b007bedabaa20fb6d445bc62f1091d3

    SHA1

    d3905661051c4415ac92bd5492100a5f2df6f659

    SHA256

    bfc20232c4ecf4aece403d005624c82a64a2d54d5d84720341dc6d45b3522ba5

    SHA512

    7b0cb0959434437f31ab3e6df721be412de003979f19a66d3855ee4c87fe8a79d5cc4b42e6cf453be9289575854d2176d2bfff88a9308f5ab9f0895c0a899cfa

    Download Submit

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll
    Filesize

    3.0MB

    MD5

    fb9763ac3b3f51551b4a77e833c395fb

    SHA1

    9a3f8e9225f214b31b4e703fe428b0537a7cac63

    SHA256

    c0fb1896ee5838e9f8bd1e4495367baffa0e71aa2d3785944d5b470f29aec53a

    SHA512

    6eecdf0d290e259fcb1c8aa9da5f3ca32f760c9039b84b11f40b63b39b1119152bde54d2c6e1c7d0a1af9f64c6a340501f934000a2f3e232612f525dd9b0c7fd

    Download Submit

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avutil-52.dll
    Filesize

    327KB

    MD5

    f832d24b70a2f4583c57a5fa9b6f0d68

    SHA1

    092ce5cb6bfe6eadde62c4cfb911eab2474196f8

    SHA256

    67a0f7d47ceff1407b9c4851032346a9b81a75fee6569274f15d092610f04cdc

    SHA512

    41048c023871b485718ae219f0d79bbe01a0704f8d2107d68ead2262e3f66737718afbb636b02109d1a2b427aab04dd394ef82d8014298fa3fdee0c61bfab185

    Download Submit

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll
    Filesize

    3.2MB

    MD5

    bfcb8be288b3b1535c878fac14033351

    SHA1

    9a2af6064e694f7d58f078a9e52e24e0a9448de9

    SHA256

    0c1310f92e0bd207d6c2b1e7d45d527038612849d94a1f97ce0290fb4916a711

    SHA512

    e9c0a86f25118af21f3227c17f8d803f4623221481cf9ab5b8c7c9929681044ae0955df1b4d8c0cc004f71a3c74c56c2fea888e25ae5f9ce0fa0124eead5ffc5

    Download Submit

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corem.dll
    Filesize

    52KB

    MD5

    71f601f8151e34ef31307ab4e46e902d

    SHA1

    1f3d312e2f4755b7f2decca1dedb91bc795288ea

    SHA256

    deac6221d0abe480012e836e5e9dd915828ae55401f0c46fb7ce8049c380c698

    SHA512

    377e6c9540616cad77cf151a31f6461338910d441a12b26175d8bcc2020eba83f621b0df1756123b58fb4358786fcb6a3e187af11123f100a91255218a616aa9

    Download Submit

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corez.dll
    Filesize

    92KB

    MD5

    355f1b97cad97743a8e70dd2803e2f9d

    SHA1

    c7c12bc74483874cbdd39343d149509be355c2d9

    SHA256

    00d4986dfff92cfdd45576da9100d49f374a8dba1a476cfc8dc7cf50f5a6735f

    SHA512

    eb7f8d7b68ab01a95de5aad0023fc4c51c3828138610b488c92ca3ab5c320305f295467972b542c7fe436d08e21ba7926a997702e4383ce5f4cbc674f62479b7

    Download Submit

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\htctl32.dll
    Filesize

    320KB

    MD5

    2d3b207c8a48148296156e5725426c7f

    SHA1

    ad464eb7cf5c19c8a443ab5b590440b32dbc618f

    SHA256

    edfe2b923bfb5d1088de1611401f5c35ece91581e71503a5631647ac51f7d796

    SHA512

    55c791705993b83c9b26a8dbd545d7e149c42ee358ecece638128ee271e85b4fdbfd6fbae61d13533bf39ae752144e2cc2c5edcda955f18c37a785084db0860c

    Download Submit

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\msvcr100.dll
    Filesize

    755KB

    MD5

    0e37fbfa79d349d672456923ec5fbbe3

    SHA1

    4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

    SHA256

    8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

    SHA512

    2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

    Download Submit

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicapi.dll
    Filesize

    32KB

    MD5

    dcde2248d19c778a41aa165866dd52d0

    SHA1

    7ec84be84fe23f0b0093b647538737e1f19ebb03

    SHA256

    9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917

    SHA512

    c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166

    Download Submit

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcichek.dll
    Filesize

    18KB

    MD5

    a0b9388c5f18e27266a31f8c5765b263

    SHA1

    906f7e94f841d464d4da144f7c858fa2160e36db

    SHA256

    313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a

    SHA512

    6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd

    Download Submit

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pcicl32.dll
    Filesize

    3.6MB

    MD5

    00587238d16012152c2e951a087f2cc9

    SHA1

    c4e27a43075ce993ff6bb033360af386b2fc58ff

    SHA256

    63aa18c32af7144156e7ee2d5ba0fa4f5872a7deb56894f6f96505cbc9afe6f8

    SHA512

    637950a1f78d3f3d02c30a49a16e91cf3dfccc59104041876789bd7fdf9224d187209547766b91404c67319e13d1606da7cec397315495962cbf3e2ccd5f1226

    Download Submit

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\postproc-52.dll
    Filesize

    185KB

    MD5

    f75d1b175e1687ee0a9b9e4a7abd123b

    SHA1

    026f4db79aa8db651964acf17233302d1809de1e

    SHA256

    72180a408b13b7d98c0bc2395b886a5c3aa0b2dea39ef081e193f60ef373365f

    SHA512

    200aec20c95b1ec2e7d1bb33ed89d846a128847b82c9d09aa2788b258967e750718414f05bdec0cf2e4f9c7af697404e19caccac354a1a62db52e76c6a45886b

    Download Submit

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadGC2.dll
    Filesize

    68KB

    MD5

    6f346d712c867cf942d6b599adb61081

    SHA1

    24d942dfc2d0c7256c50b80204bb30f0d98b887a

    SHA256

    72e6c8dd77fa7e10a7b05ef6c3e21d3f7e4147301b0bf6e416b2d33d4e19a9c3

    SHA512

    1f95a211d5dd3e58d4e2682f6bf2c5380b230e9907e2882097b77b99520cd2c788f43ad2abcce617dd8ded0043e4ef1c8b6e083c44688b23109868e6cdd2364c

    Download Submit

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadVC2.dll
    Filesize

    44KB

    MD5

    54aeddc619eed2faeee9533d58f778b9

    SHA1

    ca9d723b87e0c688450b34f2a606c957391fbbf4

    SHA256

    ee15e6e3f82c48461eb638c1ea11019ae9e3e303e067e879115c6272139026e7

    SHA512

    7cec39f32804109b3d502027d1ec42a594c1e4a2d93512195c60bd41aad7e32a8b0eb21a0ee859fecb403ee939eebc4608d9d27a4002b8c282de32f696136506

    Download Submit

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swresample-0.dll
    Filesize

    101KB

    MD5

    77bceb240f65c91d26299a334a0cf8e1

    SHA1

    de9d588a25252d9660fe0247508eadfa6f8a7834

    SHA256

    d179c01c646d821cf745ae5e66ffc7ed394a61a595ecc2bccf27dc144ba91a2c

    SHA512

    b380b592c39fd22302fc4a36aa6f773a79253230f0dd73ad129500654dbdf24c5a0b0ae3b2a4ffd762da4f9705a0c8e48ad4372d85cdb6271c5d3f315c82a281

    Download Submit

  • \Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll
    Filesize

    490KB

    MD5

    2985c39796fb4a5f4357a1a7a134ad45

    SHA1

    305dc537a03e0137a529dc30bfd2fc6c185402a3

    SHA256

    4f17b1ceea162390f64f54a3d13de4bb9e553da1e51ae7061545b7843ddad9ca

    SHA512

    4764dbf01defe417d587adbee16901bf374e0548d4a00f4f977f058dbe00c54712fd25162e1bf1986b55521cc2f005e7ed8e78db15e6cabfddc6b6924ec423b8

    Download Submit

  • memory/2788-170-0x0000000074000000-0x000000007430E000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2788-232-0x00000000074D0000-0x0000000007629000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2788-176-0x00000000737D0000-0x0000000073807000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2788-175-0x0000000073810000-0x000000007399E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2788-174-0x00000000739A0000-0x00000000739C3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2788-172-0x0000000072670000-0x0000000073518000-memory.dmp

    Filesize

    14.7MB

    Download

  • memory/2788-187-0x00000000074D0000-0x0000000007629000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2788-173-0x00000000739D0000-0x0000000073A3A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2788-164-0x00000000074D0000-0x0000000007629000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2788-166-0x00000000074D0000-0x0000000007629000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2788-154-0x00000000074D0000-0x0000000007629000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2788-198-0x00000000074D0000-0x0000000007629000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2788-153-0x0000000071EE0000-0x000000007209E000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2788-141-0x00000000063C0000-0x00000000063DA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2788-225-0x00000000074D0000-0x0000000007629000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2788-169-0x0000000000400000-0x0000000001554000-memory.dmp

    Filesize

    17.3MB

    Download

  • memory/2788-230-0x00000000074D0000-0x0000000007629000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2788-333-0x0000000071EE0000-0x000000007209E000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2904-267-0x0000000073810000-0x000000007399E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2904-247-0x0000000071EE0000-0x000000007209E000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2904-253-0x0000000007580000-0x00000000076D9000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2904-255-0x0000000007580000-0x00000000076D9000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2904-256-0x0000000007580000-0x00000000076D9000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2904-262-0x0000000074000000-0x000000007430E000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2904-248-0x0000000007580000-0x00000000076D9000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2904-264-0x0000000072670000-0x0000000073518000-memory.dmp

    Filesize

    14.7MB

    Download

  • memory/2904-266-0x00000000739A0000-0x00000000739C3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2904-261-0x0000000000400000-0x0000000001554000-memory.dmp

    Filesize

    17.3MB

    Download

  • memory/2904-268-0x00000000737D0000-0x0000000073807000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2904-265-0x00000000739D0000-0x0000000073A3A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2904-269-0x0000000071EE0000-0x000000007209E000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2904-246-0x00000000063B0000-0x00000000063CA000-memory.dmp

    Filesize

    104KB

    Download